Your success is a train ride away! As we move America’s workforce toward the future, Amtrak connects businesses and communities across the country. We employ more than 20,000 diverse, energetic professionals in a variety of career fields throughout the United States. The safety of our passengers, our employees, the public and our operating environment is our priority, and the success of our railroad is due to our employees.   Are you ready to join our team? Our values of ‘Do the Right Thing, Excel Together and Put Customers First’ are at the heart of what matters most to us, and our Core Capabilities, ‘Building Trust, Accountability, Effective Communication, Customer Focus, and Proactive Safety & Security’ are what every employee needs to know and do to be most impactful at Amtrak. By living the Amtrak values, focusing on our capabilities, and actively embracing and fostering diverse ideas, backgrounds, and perspectives, together we will honor our past and make Amtrak a company of the future.   The Principal Cyber Threat Incident Response Analyst will play a critical role within the Amtrak Cyber Fusion Center. In this role, you will support a digital forensic cyber incident response team to effectively respond to and recovering from cybersecurity incidents. You will execute the cyber incident response plan, response playbooks, and will ensuring timely resolution of security breaches ESSENTIAL FUNCTIONS: As a Principal Cyber Threat Incident Response Analyst, you will provide industry-leading cyber incident response supporting the Cyber Fusion Center mission to effectively detect and respond to threats and reduce the overall impact of business risk before, during, and after an incident You will be able to resolve security incidents quickly, effectively and at scale with complete incident response including investigation, containment to support effective remediation, and crisis management In this role, you will technically navigate critical and high-profile incidents, performing digital forensic and incident response analysis with support from threat hunting, and malware triage analysts Support Amtrak-wide cyber incident response engagements, examine cloud, endpoint, and network-based sources of evidence Recognize and codify attacker Tools, Tactics, and Procedures (TTPs) and Indicators of Compromise (IOCs) that can be applied to current and future investigations Build scripts, tools, or methodologies to enhance Amtrak’s incident investigation processes Conduct host forensics, network forensics, log analysis, and malware triage in support of incident response investigations Support Cyber Incident Exercises, Tabletops, and Cyber Incident Management Response Team with business leaders, stakeholders, and cross-functional teams. Support with Crisis Management, Emergency Management, Incident Response, Legal and OIG teams to conduct and coordinate on Cyber Incident Response Activities. Preferred knowledge and familiarity with Operational Technology (OT), Industrial Controls Systems (ICS) or Supervisory Control and Data Acquisition (SCADA) systems but not required. Cybersecurity certifications, courses, or hands-on experience with some of the following:  Advanced Threat Detection Hacker tools, techniques Penetration Testing, Exploit Writing, and Ethical Hacking  Offensive Security, Security Operations, Web Application Testing, or Cloud Security  Reverse-Malware Engineering  Digital Forensics and Incident Response PowerShell, JavaScript and Python Relevant certifications including GIAC Certified Incident Handler (GCIH), Certified Incident Response Handler (GCFA) or similar Experience with using SIEM systems, network security tools, and log analysis tools Experience with cyber incident response Experience with Mitre ATT&CK framework Experience with threat intelligence, vulnerability management, and security incident response Regularly participate in tabletop exercises designed to identify gaps, improve skills, enhance communication, and engage with stakeholders. Review technical reports from vulnerability and penetration testing assessments, as well as results from tabletop exercise to identify potential future incidents. Develop, refine, recommend, and maintain playbooks, policies, and procedures to ensure alignment to industry best practices. MINIMUM QUALIFICATIONS: Bachelor’s degree in computer science, Information Systems, Cybersecurity, or related technical field plus 7-10 years of relevant experience is required. Experience on one or the combination of the below to satisfy education and experience requirements:  Incident Response Vulnerability Management Digital Forensics Network or Cloud Security Penetration Testing One incident response centric certification:  GIAC Certified Incident Handler (GCIH) GIAC Response and Industrial Defense (GRID) GIAC Battlefield Forensics and Acquisition (GBFA) GIAC Certified Forensic Examiner (GCFE) GIAC Advanced Smartphone Forensics GIAC Certified Forensic Analyst (GCFA) GIAC Network Forensic Analyst (GNFA) GIAC Reverse Engineering Malware (GREM) E C-Council Certified Incident Handler (E|CIH) eLearnSecurity Incident Handling & Response Professional (IHRP) SEI Computer Security Incident Handler (CSIH) NICCS Certified Incident Handler Engineer (CIHE) In depth understanding of threats, vulnerabilities and principals of incident response and chain of custody. Hands on experience with forensics tools and log correlation. Ability to think like an attacker and hunt within the security tool stack. Ability to incorporate the MITRE ATT&CK Framework in everyday processes.  