Amtrak Principal IT Security Analyst - 90165471 - Washington in Washington, District Of Columbia

Your success is a train ride away.

Amtrak connects businesses and communities across the country and we move America’s workforce toward the future. We employ more than 20,000 diverse, energetic professionals in a variety of career fields throughout the United States. The safety of our passengers, our employees, the public and our operating environment is our priority and the success of our railroad is the result of our employees.

Are you ready to join our team?


The Principal IT Security Analyst monitors, develops, executes, and manages data system and network security across the enterprise. This position develops and implements security policies and procedures such as user login and authentication rules, security breach procedures, escalation procedures, security auditing procedures and the use of firewalls and encryption routines.

The Principal IT Security Analyst prepares status reports, and metrics and analysis on security matters to develop security risk analysis scenarios and response procedures.


• Delivers security solutions for complex assignments

• Leads security projects and supporting the most complicated security issues

• Monitors, develops executes, manages, and assesses IT security across the enterprise

• Monitors and oversees compliance and framework for the following initiatives:

• IT Security Management Control Framework (MCF)

• Payment Card Industry-Data Security Standard (PCI-DSS)

• NIST Framework

• Develops, enhances, and implements enterprise wide security standards, procedures, and guidelines

• Conducts business impact analysis to ensure resources are adequately protected with proper security measures

• Analyzes security analysis reports for security vulnerabilities and recommending feasible and appropriate options

• Reports on significant trends and vulnerabilities

• Performs security audits

• Monitors multiple logs across diverse platforms to uncover specific activities as they occur from platform to platform

• Creates spreadsheets and databases with information in support of security monitoring and account/data access authorizations

• Consults with clients on the data classification of their resources

• Interfaces regularly with staff from various departments, communicating security issues, and responding to requests for assistance and information

• Provides security support for application and infrastructure related projects

• Identifies and resolves root causes of security related problems

• Responds to security incidents, conducting forensic investigations and targeted reviews of suspect areas

• Works with teams to resolve issues that are uncovered by various internal and 3rd party monitoring tools

• Performs application security risk assessments for new and updated internal or third party applications

• Defines metrics to be used for management status and statistical reports

• Analyzes reports and making recommendations for improvements

• Works with third party vendors during problem resolutions

• Interfaces with third party vendors to evaluate new security products or as part of a security assessment process

• Evaluates and recommends hardware and software systems that provide security functions

• Develops security awareness and compliance training programs

• Provides communication and training as needed

• Provides technical expertise on the usage and administration of security tools that control and monitor information security

• Mentors less-experienced team members


• Demonstrated technical experience in a management or a Subject Matter Expert capacity performing IT and security work

• Some experience with information security

• Certified Information Systems Security Professional (CISSP) certification or equivalent required within 3 years.

• Proven experience with systems analysis, application development, and database design and administration

• Proven experiencing developing and implementing IT security policies and procedures across a large organization

• Proven experience monitoring, investigating, and solving IT security related concerns in a timely manner

• Strong interpersonal skills; including strong written and oral communication skills with individuals at all levels of an organization

• Proven strong attention to detail

• Proven ability managing and tracking large amounts of data, preferred with IT security data

• Proven ability working on a schedule including responding to requests and concerns in a timely and professional manner

• Experience with IT security forensic investigations

• Experience evaluating large systems (hardware and software) for IT security compliance

• Experience developing and leading training programs

• Knowledge of security issues, techniques, and implications across all existing computer platforms


Experience in the transportation industry


Continued education and/or professional certifications in the information security field: CISSP-ISSAP, SABSA certifications, OWASP, Master’s degree programs. etc.


Must have excellent oral and written communication skills



Requisition ID: 24902

Posting Location(s): District of Columbia; Maryland; Virginia

Personnel Area: DC04

Job Family/Function: Information Technology

Relocation Offered: No

Education Requirements: Bachelors Degree

Travel Requirements: Up to 25%

Employment Experience Requirements: 5 - 7 years of experience

Amtrak employees power our progress through their performance.

We want your work at Amtrak to be more than a job – we want it to be a fulfilling experience where you find challenging and rewarding opportunities, respect among colleagues, competitive pay, benefits that protect you and your family, and a high performance culture that recognizes and values your contributions and helps you reach your career goals.

We proudly support and encourage U.S. Veterans to apply for Amtrak job opportunities.

All positions require pre-employment background verification, medical review and pre-employment drug screen. Amtrak is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.

Note that any education requirement listed above may be deemed satisfied if you have an equivalent combination of education, training and experience.

POSTING NOTES: Information Technology || Information Technology