Sr Mgr Cyber Incident Response - 90397440 - null

Your success is a train ride away!

As we move America's workforce toward the future, Amtrak connects businesses and communities across the country. We employ more than 20,000 diverse, energetic professionals in a variety of career fields throughout the United States. The safety of our passengers, our employees, the public and our operating environment is our priority, and the success of our railroad is due to our employees.

Are you ready to join our team?

Our values of 'Do the Right Thing, Excel Together and Put Customers First' are at the heart of what matters most to us, and our Core Capabilities, 'Building Trust, Accountability, Effective Communication, Customer Focus, and Proactive Safety & Security' are what every employee needs to know and do to be most impactful at Amtrak. By living the Amtrak values, focusing on our capabilities, and actively embracing and fostering diverse ideas, backgrounds, and perspectives, together we will honor our past and make Amtrak a company of the future.

The Senior Manager of Cyber Threat Incident Response will play a critical role within the Amtrak Cyber Fusion Center. The successful candidate leads a digital forensic cyber incident response team to effectively respond to and recovering from cybersecurity incidents. Conduct digital forensic investigations in response to high or critical security incidents. Lead the development of digital forensic and incident response playbooks and scalable procedures, recommending technical solutions to reduce risk across the enterprise. Act as a mentor and provide guidance to team members.

ESSENTIAL FUNCTIONS:

• As an Incident Response Senior Manager, you will provide industry-leading cyber incident response leadership support to the Cyber Fusion Center mission to effectively detect and respond to threats and reduce the overall impact of business risk before, during, and after an incident
• You will be able to resolve security incidents quickly, effectively and at scale with complete incident response including investigation, containment to support effective remediation, and crisis management
• In this role, you will technically navigate critical and high-profile incidents, performing digital forensic and incident response analysis with support from threat hunting, and malware triage analysts
• You will be able to resolve security incidents quickly, effectively and at scale with complete incident response including investigation, containment to support effective remediation, and crisis management
• In this role, you will technically navigate critical and high-profile incidents, performing digital forensic and incident response analysis with support from threat hunting, and malware triage analysts
• Lead Amtrak-wide cyber incident response engagements, examine cloud, endpoint, and network-based sources of evidence
• Recognize and codify attacker Tools, Tactics, and Procedures (TTPs) and Indicators of Compromise (IOCs) that can be applied to current and future investigations
• Build scripts, tools, or methodologies to enhance Amtrak's incident investigation processes
• Lead Cyber Incident Exercises, Tabletops, and Cyber Incident Management Response Team with business leaders, stakeholders, and cross-functional teams.
• Preferred ability for effective communication and interpersonal skills, work well with others in an integrated team environment, and must be self-motivated.
• Preferred knowledge and familiarity with Operational Technology (OT), Industrial Controls Systems (ICS) or Supervisory Control and Data Acquisition (SCADA) systems, but not required.
• Cybersecurity certifications, courses, or hands-on experience with some of the following:




• Advanced Threat Detection
• Hacker tools, techniques
• Penetration Testing, Exploit Writing, and Ethical Hacking
• Offensive Security, Security Operations, Web Application Testing, or Cloud Security
• Reverse-Malware Engineering
• Digital Forensics and Incident Response
• PowerShell, JavaScript and Python
• Relevant certifications including GIAC Certified Incident Handler (GCIH), Certified Incident Response Handler (GCFA) or similar
• Experience with using SIEM systems, network security tools, and log analysis tools
• Experience with cyber incident response
• Experience with Mitre ATT&CK framework
• Experience with threat intelligence, vulnerability management, and security incident response.




• Partner with Crisis Management, Emergency Management, Incident Response, Legal and OIG teams to conduct and coordinate on Cyber Incident Response Activities.
• Correlate threat intelligence, to develop deeper understandings of tracked threat activity.
• Apply basic threat hunting techniques to pivot for given information to known attack patterns, malicious code families, tracked threat groups and other historical information.
• Prepare and report risk analysis and threat findings to appropriate stakeholders.
• Conducts cyber threat intelligence analysis, develops correlation techniques, correlates actionable cybersecurity events, participates in the coordination of resources during incident response efforts, and reports and tracks incident findings and resolutions to leadership that include trends, responses, and mitigation actions.

