Principal IT Security Analyst

Washington, DC
Sep 17, 2021
Sep 20, 2021
Full Time
Amtrak connects businesses and communities across the country and we move Americas workforce toward the future. The safety of our passengers, our more than 20,000 colleagues, the public and our operating environment is our priority and the success of our railroad is the result of you. By living the Amtrak values and actively embracing and fostering diverse ideas, backgrounds and perspectives, together we will honor our past and make Amtrak a company of the future. SUMMARY OF DUTIES: The Principal IT Security Analyst monitors, develops, executes, and manages data system and network security across the enterprise. This position develops and implements security policies and procedures such as user login and authentication rules, security breach procedures, escalation procedures, security auditing procedures and the use of firewalls and encryption routines. The Principal IT Security Analyst prepares status reports, and metrics and analysis on security matters to develop security risk analysis scenarios and response procedures. ESSENTIAL FUNCTIONS: Delivers security solutions for complex assignments Leads security projects and supporting the most complicated security issues Monitors, developing, executing, managing, and assessing IT security across the enterprise Continuously developing, enhancing, and implementing enterprise wide security standards, procedures, and guidelines Conducts business impact analysis to ensure resources are adequately protected with proper security measures Analyze security analysis reports for security vulnerabilities and recommending feasible and appropriate options Monitors multiple logs across diverse platforms to uncover specific activities as they occur from platform to platform Creates information support tools, on security monitoring and account/data access authorizations Interfaces regularly with staff from various departments, communicating security issues, and responding to requests for assistance and information Identifies and resolves root causes of security related problems Responds to security incidents, conducting forensic investigations and targeted reviews of suspect areas Works with teams to resolve issues that are uncovered by various internal and 3rd party monitoring tools Performs application security risk assessments for new and updated internal or third-party applications Define metrics to be used for management status and statistical reports Analyze reports and making recommendations for improvements Work with third party vendors during problem resolutions Interface with third party vendors to evaluate new security products or as part of a security assessment process Provide technical expertise on the usage and administration of security tools Effectively perform all IT Controls as applicable. MINIMUM QUALIFICATIONS: Bachelors Degree in Computer Science, Information Systems, or related field plus 7+ years relevant experience required, or 9+ years of relevant work experience required to satisfy education and experience requirements Certified Information Systems Security Professional (CISSP) certification or equivalent required within 3 years. Proven experience with systems analysis, application development, and database design and administration Proven experiencing developing and implementing IT security policies and procedures across a large organization Proven experience monitoring, investigating, and solving IT security related concerns in a timely manner Strong interpersonal skills; including strong written and oral communication skills with individuals at all levels of an organization Proven strong attention to detail Proven ability managing and tracking large amounts of data, preferred with IT security data Proven ability working on a schedule including responding to requests and concerns in a timely and professional manner Experience with IT security forensic investigations Experience evaluating large systems (hardware and software) for IT security compliance Experience developing and leading training programs Knowledge of security issues, techniques, and implications across all existing computer platforms. PREFERRED QUALIFICATIONS: Master's degree in Information Technology, Cyber Security, or equivalent. Experience in the transportation industry. 9 years relevant experience preferred WORK ENVIRONMENT: Work is performed in an office environment May require travel up to 10% of the time Requires on-call status After hours and periodic shift work may be required Additional duties as assigned COMMUNICATION AND INTERPERSONAL SKILLS: Must have excellent oral and written communication skills. SF:LI Requisition ID: 53941 Band Zone: D1 Posting Location(s): District of Columbia Job Family/Function: Information Technology Relocation Offered: No Travel Requirements: Up to 25% Recruiter Name: Varsha Ashpalia Recruiter Email: You power our progress through your performance. We want your work at Amtrak to be more than a job we want it to be a fulfilling experience where you find challenging and rewarding opportunities, respect among colleagues, competitive pay, benefits that protect you and your family, and a high performance culture that recognizes and values your contributions and helps you reach your career goals. We proudly support and encourage US Veterans to apply for Amtrak job opportunities. All positions require pre-employment background verification, medical review and pre-employment drug screen. Amtrak is committed to a safe and drug-free workplace and performs pre-employment substance abuse testing. All new hires are required to undergo a hair drug test which detects the presence of illegal drugs for months prior to testing.Marijuana,notwithstanding any statute, ordinance, regulation, or other law that legalizes or decriminalizes the use or possession ofmarijuana, whether for medical, recreational, or other use. Candidates who engage in the usage ofmarijuanawillnotbe qualified for hire. We appreciate your cooperation in keeping Amtrak safe and drug-free. In accordance with DOT regulations (49 CFR section 40.25), Amtrak is required to obtain prior drug and alcohol testing records for applicants/employees intending to perform safety- sensitive duties for covered Department of Transportation positions. If an applicant/employee refuses to provide written consent for Amtrak to obtain these records, he/she will not permitted to perform safety-sensitive functions. Note that any education requirement listed above may be deemed satisfied if you have an equivalent combination of education, training and experience. Amtrak is an Affirmative Action/Equal Opportunity Employer and we welcome all to apply. We consider candidates regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, disability (including blindness), or veteran status.