Sr Mgr Cyber Threat Operations - 90397460 - Remote
US
Your success is a train ride away!
As we move America’s workforce toward the future, Amtrak connects businesses and communities across the country. We employ more than 20,000 diverse, energetic professionals in a variety of career fields throughout the United States. The safety of our passengers, our employees, the public and our operating environment is our priority, and the success of our railroad is due to our employees.
Are you ready to join our team?
Our values of ‘Do the Right Thing, Excel Together and Put Customers First’ are at the heart of what matters most to us, and our Core Capabilities, ‘Building Trust, Accountability, Effective Communication, Customer Focus, and Proactive Safety & Security’ are what every employee needs to know and do to be most impactful at Amtrak. By living the Amtrak values, focusing on our capabilities, and actively embracing and fostering diverse ideas, backgrounds, and perspectives, together we will honor our past and make Amtrak a company of the future.
SUMMARY OF DUTIES:
The Senior Manager of Threat Operations will play a critical role within the Amtrak Cyber Fusion Center. The candidate will lead our Threat Operations practice composing of Detection Engineering, Threat Hunting, Security Orchestration Automation and Response (SOAR) Engineering. The candidate will be responsible for the strategic, tactical, and operational components of Threat Operations.
If you are someone who enjoys looking through data sets for anomalies, researching malware, reading up on the latest adversary’s techniques, tactics, and procedures, trying out new penetration tools and techniques to see what telemetry is generated, this position is for you.
Our team’s mission is simple: hunt and find threats.
Our team’s objective is simple: build a threat-informed defense.
Our team’s goal is simple: excel together.
ESSENTIAL FUNCTIONS:
• Serve as the Service Offering Lead for Threat Operations functions, capabilities, and services.
• Provide an environment of trust, accountability, transparency, communication, and a growth mindset.
• Inspire people to challenge the status quo, think creatively, speak freely about ideas, and innovation.
• Prepare out-briefings to business stakeholders and leadership teams, executives, and external partners.
• Identify relevant data sources to determine threat-detection scenarios and use cases.
• Engineer specific, yet abstract detectors finding the ideal balance between an adversary’s tactics, techniques, and procedures (TTPs).
• Automate threat-detection scenarios and use cases to improve Cyber Incident Response workflows.
• Provide Cyber Fusion Enablement for Detection Improvement Requests (DIR).
• Build threat detection models identifying relevant threats leveraging the Detection Development Lifecycle, Threat Detection Maturity and Alerting and Detection Strategy (ADS) Frameworks.
• Assesses the effectiveness of threat detection practices and countermeasures across the Enterprise infrastructure and applications.
• Performs Cyber Fusion technology detection gap assessments, assist with developing the strategic enhancement roadmap.
• Participates in planning sessions related to Enterprise projects or new technologies to implement process improvement within the functional area.
• Establish a framework for researching, documenting, and integrating adversary emulation assessments.
• Responsible for gathering relevant cyber intelligence regarding attacker tactics, techniques, and procedures.
• Prepare and report risk analysis and threat findings to appropriate stakeholders.
• Create, recommend, and assist with development of new security content as the result of hunt missions to include signatures, alerts, workflows, and automation.
• Coordinate with different teams to improve threat detection, response, and improve overall security posture of the Enterprise.
• Create Threat Models to better understand the Amtrak threat landscape, identify defensive gaps, and prioritize mitigations.
• Utilize Threat Intelligence and Threat Models to create threat hypotheses.
• Plan and scope Threat Hunt Missions to verify threat hypotheses.
MINIMUM QUALIFICATIONS:
• Bachelor’s Degree in Computer Science, Information Systems, Software Engineering, Software Development, or relevant field experience or relevant work experience in Cybersecurity.
• Must possess relevant experience with Threat Intelligence, Threat Operations, Detection Engineering, Threat Hunting, Offensive Security, or relevant experience.
• Must possess relevant experience leadership acumen focusing on developing high-performing talent.
• Must possess relevant experience with scripting, object-oriented programming, coding, or infrastructure-as-code (IaC).
• Ability to switch between strategic, tactical, and operational concepts and be comfortable in either setting.
• Ability to build and deliver executive level presentations to clients and organizational leadership.
• Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
• Ability to function in a collaborative environment, seeking continuous consultation with other analysts and experts—both internal and external to the Cybersecurity organization—to leverage analytical and technical expertise.
• Ability to develop high-performing talent.
• Ability to think critically and like threat actors.
• Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
• Ability to clearly articulate intelligence requirements into well-formulated research questions and data tracking variables for inquiry tracking purposes.
• Ability to evaluate information for reliability, validity, and relevance.
• Knowledge of attack vectors, threat tactics, and attacker techniques.
• Knowledge of attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
• Knowledge of penetration testing principles, tools, and techniques.
• Knowledge of cyber intelligence/information collection capabilities and repositories.
• Knowledge of the intelligence frameworks, processes, and related systems.
