Share this Job

Sr Principal IT Security Analyst - 90258828 - Washington

Date: Jul 29, 2019

Location: Washington, DC, US, 20002

Apply now »
Apply now

Apply for Job

As a current employee you know Amtrak connects businesses and communities across the country and we move America’s workforce toward the future. The safety of our passengers, our more than 20,000 colleagues, the public and our operating environment is our priority and the success of our railroad is the result of you.

By living the Amtrak values and actively embracing and fostering diverse ideas, backgrounds and perspectives, together we will honor our past and make Amtrak a company of the future.



The Sr. Principal IT Technical Security Analyst develops, executes, and manages data system and network security across the enterprise. This position monitors, develops and implements security policies and procedures such as user login and authentication rules, security breach procedures, escalation procedures, security auditing procedures and the use of firewalls and encryption routines.
The Sr. Principal IT Technical Security Analyst also performs security architecture reviews, prepares and presents status reports, metrics, and analysis on security matters to develop security risk analysis scenarios and response procedures.


• Setting direction for enterprise wide security projects, strategies and policies.
• Providing subject matter expertise and wide-scale security-related problem resolution.
• Developing, executing, managing, and assessing IT security across the enterprise; including architectural reviews and managing responses to high-level security issues.
• Overseeing, developing, maintaining, and publishing, enterprise wide security standards, procedures and guidelines.
• Identifying areas where existing security architecture require change or development.
• Ensuring local security standards align with international and national standards.
• Conducting and overseeing business impact analysis to ensure resources are adequately protected with proper security measures.
• Reviewing security and trend analysis reports.
• Providing risk assessments and security briefings that advise on critical issues that may affect client or enterprise wide security.
• Reviewing documentation to security exceptions; following-up on possible security exceptions.
• Conducting and reporting on internal investigations of possible security violations.
• Consulting with clients on the data classification of their resources.
• Interfacing with business and IT leaders, communicating security issues, and responding to requests for assistance and information.
• Providing security support for enterprise wide application and infrastructure related projects.
• Identifying enterprise wide areas of risk to existing security standards and processes.
• Leading and responding to security incidents and investigations and targeting reviews of suspect areas.
• Consulting on teams to resolve issues that are uncovered by various internal and 3rd party monitoring tools.
• Leading and reviewing application security risk assessments for new or updated internal or third party applications.
• Defining metrics used for management status and statistical reports; analyzing reports and making recommendations for improvements.
• Presenting security results to upper management and business units.
• Working with third party vendors during problem resolutions.
• Interfacing with third party vendors to evaluate new security products or as part of a security assessment process.
• Selecting enterprise wide security hardware and software systems.
• Maintaining contact with vendors regarding security system updates and technical support of security products.
• Overseeing the development of security awareness and compliance training programs; providing communication and training as needed.
• Providing technical expertise on the usage and administration of security tools that control and monitor information security.
• Providing ongoing knowledge transfer to team members and clients on security products and standards.


• Demonstrated experience in combined IT and security work.
• Some experience with information security.
• Proven ability creating and implementing enterprise-wide IT security strategies.
• Proven strong relationship management skills including the ability to maintain positive, productive, and cost-effective relationships with outside vendors.
• Proven experience tracking IT security trends externally and tracking IT security developments internally.
• Proven experience managing large amounts of information, including monitoring security risks, conducting security audits, monitoring security exceptions, assessing new systems for security risks, and synthesizing information in actionable and publishable reports.
• Proven experience managing large teams and large projects, with the ability to meet deadlines and stay under budget.
• Proven experience developing and implementing training programs, preferably centered on IT security.
• Requires in-depth knowledge of security issues, techniques, and implications across all existing computer platforms.
• Proven experience with a systems analysis, application development, database design and administration, and information security.
• Proven ability to lead internal security investigations.


The successful candidate will have proven experience with: a) different Cyber Security tools (EDR, SIEM, CASB, DLP, UEBA, FW, WAF, IDS/IPS, etc.), b) expertise analyzing security alarms, events and logs, suggest remedy and support remediation efforts, c) lead and coordinate Cyber Security incident management, and remediation process, and d) review threat intelligence reports and advise various teams on appropriate remediation or mitigating controls.


• Experience in the transportation industry.
• Advanced degree in Cyber Security, Information Assurance, Computer Science, Information Systems or other related field.



Must have excellent written and oral communication skills.



Requisition ID:41101
Band Zone:D2 
Posting Location(s):District of Columbia
Job Family/Function:Information Technology 
Relocation Offered:No 
Travel Requirements:Up to 25% 
Recruiter Name:Michael Krissinger 


You power our progress through your performance.

We want your work at Amtrak to be more than a job – we want it to be a fulfilling experience where you find challenging and rewarding opportunities, respect among colleagues, competitive pay, benefits that protect you and your family, and a high performance culture that recognizes and values your contributions and helps you reach your career goals.

We proudly support and encourage U.S. Veterans to apply for Amtrak job opportunities.

All positions require pre-employment background verification, medical review and pre-employment drug screen. Amtrak is committed to a safe and drug-free workplace and performs pre-employment substance abuse testing.   All new hires are required to undergo a hair drug test which detects the presence of illegal drugs for months prior to testing.   We appreciate your cooperation in keeping Amtrak safe and drug-free.  


In accordance with DOT regulations (49 CFR section 40.25), Amtrak is required to obtain prior drug and alcohol testing records for applicants/employees intending to perform safety- sensitive duties for covered Department of Transportation positions.   If an applicant/employee refuses to provide written consent for Amtrak to obtain these records, he/she will not permitted to perform safety-sensitive functions.

Note that any education requirement listed above may be deemed satisfied if you have an equivalent combination of education, training and experience.

Amtrak is an Affirmative Action/Equal Opportunity Employer and we welcome all to apply. We consider candidates regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, disability (including blindness), or veteran status.

Apply now »
Apply now

Apply for Job