Your success is a train ride away! As we move America’s workforce toward the future, Amtrak connects businesses and communities across the country. We employ more than 20,000 diverse, energetic professionals in a variety of career fields throughout the United States. The safety of our passengers, our employees, the public and our operating environment is our priority, and the success of our railroad is due to our employees. Are you ready to join our team? Our values of ‘Do the Right Thing, Excel Together and Put Customers First’ are at the heart of what matters most to us, and our Core Capabilities, ‘Building Trust, Accountability, Effective Communication, Customer Focus, and Proactive Safety & Security’ are what every employee needs to know and do to be most impactful at Amtrak. By living the Amtrak values, focusing on our capabilities, and actively embracing and fostering diverse ideas, backgrounds, and perspectives, together we will honor our past and make Amtrak a company of the future. The Principal Cyber Threat Incident Response Analyst will play a critical role within the Amtrak Cyber Fusion Center. In this role, you will support a digital forensic cyber incident response team to effectively respond to and recovering from cybersecurity incidents. You will execute the cyber incident response plan, response playbooks, and will ensuring timely resolution of security breaches ESSENTIAL FUNCTIONS: • As a Principal Cyber Threat Incident Response Analyst, you will provide industry-leading cyber incident response supporting the Cyber Fusion Center mission to effectively detect and respond to threats and reduce the overall impact of business risk before, during, and after an incident • You will be able to resolve security incidents quickly, effectively and at scale with complete incident response including investigation, containment to support effective remediation, and crisis management • In this role, you will technically navigate critical and high-profile incidents, performing digital forensic and incident response analysis with support from threat hunting, and malware triage analysts • Support Amtrak-wide cyber incident response engagements, examine cloud, endpoint, and network-based sources of evidence • Recognize and codify attacker Tools, Tactics, and Procedures (TTPs) and Indicators of Compromise (IOCs) that can be applied to current and future investigations • Build scripts, tools, or methodologies to enhance Amtrak’s incident investigation processes • Conduct host forensics, network forensics, log analysis, and malware triage in support of incident response investigations • Support Cyber Incident Exercises, Tabletops, and Cyber Incident Management Response Team with business leaders, stakeholders, and cross-functional teams. • Support with Crisis Management, Emergency Management, Incident Response, Legal and OIG teams to conduct and coordinate on Cyber Incident Response Activities. • Preferred knowledge and familiarity with Operational Technology (OT), Industrial Controls Systems (ICS) or Supervisory Control and Data Acquisition (SCADA) systems but not required. • Cybersecurity certifications, courses, or hands-on experience with some of the followin • * Advanced Threat Detection • Hacker tools, techniques • Penetration Testing, Exploit Writing, and Ethical Hacking • Offensive Security, Security Operations, Web Application Testing, or Cloud Security • Reverse-Malware Engineering • Digital Forensics and Incident Response • PowerShell, JavaScript and Python • Relevant certifications including GIAC Certified Incident Handler (GCIH), Certified Incident Response Handler (GCFA) or similar • Experience with using SIEM systems, network security tools, and log analysis tools • Experience with cyber incident response • Experience with Mitre ATT&CK framework • Experience with threat intelligence, vulnerability management, and security incident response • Regularly participate in tabletop exercises designed to identify gaps, improve skills, enhance communication, and engage with stakeholders. • Review technical reports from vulnerability and penetration testing assessments, as well as results from tabletop exercise to identify potential future incidents. • Develop, refine, recommend, and maintain playbooks, policies, and procedures to ensure alignment to industry best practices. MINIMUM QUALIFICATIONS: • Bachelor’s degree in computer science, Information Systems, Cybersecurity, or related technical field plus 7-10 years of relevant experience is required. Experience on one or the combination of the below to satisfy education and experience requirements: • * • Incident Response • Vulnerability Management • Digital Forensics • Network or Cloud Security • Penetration Testing One incident response centric certification: • * • GIAC Certified Incident Handler (GCIH) • GIAC Response and Industrial Defense (GRID) • GIAC Battlefield Forensics and Acquisition (GBFA) • GIAC Certified Forensic Examiner (GCFE) • GIA Apply t