Lead Threat Hunt Analyst - 90397468 - Remote

Your success is a train ride away!

As we move America's workforce toward the future, Amtrak connects businesses and communities across the country. We employ more than 20,000 diverse, energetic professionals in a variety of career fields throughout the United States. The safety of our passengers, our employees, the public and our operating environment is our priority, and the success of our railroad is due to our employees.

Are you ready to join our team?

Our values of 'Do the Right Thing, Excel Together and Put Customers First' are at the heart of what matters most to us, and our Core Capabilities, 'Building Trust, Accountability, Effective Communication, Customer Focus, and Proactive Safety & Security' are what every employee needs to know and do to be most impactful at Amtrak. By living the Amtrak values, focusing on our capabilities, and actively embracing and fostering diverse ideas, backgrounds, and perspectives, together we will honor our past and make Amtrak a company of the future.

SUMMARY OF DUTIES:
The Lead OT Threat Hunt Analyst proactively identifies and neutralizes cyber threats in critical infrastructure environments before they impact the organization. This role performs a broad range of complex technical and professional work functions to identify, investigate, analyze, and remediate existing threats that evade signatured detection strategies across Amtrak's IT and OT environments. This position ensures compliance of security policies and procedures thru effective security controls, identifying risks and control gaps, areas of process improvement and solutions.

As a subject matter expert in adversary tactics, techniques and procedures (TTPs), the Lead Threat Hunt Analyst remains abreast of evolving threats that aim to target critical infrastructure environments. This key contributor provides guidance and support on threat detection and security mitigations/controls, participating in complex business processes and planning sessions related to Enterprise cybersecurity projects or new technologies.The Lead Threat Hunt analyst prepares structured threat hunt initiatives, threat hunt reports, technical investigative training and security awareness materials, status reports, and metrics and analysis on security matters.

ESSENTIAL FUNCTIONS:

• Conduct proactive, intelligence-driven threat hunts to identify adversary activity, cyber risks and anomalies, identifying and investigating potential threats to critical infrastructure and operations.
• Evaluate, analyze and synthesize large quantities of data to uncover anomalous activity capable of introducing risk to Amtrak environments.
• Search for potential vulnerability exploitation, post-compromise activity or security control gaps based on emerging and known adversary tactics, techniques and procedures (TTPs), user behavior, endpoint threat detection, network behavior analytics, machine learning-derived trends and external threat reports.
• Review EDR telemetry, Firewall, IDS/IPS logs, web content filtering logs, net flow device logs, antivirus logs.
• Work closely with other cybersecurity teams (detection engineering, threat intelligence, incident response and security operations) and operational technology service owners to escalate anomalous findings, contribute to detection logic improvements and verify security control implementations.
• Support and participate in formal reporting related to threat hunt findings, implementation of security controls and improvements to Cyber Security Operations processes.
• Capture hunt byproducts indicative of poor cyber hygiene practices, company policy violation or misuse; support incident investigations, as needed.
• Participate in the evaluation and recommendation of hardware and software systems that provide security functions.
• Respond and resolve problems, security incidents and forensic investigations, as needed.
• Develop and document workflow, hunt and investigative methodology, and technical standards and assist in cyber fusion analyst upskilling and mentoring.
• Investigate, resolve and escalate problems. Monitor and analyze metrics to ensure customer satisfaction and vendor performance.
• Propose improvements and assist with the implementation of enterprise-wide security standards, procedures and guidelines.

MINIMUM QUALIFICATIONS:

• Bachelor's Degree in Computer Science, Information Systems, or related field.
• Professional security-related certifications (e.g. GIAC Certified Forensic Analyst (GCFA), Certified Information Systems Security Professional (CISSP), or equivalent).
• Enterprise security experience in threat intelligence, investigative and hunt methodologies, detection engineering, security operations and/or incident response.
• Knowledge of Mitre ATT&CK matrices (Enterprise, ICS, Cloud) to map adversary tactics, techniques and procedures (TTPs) and inform structured hunts.
• Knowledge of OS triage artifact analysis and incident investigative methods.
• Strong analytical skills and proficiency with SIEM, EDR, CASB, IDS/IPS, AV, DLP UEBA, FW, and forensic investigative technologies.
• Ability to design and review multi-source correlation queries using Kusto, Kibana and/or Structured query languages, across endpoint, cloud, network, application and identity data.

