Share this Job

Lead IT Security Analyst - 90241293 - Washington

Date: Mar 23, 2019

Location: Washington, DC, US, 20002

Apply now »
Apply now

Apply for Job

As a current employee you know Amtrak connects businesses and communities across the country and we move America’s workforce toward the future. The safety of our passengers, our more than 20,000 colleagues, the public and our operating environment is our priority and the success of our railroad is the result of you.

By living the Amtrak values and actively embracing and fostering diverse ideas, backgrounds and perspectives, together we will honor our past and make Amtrak a company of the future.

The Lead IT Security Analyst works in a lead or supervisor capacity with business partners (IT) to align technology solutions and/or processes with Information Technology and business strategies. Demonstrates an informed knowledge within the function to resolve problems and assist with improvement of processes, on an ongoing basis. Supports several moderately complex business processes. Serves as a project team member.

The Lead IT Security Analyst prepares training and awareness materials, status reports, and metrics / analysis  on security matters to devleop security vulnerability and risk analysis scenarios and repsonse procedures.



  • Responsible for assisting in the governance of IT disciplines, ie. Project Management, Service Management (Incident/Change/Problem), IT Safety, IT Facilities Management, IT Resource Management, etc. Collect, analyze and document service management related activities. The responsibilities include, but are not limited to:
  • Supervises the relationships with business partners in both IT and various other departments across the Company
  • Monitoring security events and developing IT security controls across the enterprise.
  • Propose and assist with the implementation of improvements of enterprise-wide security standards, procedures, and guidelines.
  • Participates in planning sessions related to projects or new technologies, to implement process improvement within the functional area. Documents discussions and agreements.
  • Facilitate gate review, change advisor boards and IT operational meetings.
  • Establishes liaison relationship with business partners and IT departments in order to provide process solutions to meet user needs.
  • Assesses process improvement needs utilizing a structured requirements process (gathering, analyzing, documenting, and managing changes) to assist in identifying priorities and advises on options.
  • Provides factual content, analysis and other information to guide development projects and enhancements activities.
  • Governance of quality test activities and validates test completeness in preparation for go-live.
  • Responding to and resolving problems, security incidents, and forensic investigations.
  • Generating, gathering, and tracking security metrics, developing scorecard reports on the metrics, and communicting the results. 
  • Development of user manuals and knowledge databases and assist in user training.
  • Investigates, resolves and escalates problems. Monitors and analyzes metrics to ensure customer satisfaction and vendor performance.
  • Promotes an understanding of IT Service Management roles, processes and activities to business units and IT departments. Supports and participates in formal reporting related to IT Operations.
  • Guide users on the usages and administration of security tools that control and monitor information security.
  • Monitoring, developing, and executing IT security technology, policies, and processes across the enterprise.
  • Proposing investments and assisting in the implementation of enterprise-wide security standards, procedures, and guidelines.
  • Assisting in business impact analysis to ensure proper security measures exist to adequately protect resources.
  • Running vulnerability and risk assessment reports using commercial tools or custom scripts and documenting results.
  • Assisting in security audits and inspecting security logs to uncover possible security violations.
  • Checking existing accounts and data access permission requests against documented authorizations.
  • Test web services, web application, API, mobile application for potential vulnerabilities.
  • Wireless penetration testing and device security assessments.
  • Run patch and configuration audit scans
  • Periodically run host discovery scans, web searches for Amtrak related URLS, and maintain an accurate inventory.
  • Use commercial tools to check the PII / PCI data at rest.
  • Analyze the scan data, remove false positive, suggest remedy and support remediation efforts.
  • Coordinate scan efforts by third parties, submit internal and external scan request and obtain approvals.
  • Conduct follow-up meeting with stakeholders and track remediation efforts



Bachelor's degree in Information Technology, specialized training or equivalent work experience.



  • Master's degree in Information Technology, Cyber Security, or equivalent.
  • Professional security-related certifications (e.g. Security+, Certfied Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), etc.).



  • Proven experience developing and implementing IT security policies and procedures across a large organization.
  • Proven experience monitoring, investigatings, and solving IT security related concerns in a timely manner.
  • Working knowledge within IT operations and/or Service Management functions. 
  • Must possess excellent customer service, strong communication and interpersonal skills, work well with others in an integrated team environment, and must be self-motivated.
  • Experience evaluating large systems (hardware and software) for IT security compliance.
  • Experience developing and conducting training programs.
  • Experience conducting IT security forensic investigations.
  • Experience with development and reporting towards KPI's and knowledge of industry best practice/industry benchmarks.
  • Strong analytical skills.



  • Experience in the transporation industry.
  • Experience working in a Security Operations Center (SOC) as an analyst and with Security Incident and Event Management (SIEM) systems.
  • Experience conducting vulnerability management assessments.
  • Vendor Management experience.
  • Scripting language experience.
  • Experience in cyber security specialization (compliance, information security program management, continuous monitoring, vulnerability asssessment)


Must have excellent oral and written communication skills


Requisition ID:37290
Band Zone:C4H 
Posting Location(s):District of Columbia; Maryland; Virginia
Personnel Area:DC04
Job Family/Function:Information Technology 
Relocation Offered:No 
Education Requirements:Bachelors Degree
Travel Requirements:None 
Employment Experience Requirements:5 - 7 years of experience

You power our progress through your performance.

We want your work at Amtrak to be more than a job – we want it to be a fulfilling experience where you find challenging and rewarding opportunities, respect among colleagues, competitive pay, benefits that protect you and your family, and a high performance culture that recognizes and values your contributions and helps you reach your career goals.

We proudly support and encourage U.S. Veterans to apply for Amtrak job opportunities.

All positions require pre-employment background verification, medical review and pre-employment drug screen. Amtrak is committed to a safe and drug-free workplace and performs pre-employment substance abuse testing.   All new hires are required to undergo a hair drug test which detects the presence of illegal drugs for months prior to testing.   We appreciate your cooperation in keeping Amtrak safe and drug-free.  

In accordance with DOT regulations (49 CFR section 40.25), Amtrak is required to obtain prior drug and alcohol testing records for applicants/employees intending to perform safety- sensitive duties for covered Department of Transportation positions.   If an applicant/employee refuses to provide written consent for Amtrak to obtain these records, he/she will not permitted to perform safety-sensitive functions.

Note that any education requirement listed above may be deemed satisfied if you have an equivalent combination of education, training and experience.

Amtrak is an Affirmative Action/Equal Opportunity Employer and we welcome all to apply. We consider candidates regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, disability (including blindness), or veteran status.

Apply now »
Apply now

Apply for Job