Principal IT Security Engineer - 90288062 - Washington

Date: Apr 23, 2021

Location: Washington, DC, US, 20002

Company: Amtrak

Your success is a train ride away.

Amtrak connects businesses and communities across the country and we move America’s workforce toward the future. We employ more than 20,000 diverse, energetic professionals in a variety of career fields throughout the United States. The safety of our passengers, our employees, the public and our operating environment is our priority and the success of our railroad is the result of our employees.

Are you ready to join our team?

SUMMARY OF DUTIES: 
The Principal IT Security Engineer performs a broad range of complex technical and professional work functions to protect IT systems, network and data across the enterprise. The role is technical and requires an in-depth understanding of information security technologies and functions. The role also requires an understanding of business goals/strategy and operational requirements in a fast-paced environment. The Principal IT Security Engineer leads the technical management internal security systems or tools and implements automation to deliver security principles. The Principal IT Security Engineer makes technical decisions on security engineering work products to deliver functional and efficient security technologies. IT Security Engineers think like attackers to identify how solutions may be abused to an attacker’s advantage.  


ESSENTIAL FUNCTIONS:
•    Supports the service owner and may serve as a service offering lead in the delivery of security technologies.
•    Leads the evaluation and recommendation of hardware and software systems that provide security functions.
•    Leads security assessments of technology systems and recommends system changes to ensure adherence to standards, policy, guidelines, strategies, and security best business practices.
•    Generating, gathering, and tracking security metrics, developing scorecards for the metrics, and communicating the results to technology leadership.
•    Participates in planning sessions related to projects or new technologies to implement process improvement within the functional area. Documents discussions and agreements. Facilitates gate review, change advisory boards and IT operational meetings.  
•    Works to consistently learn and share advanced skills and practices that promote team excellence.
•    Builds relationships with developers, stakeholders, security champions, and scrum masters to incorporate security principles into engineering design and deployments.
•    Draft and uphold CI/CD security strategy and practices in tandem with other technical team leads.
•    Build services and tools to enable developers and engineers to easily use security components produced by security team members. 
•    Support the ability to “shift left” and incorporate security early on and throughout the development lifecycle.
•    Identify vulnerabilities in code through automated and manual assessments, and promote quick remediation. 
•    Regularly research and learn new tactics, techniques and procedures (TTPs) in public and closed forums, and work with colleagues to assess risk and implement/validate controls.
•    Assesses process improvements needs utilizing a structured requirements process (gathering, analyzing, documenting, and managing changes) to assists in identifying priorities and advises on options.
•    Leads quality test activities and validates test completeness in preparation for go-live.
•    Basic understanding of ICS/SCADA cybersecurity concerns.
•    Provides subject matter expertise to resolve problems, security incidents and conduct forensic investigations.


MINIMUM QUALIFICATIONS:
•    Bachelor’s Degree in Computer Science, Information Systems, Cybersecurity, Engineering or related field plus 7+ years of relevant experience.
•    11+ years of relevant work experience required to satisfy education and experience requirements.
•    Professional security-related certifications (e.g. Security+, Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), CISCO, SANS certifications, etc.).
•    Must possess excellent customer service, strong communication and interpersonal skills, work well with others in an integrated team environment, and must be self-motivated. 
•    Proficient in securing Windows and *nix operating systems, endpoint applications, networking protocols and devices.
•    In-depth understanding of scripting in Python, Bash, Perl, PowerShell or other relevant language.
•    Understanding of OWASP, CVSS, the MITRE ATT&CK framework and the secure software development lifecycle (SDLC).
•    Experience with industry standard information security technologies.
•    Experience performing technical risk and vulnerability assessments. 
•    Strong analytical skills with experience working in or supporting a Security Operations Center.


PREFERRED QUALIFICATIONS:
•    Master's degree in Information Technology, Cybersecurity, or equivalent.
•    9+ years experience in cybersecurity specialization (compliance, information security program management, continuous monitoring, vulnerability assessment).
•    Preferably some experience with operations and security across Amazon Web Services (AWS) and Microsoft Azure.
•    Experience working with the Microsoft Security Stack.
•    Knowledge of Payment Card Industry (PCI), Health Information Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), National Institute of Standards (NIST), Center for Internet Security (CIS) or International Standards Organization (ISO) requirements.

 

WORK ENVIRONMENT:
•    Work is performed in an office environment
•    May require travel up to 10% of the time 
•    Requires on-call status
•    After hours, weekend and periodic shift work may be required
•    Other duties as assigned

 

COMMUNICATION AND INTERPERSONAL SKILLS: 
Must have excellent oral and written communication skills.
 

Requisition ID:53921
Band Zone:D1 
Posting Location(s):District of Columbia
Job Family/Function:Information Technology 
Relocation Offered:No 
Travel Requirements:Up to 25% 
Recruiter Name:KATHLEEN RASH 
Recruiter Email:kathleen.rash@amtrak.com

 

You power our progress through your performance.

We want your work at Amtrak to be more than a job – we want it to be a fulfilling experience where you find challenging and rewarding opportunities, respect among colleagues, competitive pay, benefits that protect you and your family, and a high performance culture that recognizes and values your contributions and helps you reach your career goals.

We proudly support and encourage U.S. Veterans to apply for Amtrak job opportunities.

All positions require pre-employment background verification, medical review and pre-employment drug screen. Amtrak is committed to a safe and drug-free workplace and performs pre-employment substance abuse testing.  All new hires are required to undergo a hair drug test which detects the presence of illegal drugs for months prior to testing.  Marijuana, notwithstanding any statute, ordinance, regulation, or other law that legalizes or decriminalizes the use or possession of marijuana, whether for medical, recreational, or other use.  Candidates who engage in the usage of marijuana will not be qualified for hire.  We appreciate your cooperation in keeping Amtrak safe and drug-free. 

In accordance with DOT regulations (49 CFR section 40.25), Amtrak is required to obtain prior drug and alcohol testing records for applicants/employees intending to perform safety- sensitive duties for covered Department of Transportation positions.   If an applicant/employee refuses to provide written consent for Amtrak to obtain these records, he/she will not permitted to perform safety-sensitive functions.

Note that any education requirement listed above may be deemed satisfied if you have an equivalent combination of education, training and experience.

Amtrak is an Affirmative Action/Equal Opportunity Employer and we welcome all to apply. We consider candidates regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, disability (including blindness), or veteran status.