PREFERRED QUALIFICATIONS: Master's degree in Cybersecurity, Information Technology, Digital Forensics, Computer Science, or equivalent technical field 10+ years of experience within the cybersecurity field Basic knowledge of Operation Technology (OT), SCADA, HVAC and/or IoT Two or more incident response centric certifications:  GIAC Certified Incident Handler (GCIH) GIAC Response and Industrial Defense (GRID) GIAC Battlefield Forensics and Acquisition (GBFA) GIAC Advanced Smartphone Forensics GIAC Certified Forensic Analyst (GCFA) GIAC Network Forensic Analyst (GNFA) GIAC Reverse Engineering Malware (GREM) EC-Council Certified Incident Handler (E|CIH) SEI Computer Security Incident Handler (CSIH) NICCS Certified Incident Handler Engineer (CIHE) eLearnSecurity Incident Handling & Response Professional (IHRP) GIAC Certified Forensic Examiner (GCFE) WORK ENVIRONMENT: Amtrak offers several options for a working environment including 100% remote, on-site, and/or a hybrid schedule. This is a position that requires off-hours work and on-call participation. Please note your headquarters office may be in any one of Amtrak’s locations across the United States. The ability and willingness to travel up to 30% to other office locations is required. COMMUNICATIONS AND INTERPERSONAL SKILLS: Must have excellent oral and written communication skills. The salary/hourly range is $124,600-$161,352, Pay is based on several factors including but not limited to education, work experience, certifications, internal equity, etc. Depending on an employee’s assigned worksite or location, Amtrak may consider a geo-pay differential to be applied to the employee’s base salary. Amtrak may offer additional incentive and pay programs to recognize and reward our employees, including a short-term incentive bonus based upon factors such as individual and company performance that is commensurate with the level of the position and/or long-term incentive plan compensation. In addition to your salary, Amtrak offers a comprehensive benefit package that includes health, dental, and vision plans; health savings accounts; wellness programs; flexible spending accounts; 401K retirement plan with employer match; life insurance; short and long term disability insurance; paid time off; back-up care; adoption assistance; surrogacy assistance; reimbursement of education expenses; Public Service Loan Forgiveness eligibility; Railroad Retirement sickness and retirement benefits; and rail pass privileges. Learn more about our benefits offerings here.  Requisition ID:165094 Work Arrangement:02-Remote Optional Click here for more information about work arrangements at Amtrak.  Relocation Offered:No  Travel Requirements:0 - 5%  You power our progress through your performance.   We want your work at Amtrak to be more than a job. We want your career at Amtrak to be a fulfilling experience where you find challenging work, rewarding opportunities, respect among colleagues, and attractive compensation. Amtrak maintains a culture that values high performance and recognizes individual employee contributions.  Amtrak is committed to a safe workplace free of drugs and alcohol. All Amtrak positions requires a pre-employment background check that includes prior employment verification, a criminal history check and a pre-employment drug screen.  Candidates who test positive for marijuana will be disqualified, regardless of any state or local statute, ordinance, regulation, or other law that legalizes or decriminalizes the use or possession of marijuana, whether for medical, recreational, or other use. Amtrak's pre-employment drug testing program is administered in accordance with DOT regulations and applicable law.   In accordance with DOT regulations (49 CFR § 40.25), Amtrak is required to obtain prior drug and alcohol testing records for applicants/employees intending to perform safety-sensitive duties for covered Department of Transportation positions. If an applicant/employee refuses to provide written consent for Amtrak to obtain these records, the individual will not be permitted to perform safety-sensitive functions.   In accordance with federal law governing security checks of covered individuals for providers of public transportation (Title 6 U.S.C. §1143), Amtrak is required to screen applicants for any permanent or interim disqualifying criminal offenses.  Note that any education requirement listed above may be deemed satisfied if you have an equivalent combination of education, training and experience. Amtrak is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race/color, to include traits historically associated with race, including but not limited to, hair texture and hairstyles such as braids, locks and twists, religion, sex (including pregnancy, childbirth and related conditions, such as lactation), national origin/ethnicity, disability (intellectual, mental and physical), veteran status, marital status, ancestry, sexual orientation, gender identity and gender expression, genetic information, citizenship or any other personal characteristics protected by law..