• Skill in identifying cyber threats which may jeopardize organization and/or partner interests.
• Skill in collecting data from a variety of cyber defense resources.
• Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
• Skill in identifying critical target elements, to include critical target elements for the cyber domain.
• Skill in developing or recommending analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.
• Skill in providing understanding of target or threat systems through the identification and link analysis of physical, functional, or behavioral relationships.
PREFERRED QUALIFICATIONS:
• Cybersecurity certifications, courses, or hands-on experience with some of the following:
o Red Team Operations and Adversary Emulation
o Penetration Testing, Exploit Writing, and Ethical Hacking
o Offensive Security, Security Operations, Web Application Testing, or Cloud Security
o Reverse-Malware Engineering
o Digital Forensics and Incident Response
o Cyber Deception – Attack Detection, Disruption, Active Defense
• Experience applying Threat Hunting methodologies which are Intelligence-Hypothesis driven with sound scientific-methodology principals applied.
• Preferred ability for effective communication and interpersonal skills, work well with others in an integrated team environment, and must be self-motivated.
• Preferred knowledge and familiarity with Operational Technology (OT), Industrial Controls Systems (ICS) or Supervisory Control and Data Acquisition (SCADA) systems, but not required
- 9+ years of relevant field experience or 13+ years of relevant work experience in Cybersecurity.
- 5+ years with Threat Intelligence, Threat Operations, Detection Engineering, Threat Hunting, Offensive Security, or relevant experience.
- 3+ years of relevant experience leadership acumen focusing on developing high-performing talent.
- 3+ years of relevant experience with scripting, object-oriented programming, coding, or infrastructure-as-code (IaC).
WORK ENVIRONMENT:
• 100% Remote.
• Requires on-call status.
• May require occasional travel up to 25% of the time.
• May require occasional after hours, weekend, or periodic shift work supporting a 24x7x365 Cyber Fusion Center.
COMMUNICATIONS AND INTERPERSONAL SKILLS:
Must have excellent oral and written communication skills.
The salary/hourly range is $149,400-$193,644, Pay is based on several factors including but not limited to education, work experience, certifications, internal equity, etc. Depending on an employee’s assigned worksite or location, Amtrak may consider a geo-pay differential to be applied to the employee’s base salary. Amtrak may offer additional incentive and pay programs to recognize and reward our employees, including a short-term incentive bonus based upon factors such as individual and company performance that is commensurate with the level of the position and/or long-term incentive plan compensation. In addition to your salary, Amtrak offers a comprehensive benefit package that includes health, dental, and vision plans; health savings accounts; wellness programs; flexible spending accounts; 401K retirement plan with employer match; life insurance; short and long term disability insurance; paid time off; back-up care; adoption assistance; surrogacy assistance; reimbursement of education expenses; Public Service Loan Forgiveness eligibility; Railroad Retirement sickness and retirement benefits; and rail pass privileges. Learn more about our benefits offerings here.
Requisition ID:165105
Work Arrangement:02-Remote Optional Click here for more information about work arrangements at Amtrak.
Relocation Offered:No
Travel Requirements:Up to 25%
You power our progress through your performance.
We want your work at Amtrak to be more than a job. We want your career at Amtrak to be a fulfilling experience where you find challenging work, rewarding opportunities, respect among colleagues, and attractive compensation. Amtrak maintains a culture that values high performance and recognizes individual employee contributions.
Amtrak is committed to a safe workplace free of drugs and alcohol. All Amtrak positions requires a pre-employment background check that includes prior employment verification, a criminal history check and a pre-employment drug screen.
Candidates who test positive for marijuana will be disqualified, regardless of any state or local statute, ordinance, regulation, or other law that legalizes or decriminalizes the use or possession of marijuana, whether for medical, recreational, or other use. Amtrak's pre-employment drug testing program is administered in accordance with DOT regulations and applicable law.
In accordance with DOT regulations (49 CFR § 40.25), Amtrak is required to obtain prior drug and alcohol testing records for applicants/employees intending to perform safety-sensitive duties for covered Department of Transportation positions. If an applicant/employee refuses to provide written consent for Amtrak to obtain these records, the individual will not be permitted to perform safety-sensitive functions.
In accordance with federal law governing security checks of covered individuals for providers of public transportation (Title 6 U.S.C. §1143), Amtrak is required to screen applicants for any permanent or interim disqualifying criminal offenses.
Note that any education requirement listed above may be deemed satisfied if you have an equivalent combination of education, training and experience.
Amtrak is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race/color, to include traits historically associated with race, including but not limited to, hair texture and hairstyles such as braids, locks and twists, religion, sex (including pregnancy, childbirth and related conditions, such as lactation), national origin/ethnicity, disability (intellectual, mental and physical), veteran status, marital status, ancestry, sexual orientation, gender identity and gender expression, genetic information, citizenship or any other personal characteristics protected by law..
