Principal Detection Engineer - 90356483 - Washington

Your success is a train ride away!

As we move America's workforce toward the future, Amtrak connects businesses and communities across the country. We employ more than 20,000 diverse, energetic professionals in a variety of career fields throughout the United States. The safety of our passengers, our employees, the public and our operating environment is our priority, and the success of our railroad is due to our employees.

Are you ready to join our team?

Our values of 'Do the Right Thing, Excel Together and Put Customers First' are at the heart of what matters most to us, and our Core Capabilities, 'Building Trust, Accountability, Effective Communication, Customer Focus, and Proactive Safety & Security' are what every employee needs to know and do to be most impactful at Amtrak. By living the Amtrak values, focusing on our capabilities, and actively embracing and fostering diverse ideas, backgrounds, and perspectives, together we will honor our past and make Amtrak a company of the future.

SUMMARY OF DUTIES:
The Detection Engineer will play a critical role transforming the Cyber Fusion Center. If you are someone who enjoys looking through data sets for anomalies, researching malware, reading up on the latest adversary's techniques, tactics, and procedures, trying out new penetration tools and techniques to see what telemetry is generated, this position is for you.

Our team's mission is simple: hunt and find threats.

Our team's objective is simple: build a threat-informed defense.

Our team's goal is simple: excel together.

ESSENTIAL FUNCTIONS:
* Identify relevant data sources to determine threat-detection scenarios and use cases.
* Engineer specific, yet abstract detectors finding the ideal balance between an adversary's tactics, techniques, and procedures (TTPs).
* Automate threat-detection scenarios and use cases to improve Cyber Incident Response workflows.
* Provide Cyber Fusion Enablement for Detection Improvement Requests (DIR).
* Build threat detection models identifying relevant threats leveraging the Detection Development Lifecycle, Threat Detection Maturity and Alerting and Detection Strategy (ADS) Frameworks.
* Assesses the effectiveness of threat detection practices and countermeasures across the Enterprise infrastructure and applications.
* Performs Cyber Fusion technology detection gap assessments, assist with developing the strategic enhancement roadmap.
* Participates in planning sessions related to Enterprise projects or new technologies to implement process improvement within the functional area.

MINIMUM QUALIFICATIONS:
* Bachelor's Degree in Computer Science, Information Systems, Software Engineering, Software Development, Applied Data Science and Machine Learning, or relevant field, and 7 years of relevant experience or 11 years of relevant work experience in Cybersecurity.
* Must possess 3 years of relevant experience with scripting, object-oriented programming, coding, or infrastructure-as-code (IaC).
* Ability to think critically and like threat actors.
* Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
* Ability to evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) into high quality threat detectors.
* Knowledge of MITRE ATT&CK, Mobile, and ICS Frameworks or equivalent.
* Knowledge of MITRE ATT&CK Navigator or equivalent.
* Knowledge of MITRE Engage and Defend Frameworks or equivalent.
* Skill in using multiple analytic tools, databases, and techniques. (e.g., Analyst's Notebook, divergent/convergent thinking, link charts, matrices, etc.)
* Skill to analyze and assess internal and external partner cyber operations capabilities and tools.
* Skill in providing understanding of target or threat systems through the identification and link analysis of physical, functional, or behavioral relationships.

PREFERRED QUALIFICATIONS:
* Cybersecurity certifications, courses, or hands-on experience with some of the following:
o Red Team Operations and Adversary Emulation
o Penetration Testing, Exploit Writing, and Ethical Hacking
o Offensive Security, Security Operations, Web Application Testing, or Cloud Security
o Reverse-Malware Engineering
o Digital Forensics and Incident Response
o Cyber Deception - Attack Detection, Disruption, Active Defense
o Applied Data Science and Machine Learning for Cybersecurity Professionals
* Experience applying Threat Hunting methodologies which are Intelligence-Hypothesis driven with sound scientific-methodology principals applied.
* Preferred knowledge and familiarity with Operational Technology (OT), Industrial Controls Systems (ICS) or Supervisory Control and Data Acquisition (SCADA) systems, but not required.

WORK ENVIRONMENT:
* On-site, or Hybrid options available.
* May require occasional travel up to 10% of the time.
* May require occasional on-call status.
* May require occasional after hours, weekend, or periodic shift work supporting a 24x7x365 Cyber Fusion Center.

COMMUNICATIONS AND INTERPERSONAL SKILLS:

Must have excellent oral and written communication skills.

The salary/hourly range is $147,619 - $167,400. Pay is based on several factors including but not limited to education, work experience, certifications, etc. Depending on an employee's assigned worksite or location, Amtrak may consider a geo-pay differential to be applied to the employee's base salary. Amtrak may offer additional incentive and pay programs to recognize and reward our employees, including a short-term incentive bonus based upon factors such as individual and company performance that is commensurate with the level of the position and/or long-term incentive plan compensation. In addition to your salary, Amtrak offers a comprehensive benefit package that includes health, dental, and vision plans; health savings accounts; wellness programs; flexible spending accounts; 401K retirement plan with employer match; life insurance; short and long term disability insurance; paid time off; back-up care; adoption assistance; surrogacy assistance; reimbursement of education expenses; Public Service Loan Forgiveness eligibility; Railroad Retirement sickness and retirement benefits; and rail pass privileges. Learn more about our benefits offerings here.

Requisition ID:158082
Posting Location(s):N/A
Job Family/Function:Engineering
Relocation Offered:No
Travel Requirements:Up to 25%

Amtrak employees power our progress through their performance.

We want your work at Amtrak to be more than a job - we want it to be a fulfilling experience where you find challenging and rewarding opportunities, respect among colleagues, competitive pay, benefits that protect you and your family and a high performance culture that recognizes and values your contributions and helps you reach your career goals.

All positions require pre-employment background check verification, a pre-employment drug screen and proof of full vaccination against COVID -19. Amtrak is committed to a safe workplace free of drugs and alcohol and performs pre-employment substance abuse testing. Marijuana, notwithstanding any statute, ordinance, regulation, or other law that legalizes or decriminalizes the use or possession of marijuana, whether for medical, recreational, or other use. Candidates who engage in the usage of marijuana will not be qualified for hire. Successful applicants for employment with Amtrak must be fully vaccinated against COVID-19 by the date of hire as a condition of employment, subject to requests for accommodation. Fully vaccinated means 14 days have elapsed since receiving the second dose of the Pfizer or Moderna vaccine or 14 days since receiving the Johnson & Johnson vaccine.

In accordance with DOT regulations (49 CFR * 40.25), Amtrak is required to obtain prior drug and alcohol testing records for applicants/employees intending to perform safety-sensitive duties for covered Department of Transportation positions. If an applicant/employee refuses to provide written consent for Amtrak to obtain these records, the individual will not be permitted to perform safety-sensitive functions.

In accordance with federal law governing security checks of covered individuals for public transportation ( Title 6 U.S.C. * 1143), Amtrak is required to screen applicants for any permanent or interim disqualifying criminal offenses.

Note that any education requirement listed above may be deemed satisfied if you have an equivalent combination of education, training and experience.

Amtrak is an EOE/Affirmative Action Minority/Female employer, and we welcome all to apply. We consider candidates regardless of race/color, religion, sex (including pregnancy, childbirth and related conditions), national origin/ethnicity, age, disability (intellectual, mental and physical), veteran status, marital status, ancestry, sexual orientation, gender identity and gender expression, genetic information, citizenship or any other personal characteristics protected by law.

POSTING NOTES: Engineering|| Engineering & Mechanical