Sr Principal IT Security Analyst - 90304978 - Washington

Date: Jun 23, 2022

Location: Washington, District of Columbia, US, 20002

Company: Amtrak

Your success is a train ride away.

Amtrak connects businesses and communities across the country and we move America’s workforce toward the future. We employ more than 20,000 diverse, energetic professionals in a variety of career fields throughout the United States. The safety of our passengers, our employees, the public and our operating environment is our priority and the success of our railroad is the result of our employees.

Are you ready to join our team?

The Sr. Principal OT Security Analyst sets direction for enterprise Operational technology (OT) security projects, strategies, and policies. The Sr. Principal OT Security Analyst develops, executes, and manages data system and network security across the enterprise. This position develops and implements security policies and procedures, security breach procedures, escalation procedures, security auditing procedures. 


The Sr. Principal OT Security Analyst also performs security architecture reviews, prepares and presents status reports, metrics, and analysis on security matters to develop security risk  analysis scenarios and response procedures. 



  • Sets direction for enterprise operational technology security projects, strategies and policies.
  • Provides subject matter expertise and wide‐scale security‐related problem resolution.
  • Develops, executes, manages, and assesses OT security across the enterprise; including architectural reviews and managing responses to high‐level security issues.
  • Oversees, develops, maintains, and publishes, enterprise wide security standards, procedures and guidelines.
  • Ensures local security standards align with international and national standards.
  • Conducts and oversees business impact analysis to ensure resources are adequately protected with proper security measures.
  • Provides risk assessments and security briefings that advise on critical issues that may affect client or enterprise wide security.
  • Plans and conducts vulnerability analysis of OT networks and systems.
  • Plans and conducts penetration testing against OT networks and systems.
  • Plans and conducts threat hunting missions within the OT environment
  • Coordinates and assists with 3rd party assessments and evaluations
  • Conducts and reporting on internal investigations of possible security violations.
  • Consults with clients on the data classification of their resources.
  • Interfaces with business, IT  & OT leaders, communicating security issues, and responding to requests for assistance and information.
  • Provides security support for enterprise wide application and infrastructure related projects. Identifies enterprise wide areas of risk to existing security standards and processes.
  • Leads and responds to security incidents and investigations and targets reviews of suspect areas. Consults on teams to resolve issues that are uncovered by various internal and 3rd party monitoring tools.
  • Leads and reviews application security risk assessments for new or updated internal or third‐party applications.
  • Defines metrics used for management status and statistical reports; analyzing reports and making recommendations for improvements.
  • Presents security results to upper management and business units.
  • Works with third party vendors during problem resolutions.
  • Interfaces with third party vendors to evaluate new security products or as part of a security assessment process. Maintains contact with vendors regarding security system updates and technical support of security products. Selects enterprise wide security hardware and software systems.
  • Oversee the development of security awareness and compliance training programs; providing communication and training as needed.
  • Provides technical expertise on the usage and administration of security tools that control and monitor information security.
  • Effectively perform all IT Controls as applicable



  • Bachelor’s Degree in related technical/business areas plus 9+ year’s relevant experience or 13+ years of relevant work experience required in business systems, development and/or support functions in order to satisfy education and experience requirements 7 to 10 years of relevant technical. 
  • May require knowledge of one processes/services. Business experience should include assignments in one or more business and technical processes. 
  • Demonstrated experience in combined IT ,OT and security work. 
  • Some experience with information security. 
  • Proven ability creating and implementing enterprise‐wide OT security strategies. 
  • Proven strong relationship management skills including the ability to maintain positive, productive, and cost‐effective relationships with outside vendors. 
  • Proven experience tracking OT security trends externally and tracking OT security developments internally. 
  • Proven experience managing large amounts of information, including monitoring security risks, conducting security audits, monitoring security exceptions, assessing new systems for security risks, and synthesizing information in actionable and publishable reports. 
  • Proven experience managing large teams and large projects, with the ability to meet deadlines and stay under budget. 
  • Proven experience developing and implementing training programs, preferably centered on OT security.
  • Requires in‐depth knowledge of security issues, techniques, and implications across all existing computer platforms.
  • Proven experience with a systems analysis, application development, database design and administration, and information security.
  • Proven ability to lead internal security investigations.



  • 11 years relevant experience preferred  
  • Advanced degree in Cyber Security, Information Assurance, Computer Science, Information Systems or other related field. 
  • CISSP certification 


Must have excellent oral and written communication skills.


NOTE: This position is a tiered position. Incumbents will have a position level assigned based on their skills and experience, and in alignment with position development plans. Position placement is at Amtrak’s sole and absolute discretion.

Requisition ID:107797
Posting Location(s):District of Columbia; Alabama; Alaska; Arizona; Arkansas; California; Colorado; Connecticut; Delaware; Florida; Georgia; Hawaii; Idaho; Illinois; Indiana; Iowa; Kansas; Kentucky; Louisiana; Maine; Maryland; Massachusetts; Michigan; Minnesota; Mississippi; Missouri; Montana; N/A; Nebraska; Nevada; New Hampshire; New Jersey; New Mexico; New York; North Carolina; North Dakota; Ohio; Oklahoma; Oregon; Pennsylvania; Rhode Island; South Carolina; South Dakota; Tennessee; Texas; Utah; Vermont; Virginia; Washington; West Virginia; Wisconsin; Wyoming
Job Family/Function:Information Technology 
Relocation Offered:No 
Travel Requirements:Up to 25% 

Amtrak employees power our progress through their performance.

We want your work at Amtrak to be more than a job – we want it to be a fulfilling experience where you find challenging and rewarding opportunities, respect among colleagues, competitive pay, benefits that protect you and your family and a high performance culture that recognizes and values your contributions and helps you reach your career goals.

All positions require pre-employment background check verification, a pre-employment drug screen and proof of full vaccination against COVID -19. Amtrak is committed to a safe workplace free of drugs and alcohol and performs pre-employment substance abuse testing. Marijuana, notwithstanding any statute, ordinance, regulation, or other law that legalizes or decriminalizes the use or possession of marijuana, whether for medical, recreational, or other use.  Candidates who engage in the usage of marijuana will not be qualified for hire.   Successful applicants for employment with Amtrak must be fully vaccinated against COVID-19 by the date of hire as a condition of employment, subject to requests for accommodation.  Fully vaccinated means 14 days have elapsed since receiving the second dose of the Pfizer or Moderna vaccine or 14 days since receiving the Johnson & Johnson vaccine.

In accordance with DOT regulations (49 CFR § 40.25), Amtrak is required to obtain prior drug and alcohol testing records for applicants/employees intending to perform safety-sensitive duties for covered Department of Transportation positions. If an applicant/employee refuses to provide written consent for Amtrak to obtain these records, the individual will not be permitted to perform safety-sensitive functions.

Note that any education requirement listed above may be deemed satisfied if you have an equivalent combination of education, training and experience.

Amtrak is an EOE/Affirmative Action Minority/Female employer, and we welcome all to apply. We consider candidates regardless of race/color, religion, sex (including pregnancy, childbirth and related conditions), national origin/ethnicity, age, disability (intellectual, mental and physical), veteran status, marital status, ancestry, sexual orientation, gender identity and gender expression, genetic information, citizenship or any other personal characteristics protected by law.

POSTING NOTES: Information Technology || Information Technology