MINIMUM QUALIFICATIONS:

• Bachelor's degree in computer science, Information Systems, Software Engineering, Software Development, or relevant field, and 9+ years of relevant experience or 13+ years of relevant work experience in Cybersecurity.
• Experience with Cyber Incident Handling, Cyber Incident Response, and/or Cyber Incident Management.
• Must possess 3+ years of relevant experience leadership acumen focusing on developing high-performing talent.* Ability to switch between strategic, tactical, and operational concepts and be comfortable in either setting.
• Ability to build and deliver executive level presentations to clients and organizational leadership.
• Ability to develop high-performing talent.
• Ability to think critically and like threat actors.
• Knowledge of attack vectors, threat tactics, and attacker techniques.
• Knowledge of penetration testing principles, tools, and techniques.
• Knowledge of Application Security Risks (e.g., Open Web Application Security Project Top 10 list).
• Knowledge of using a variety of forensic analysis tools in incident response investigations to determine the extent and scope of compromise.
• Knowledge of cloud service models and how those models can limit incident response.
• Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
• kill in protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters).

PREFERRED QUALIFICATIONS:

• Cybersecurity certifications, courses, or hands-on experience with some of the following:
  o Red Team Operations and Adversary Emulation
  o Penetration Testing, Exploit Writing, and Ethical Hacking
  
  
  
  • Offensive Security, Security Operations, Web Application Testing, or Cloud Security
  • Reverse-Malware Engineering
  • Digital Forensics and Incident Response
  • Cyber Deception - Attack Detection, Disruption, Active Defense
  
  
  
  
• Preferred knowledge and familiarity with Operational Technology (OT), Industrial Controls Systems (ICS) or Supervisory Control and Data Acquisition (SCADA) systems, but not required

WORK ENVIRONMENT:

• 100% Remote, On-site, or Hybrid options available.
• May require occasional travel up to 25% of the time.* May require occasional after hours, weekend, or periodic shift work supporting a 24x7x365 Cyber Fusion Center.

COMMUNICATIONS AND INTERPERSONAL SKILLS:
Must have excellent oral and written communication skills.

The salary/hourly range is $149,400-$193,644, Pay is based on several factors including but not limited to education, work experience, certifications, internal equity, etc. Depending on an employee's assigned worksite or location, Amtrak may consider a geo-pay differential to be applied to the employee's base salary. Amtrak may offer additional incentive and pay programs to recognize and reward our employees, including a short-term incentive bonus based upon factors such as individual and company performance that is commensurate with the level of the position and/or long-term incentive plan compensation. In addition to your salary, Amtrak offers a comprehensive benefit package that includes health, dental, and vision plans; health savings accounts; wellness programs; flexible spending accounts; 401K retirement plan with employer match; life insurance; short and long term disability insurance; paid time off; back-up care; adoption assistance; surrogacy assistance; reimbursement of education expenses; Public Service Loan Forgiveness eligibility; Railroad Retirement sickness and retirement benefits; and rail pass privileges. Learn more about our benefits offerings here.

Requisition ID:165087

Work Arrangement:02-Remote OptionalClick here for more information about work arrangements at Amtrak.

Relocation Offered:No

Travel Requirements:Up to 25%

You power our progress through your performance.

We want your work at Amtrak to be more than a job. We want your career at Amtrak to be a fulfilling experience where you find challenging work, rewarding opportunities, respect among colleagues, and attractive compensation. Amtrak maintains a culture that values high performance and recognizes individual employee contributions.

Amtrak is committed to a safe workplace free of drugs and alcohol. All Amtrak positions requires a pre-employment background check that includes prior employment verification, a criminal history check and a pre-employment drug screen.

Candidates who test positive for marijuana will be disqualified, regardless of any state or local statute, ordinance, regulation, or other law that legalizes or decriminalizes the use or possession of marijuana, whether for medical, recreational, or other use. Amtrak's pre-employment drug testing program is administered in accordance with DOT regulations and applicable law.

In accordance with DOT regulations (49 CFR * 40.25), Amtrak is required to obtain prior drug and alcohol testing records for applicants/employees intending to perform safety-sensitive duties for covered Department of Transportation positions. If an applicant/employee refuses to provide written consent for Amtrak to obtain these records, the individual will not be permitted to perform safety-sensitive functions.

In accordance with federal law governing security checks of covered individuals for providers of public transportation (Title 6 U.S.C. *1143), Amtrak is required to screen applicants for any permanent or interim disqualifying criminal offenses.

Note that any education requirement listed above may be deemed satisfied if you have an equivalent combination of education, training and experience.

Amtrak is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race/color, to include traits historically associated with race, including but not limited to, hair texture and hairstyles such as braids, locks and twists, religion, sex (including pregnancy, childbirth and related conditions, such as lactation), national origin/ethnicity, disability (intellectual, mental and physical), veteran status, marital status, ancestry, sexual orientation, gender identity and gender expression, genetic information, citizenship or any other personal characteristics protected by law..