Principal Incident Response Analyst - 90406800 - Remote

Location:Washington, DC, US, 20002Company:AmtrakYour success is a train ride away!As we move America's workforce toward the future, Amtrak connects businesses and communities across the country. We employ more than 20,000 diverse, energetic professionals in a variety of career fields throughout the United States. The safety of our passengers, employees, the public and our operating environment is our priority, and the success of our railroad is due to our employees.Our values of "Do the Right Thing, Excel Together and Put Customers First" are at the heart of what matters most to us, and our Core Capabilities, "Building Trust, Accountability, Effective Communication, Customer Focus, and Proactive Safety & Security" are what every employee needs to know and do to be most impactful at Amtrak.Principal Cyber Threat Incident Response Analyst Role Overview:The Principal Cyber Threat Incident Response Analyst plays a critical role within the Amtrak Cyber Fusion Center. In this role, you support a digital forensic cyber incident response team to effectively respond to and recover from cybersecurity incidents. You will execute the cyber incident response plan, response playbooks, and ensure timely resolution of security breaches.Essential FunctionsProvide industry‐leading cyber incident response supporting the Cyber Fusion Center mission to detect and respond to threats and reduce overall business risk before, during, and after an incident.Resolve security incidents quickly, effectively and at scale with complete incident response including investigation, containment, effective remediation, and crisis management.Navigate critical and high‐profile incidents, performing digital forensic and incident response analysis with support from threat hunting and malware triage analysts.Support Amtrak‐wide cyber incident response engagements, examine cloud, endpoint, and network‐based sources of evidence.Recognize and codify attacker Tools, Tactics, and Procedures (TTPs) and Indicators of Compromise (IOCs) that can be applied to current and future investigations.Perform both IT and OT Network analysis and forensics.Handle malware and malicious code reverse engineering, malware analysis, memory analysis, fileless malware analysis and nation‐state actor malware investigations.Build scripts, tools, or methodologies to enhance Amtrak's incident investigation processes.Conduct host forensics, network forensics, log analysis, and malware triage in support of incident response investigations.Support cyber incident exercises, tabletop and cyber incident management response teams with business leaders, stakeholders, and cross‐functional teams.Coordinate crisis management, emergency management, incident response, legal and OIG teams to conduct and coordinate on cyber incident response activities.Preferred knowledge and familiarity with Operational Technology (OT), Industrial Control Systems (ICS) or Supervisory Control and Data Acquisition (SCADA) systems though not required.Cybersecurity certifications, courses, or hands‐on experience with:Advanced Threat DetectionHacker tools, techniquesPenetration Testing, Exploit Writing, and Ethical HackingOffensive Security, Security Operations, Web Application Testing, or Cloud SecurityReverse‐Malware EngineeringDigital Forensics and Incident ResponsePowerShell, JavaScript and PythonGIAC Certified Incident Handler (GCIH), Certified Incident Response Handler (GCFA) or similarSIEM systems, network security tools, log analysis toolsMitre ATT&CK framework utilizationThreat intelligence, vulnerability management, and security incident responseRegularly participate in tabletop exercises designed to identify gaps, improve skills, enhance communication, and engage with stakeholders.Review technical reports from vulnerability and penetration testing assessments, and results from tabletop exercises to identify potential future incidents.Develop, refine, recommend, and maintain playbooks, policies, and procedures to ensure alignment with industry best practices.Minimum QualificationsBachelor's degree in Computer Science, Information Systems, Cybersecurity, or related technical field plus 7–10 years of relevant experience.Experience in at least one of the following areas to satisfy education and experience requirements: Vulnerability Management, Malware and Malicious Code Reverse Engineering, Malware Analysis, Memory Analysis, Fileless Malware Analysis, Nation‐State Actor malware investigations, Network or Cloud Security, Penetration Testing.One incident‐response centric certification such as GIAC Certified Incident Handler (GCIH), GIAC Response and Industrial Defense (GRID), GIAC Battlefield Forensics and Acquisition (GBFA), GIAC Certified Forensic Examiner (GCFE), GIAC Advanced Smartphone Forensics, GIAC Certified Forensic Analyst (GCFA), GIAC Network Forensic Analyst (GNFA), GIAC Reverse Engineering Malware (GREM), eLearnSecurity Incident Handling & Response Professional (IHRP), or SEI Computer Security Incident Handler (CSIH).In‐depth understanding of threats, vulnerabilities and principles of incident response and chain of custody.Hands‐on experience with forensic tools and log correlation.Ability to think like an attacker and hunt within the security tool stack.Ability to incorporate the MITRE ATT&CK Framework in everyday processes.Preferred QualificationsMaster's degree in Cybersecurity, Information Technology, Digital Forensics, Computer Science, or equivalent technical field.10+ years of experience within the cybersecurity field.Basic knowledge of Operational Technology (OT), SCADA, HVAC and/or IoT.Two or more incident‐response centric certifications from the list above.Work EnvironmentAmtrak offers several options for a working environment including 100% remote, on‐site, or hybrid schedule.This position requires off‐hours work and on‐call participation.Ability and willingness to travel up to 30% to other office locations.Communications & Interpersonal Skills Must have excellent oral and written communication skills.Compensation & Benefits Salary range: $124,600 – $161,352. Pay is based on factors including education, work experience, certifications, internal equity, and may include a geo‐pay differential, short‐term incentive bonus, and long‐term incentive plan. Amtrak offers a comprehensive benefits package, including health, dental, and vision plans; health savings accounts; wellness programs; flexible spending accounts; 401(k) retirement plan with employer match; life insurance; short and long term disability insurance; paid time off; backup care; adoption assistance; surrogacy assistance; reimbursement of education expenses; Public Service Loan Forgiveness eligibility; Railroad Retirement sickness and retirement benefits; and rail pass privileges.EEO & Legal Statements Amtrak is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race/color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristics.Amtrak is committed to a safe workplace free of drugs and alcohol. All positions require a pre‐employment background check that includes employment verification, criminal history check, and a drug screen. Candidates who test positive for marijuana will be disqualified in accordance with applicable law.Amtrak follows DOT regulations for drug and alcohol testing for safety‐sensitive duties and federal requirements for security checks of covered individuals for providers of public transportation.Note: Any education requirement listed above may be deemed satisfied if you have an equivalent combination of education, training, and experience.#J-18808-Ljbffr