Sr Principal IT Security Engineer - 90308358 - Washington

Date: Sep 16, 2022

Location: Washington, District of Columbia, US, 20002

Company: Amtrak

Your success is a train ride away!

As we move America’s workforce toward the future, Amtrak connects businesses and communities across the country. We employ more than 20,000 diverse, energetic professionals in a variety of career fields throughout the United States. The safety of our passengers, our employees, the public and our operating environment is our priority, and the success of our railroad is due to our employees.


Are you ready to join our team?

Our values of ‘Do the Right Thing, Excel Together and Put Customers First’ are at the heart of what matters most to us, and our Core Capabilities, ‘Building Trust, Accountability, Effective Communication, Customer Focus, and Proactive Safety & Security’ are what every employee needs to know and do to be most impactful at Amtrak. By living the Amtrak values, focusing on our capabilities, and actively embracing and fostering diverse ideas, backgrounds, and perspectives, together we will honor our past and make Amtrak a company of the future.


The Sr Principal IT Security Engineer provides specialized depth and breadth of information security technologies to protect IT systems, network and data across the enterprise. The role identifies technology improvements and makes recommendations to support strategic business and operational goals. The Sr Principal IT Security Engineer manages internal security technologies and guides matrixed project teams throughout the Amtrak SDLC process.  


The Sr Principal IT Security Engineer embodies security‐first principles, constantly assesses the threat landscape and adapt quickly to manage enterprise risk, as well as technology integration and deployment requirements.  IT Security Engineers think like attackers to identify how solutions may be abused to an attacker’s advantage.  




  • Serves as a service offering lead of security technologies in support of the service owner and cybersecurity strategic plan. 
  • Provides technical security guidance to employees and IT colleagues. 
  • Leads security technology projects that are complex and specialized within the information security engineering function. 
  • Leads project teams to achieve milestones established by the service owner. 
  • Makes decisions that impact the functional operation of security technologies. 
  • Presents complex solutions to key stakeholders that influence the strategic direction of technology projects.    
  • Builds relationships with developers, stakeholders, security champions, and scrum masters to incorporate security principles into engineering design and deployments. 
  • Solves complex technology problems and adopts precedence where traditional approaches do not work or exist. 
  • Supervise testing and validation in application security controls across projects. 
  • Oversee implementation of defensive practices and countermeasures across infrastructure and applications. 
  • Build services and tools to enable developers and engineers to easily use security components produced by security team members.  
  • Simplify automation that applies security inter‐workings with CI/CD pipelines. 
  • Support the ability to “shift left” and incorporate security early on and throughout the development lifecycle. 
  • Communicate vulnerability results in a manner understood by technical and non‐technical business units based on risk tolerance and threat to the business, and gain support through influential messaging.
  • Join forces and provision security principles in architecture, infrastructure and code.  
  • Conducts quality test activities and validates test completeness in preparation for go‐live. 
  • Expertise in ICS/SCADA cybersecurity concerns. 
  • Provides in‐depth expertise to resolve problems, security incidents and conduct forensic investigations. 
  • Develops user manuals and knowledge databases and assists in user training.
  • Understands the TCP/IP stack with prior hands-on expertise securing diverse LAN, WAN, VPN, and wireless environments for large organizations
  • Hands-on experience performing maintaining, upgrading, testing and/or implementing firewall configuration changes and assessing impacts of changes on applications and other related systems 
  • Familiarity with and ability to investigate Intrusion Detection System (IDS) and/or Protocol-base Intrusion Detection System (PIDS) alerts 
  • Develops and updates technical documentation (network architecture text and diagrams, security plan controls, and risk assessment, etc.) 
  • Ability to work nights, weekends and holidays as needed to support planned and unplanned network maintenance and troubleshooting events




  • Bachelor’s Degree in Computer Science, Information Systems, Cybersecurity, Engineering, or related field plus 9+ years of relevant experience required.
  • 13+ years of relevant work experience required to satisfy education and experience requirements 
  • Professional security‐related certifications (e.g. Security+, Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), CISCO, SANS certifications, etc.).
  • Must possess excellent customer service, strong communication and interpersonal skills, work well with others in an integrated team environment, and must be self‐motivated.  
  • Specialized experience in securing Windows and *nix operating systems, endpoint applications, networking protocols and devices. 
  • Advanced scripting ability in Python, Bash, Perl, PowerShell or other relevant language. 
  • Deep understanding of OWASP, CVSS, the MITRE ATT&CK framework and the secure software development lifecycle (SLDC). 
  • Experience with SIEM/SOAR, EDR, CASB, IDS/IPS, AV, DLP, UEBA, FW, etc. technologies.  
  • Extensive experience performing technical risk and vulnerability assessments.  
  • Strong analytical skills with experience working in or supporting a Security Operations Center.




  • Master's degree in Information Technology, Cybersecurity, or equivalent 
  • Experience with scripting languages. 
  • 11+ years of experience in cybersecurity engineering specialization. 
  • Extensive experience with operations and security across Amazon Web Services (AWS) and Microsoft Azure. 
  • Advanced working level of the Microsoft Security Stack. 
  • Broad knowledge of Payment Card Industry (PCI), Health Information Portability and Accountability Act (HIPAA), Gramm‐Leach‐Bliley Act (GLBA), National Institute of Standards (NIST), Center for Internet Security (CIS) or International Standards Organization (ISO) requirements.
  • Work is performed in an office environment 
  • May require travel up to 10% of the time  
  • Requires on‐call status 
  • After hours, weekend and periodic shift work may be required
  • Other duties as assigned




  • Must have excellent oral and written communication skills.


Requisition ID:117031
Posting Location(s):District of Columbia
Job Family/Function:Information Technology 
Relocation Offered:No 
Travel Requirements:Up to 25% 

Amtrak employees power our progress through their performance.

We want your work at Amtrak to be more than a job – we want it to be a fulfilling experience where you find challenging and rewarding opportunities, respect among colleagues, competitive pay, benefits that protect you and your family and a high performance culture that recognizes and values your contributions and helps you reach your career goals.

All positions require pre-employment background check verification, a pre-employment drug screen and proof of full vaccination against COVID -19. Amtrak is committed to a safe workplace free of drugs and alcohol and performs pre-employment substance abuse testing. Marijuana, notwithstanding any statute, ordinance, regulation, or other law that legalizes or decriminalizes the use or possession of marijuana, whether for medical, recreational, or other use.  Candidates who engage in the usage of marijuana will not be qualified for hire.   Successful applicants for employment with Amtrak must be fully vaccinated against COVID-19 by the date of hire as a condition of employment, subject to requests for accommodation.  Fully vaccinated means 14 days have elapsed since receiving the second dose of the Pfizer or Moderna vaccine or 14 days since receiving the Johnson & Johnson vaccine.

In accordance with DOT regulations (49 CFR § 40.25), Amtrak is required to obtain prior drug and alcohol testing records for applicants/employees intending to perform safety-sensitive duties for covered Department of Transportation positions. If an applicant/employee refuses to provide written consent for Amtrak to obtain these records, the individual will not be permitted to perform safety-sensitive functions.

Note that any education requirement listed above may be deemed satisfied if you have an equivalent combination of education, training and experience.

Amtrak is an EOE/Affirmative Action Minority/Female employer, and we welcome all to apply. We consider candidates regardless of race/color, religion, sex (including pregnancy, childbirth and related conditions), national origin/ethnicity, age, disability (intellectual, mental and physical), veteran status, marital status, ancestry, sexual orientation, gender identity and gender expression, genetic information, citizenship or any other personal characteristics protected by law.

POSTING NOTES: Information Technology || Information Technology