PREFERRED QUALIFICATIONS:

• Master's degree in Information Technology, Cyber Security, or equivalent
• Experience with scripting languages.
• 8+ years of experience in cyber security specialization (threat hunt, security operations, compliance, information security program management, continuous monitoring, vulnerability assessment)
• Knowledge and familiarity with Operational Technology (OT), Industrial Controls Systems (ICS) or Supervisory Control and Data Acquisition (SCADA) systems.

WORK ENVIRONMENT:

• This position is 100% Remote.
• May require travel up to 10% of the time
• After hours, weekend and periodic shift work may be required
• Other duties as assigned

COMMUNICATIONS AND INTERPERSONAL SKILLS:
Must have excellent oral and written communication skills.

The salary/hourly range is $103,700-$134,460, Pay is based on several factors including but not limited to education, work experience, certifications, internal equity, etc. Depending on an employee's assigned worksite or location, Amtrak may consider a geo-pay differential to be applied to the employee's base salary. Amtrak may offer additional incentive and pay programs to recognize and reward our employees, including a short-term incentive bonus based upon factors such as individual and company performance that is commensurate with the level of the position and/or long-term incentive plan compensation. In addition to your salary, Amtrak offers a comprehensive benefit package that includes health, dental, and vision plans; health savings accounts; wellness programs; flexible spending accounts; 401K retirement plan with employer match; life insurance; short and long term disability insurance; paid time off; back-up care; adoption assistance; surrogacy assistance; reimbursement of education expenses; Public Service Loan Forgiveness eligibility; Railroad Retirement sickness and retirement benefits; and rail pass privileges. Learn more about our benefits offeringshere.

Requisition ID:165103

Work Arrangement:02-Remote OptionalClick here for more information about work arrangements at Amtrak.

Relocation Offered:No

Travel Requirements:Up to 25%

You power our progress through your performance.

We want your work at Amtrak to be more than a job. We want your career at Amtrak to be a fulfilling experience where you find challenging work, rewarding opportunities, respect among colleagues, and attractive compensation. Amtrak maintains a culture that values high performance and recognizes individual employee contributions.

Amtrak is committed to a safe workplace free of drugs and alcohol. All Amtrak positions requires a pre-employment background check that includes prior employment verification, a criminal history check and a pre-employment drug screen.

Candidates who test positive for marijuana will be disqualified, regardless of any state or local statute, ordinance, regulation, or other law that legalizes or decriminalizes the use or possession of marijuana, whether for medical, recreational, or other use. Amtrak's pre-employment drug testing program is administered in accordance with DOT regulations and applicable law.

In accordance with DOT regulations (49 CFR * 40.25), Amtrak is required to obtain prior drug and alcohol testing records for applicants/employees intending to perform safety-sensitive duties for covered Department of Transportation positions. If an applicant/employee refuses to provide written consent for Amtrak to obtain these records, the individual will not be permitted to perform safety-sensitive functions.

In accordance with federal law governing security checks of covered individuals for providers of public transportation (Title 6 U.S.C. *1143), Amtrak is required to screen applicants for any permanent or interim disqualifying criminal offenses.

Note that any education requirement listed above may be deemed satisfied if you have an equivalent combination of education, training and experience.

Amtrak is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race/color, to include traits historically associated with race, including but not limited to, hair texture and hairstyles such as braids, locks and twists, religion, sex (including pregnancy, childbirth and related conditions, such as lactation), national origin/ethnicity, disability (intellectual, mental and physical), veteran status, marital status, ancestry, sexual orientation, gender identity and gender expression, genetic information, citizenship or any other personal characteristics protected by law..