Incident Response Analyst - 90336259 - Washington

Date: May 6, 2022

Location: Washington, District of Columbia, US, 20002

Company: Amtrak

Your success is a train ride away.

Amtrak connects businesses and communities across the country and we move America’s workforce toward the future. We employ more than 20,000 diverse, energetic professionals in a variety of career fields throughout the United States. The safety of our passengers, our employees, the public and our operating environment is our priority and the success of our railroad is the result of our employees.

Are you ready to join our team?

SUMMARY OF DUTIES:
An incident response analyst works as part of a team and, at times, in an individual capacity. This role requires coordination of incident response (IR) activities across the company and working closely with stakeholders and information security team members. Additionally, individuals engage in suspected and confirmed incidents, which may vary in impact. IR analysts will investigate, validate, and communicate known details about the incident and work closely with cybersecurity leadership.  In this role, investigation will require the IR analyst to examine digital data and events from computer memory and storage (Windows, Linux, macOS), mobile phones, electronic communication, malware, and data transmission throughout the entire business. IR analysts will assist other members of the information security team such as security operations center (SOC) staff, threat hunters, and host and network engineering colleagues.

 


ESSENTIAL FUNCTIONS:

  • Respond to and investigate internally and externally driven incidents
  • Proactively hunt for threats and initiate incident response steps for discovered anomalies
  • Work closely with information security leadership and business stakeholders as part of a team of responders
  • Document and communicate incident details from initial investigation through closure and post-mortem.
  • Perform digital forensics on laptops, desktops, and mobile devices
  • Maintain chain of custody and verify evidence is preserved and has not been tampered with
  • Execute in all phases of the Incident Response Lifecycle (supporting recovery)
  • Document and communicate security findings, prioritize key risks to Amtrak and recommend solutions
  • Regularly participate in tabletop exercises designed to identify gaps, improve skills, enhance communication, and engage with stakeholders
  • Review technical reports from vulnerability and penetration testing assessments, as well as results from tabletop exercise to identify potential future incidents
  • Develop, refine, recommend, and maintain playbooks, policies, and procedures to ensure alignment to industry best practices.
  • Remain current and aware of relevant cyber events
  • Perform other duties as assigned

 

 

MINIMUM QUALIFICATIONS:

  • Bachelor’s Degree in Computer Science, Information Systems, Cybersecurity, or related technical field plus 7-10 years of relevant experience is required.
  • 4+ years of relevant work experience required on one or the combination of the below to satisfy education and experience requirements: 
    • Incident Response
    • Vulnerability Management
    • Digital Forensics
    • Network or Cloud Security
    • Penetration Testing
  • One incident response centric certification: 
    • GIAC Certified Incident Handler (GCIH)
    • GIAC Response and Industrial Defense (GRID)
    • GIAC Battlefield Forensics and Acquisition (GBFA)
    • GIAC Certified Forensic Examiner (GCFE)
    • GIAC Advanced Smartphone Forensics
    • GIAC Certified Forensic Analyst (GCFA)
    • GIAC Network Forensic Analyst (GNFA)
    • GIAC Reverse Engineering Malware (GREM)
    • EC-Council Certified Incident Handler (E|CIH)
    • eLearnSecurity Incident Handling & Response Professional (IHRP)
    • SEI Computer Security Incident Handler (CSIH)
    • NICCS Certified Incident Handler Engineer (CIHE)
  • Strong written and oral communication skills to facilitate communication across all levels of the organization.
  • In depth understanding of threats, vulnerabilities and principals of incident response and chain of custody.
  • Hands on experience with forensics tools and log correlation.
  • Must possess excellent customer service, strong communication and interpersonal skills, work well with others in an integrated team environment, and must be self-motivated. 
  • Must possess a high degree of integrity, trustworthiness.
  • Must have a deep understanding of computer intrusion activities, incident response techniques, tools, and procedures.
  • Ability to think like an attacker and hunt within the security tool stack.
  • Ability to incorporate the MITRE ATT&CK Framework in everyday processes.

 


PREFERRED QUALIFICATIONS:

  • Master's degree in Cybersecurity, Information Technology, Digital Forensics, Computer Science, or equivalent technical field
  • 10+ years of experience within the cybersecurity field
  • Basic knowledge of Operation Technology (OT), SCADA, HVAC and/or IoT
  • Two or more incident response centric certifications: 
    • GIAC Certified Incident Handler (GCIH)
    • GIAC Response and Industrial Defense (GRID)
    • GIAC Battlefield Forensics and Acquisition (GBFA)
    • GIAC Certified Forensic Examiner (GCFE)
    • GIAC Advanced Smartphone Forensics
    • GIAC Certified Forensic Analyst (GCFA)
    • GIAC Network Forensic Analyst (GNFA)
    • GIAC Reverse Engineering Malware (GREM)
    • EC-Council Certified Incident Handler (E|CIH)
    • SEI Computer Security Incident Handler (CSIH)
    • NICCS Certified Incident Handler Engineer (CIHE)
    • eLearnSecurity Incident Handling & Response Professional (IHRP)

 


COMMUNICATIONS AND INTERPERSONAL SKILLS:

  • Must have excellent oral and written communication skills.

Requisition ID:108181
Posting Location(s):District of Columbia
Job Family/Function:Information Technology 
Relocation Offered:No 
Travel Requirements:Up to 25% 

Amtrak employees power our progress through their performance.
 

We want your work at Amtrak to be more than a job – we want it to be a fulfilling experience where you find challenging and rewarding opportunities, respect among colleagues, competitive pay, benefits that protect you and your family and a high performance culture that recognizes and values your contributions and helps you reach your career goals.


All positions require pre-employment background check verification, a pre-employment drug screen and proof of full vaccination against COVID -19. Amtrak is committed to a safe workplace free of drugs and alcohol and performs pre-employment substance abuse testing. Marijuana, notwithstanding any statute, ordinance, regulation, or other law that legalizes or decriminalizes the use or possession of marijuana, whether for medical, recreational, or other use.  Candidates who engage in the usage of marijuana will not be qualified for hire.   Successful applicants for employment with Amtrak must be fully vaccinated against COVID-19 by the date of hire as a condition of employment, subject to requests for accommodation.  Fully vaccinated means 14 days have elapsed since receiving the second dose of the Pfizer or Moderna vaccine or 14 days since receiving the Johnson & Johnson vaccine.


In accordance with DOT regulations (49 CFR § 40.25), Amtrak is required to obtain prior drug and alcohol testing records for applicants/employees intending to perform safety-sensitive duties for covered Department of Transportation positions. If an applicant/employee refuses to provide written consent for Amtrak to obtain these records, the individual will not be permitted to perform safety-sensitive functions.


Note that any education requirement listed above may be deemed satisfied if you have an equivalent combination of education, training and experience.


Amtrak is an EOE/Affirmative Action Minority/Female employer, and we welcome all to apply. We consider candidates regardless of race/color, religion, sex (including pregnancy, childbirth and related conditions), national origin/ethnicity, age, disability (intellectual, mental and physical), veteran status, marital status, ancestry, sexual orientation, gender identity and gender expression, genetic information, citizenship or any other personal characteristics protected by law.



POSTING NOTES: Information Technology || Information Technology