Lead Cybersecurity Engineer- Threat Detection

Special Skillset (optional)

• Conduct real-time analysis using the SIEM, Cloud, Endpoint and Network based technologies, and other security analytics tools with a focus on identifying security events and false positives.
• Correlate intelligence, to develop deeper understandings of tracked threat activity.
• Apply basic threat hunting techniques to pivot for given information to known attack patterns, malicious code families, tracked threat groups and other historical information.
• Pivot through open-source and internal frameworks for related data associated with potentially malicious Indicators of Compromise (IoCs) and Indicators of Attack (IoAs).
• Triage potentially malicious binaries and/or other types of malware, including familiarity with basic to intermediate static/dynamic analysis techniques.
• Prepare and report risk analysis and threat findings to appropriate stakeholders.
• Create, recommend, and assist with development of new security content as the result of hunt missions to include signatures, alerts, workflows, and automation.
• Coordinate with different teams to improve threat detection, response, and improve overall security posture of the Enterprise.
• Script basic tasks with high-level scripting languages, such as Python or PowerShell.
• Threat Detection & Response Playbook Development, Standard Operating Procedures, Amtrak ITSM Cyber Incident Management and Handling Playbook Development, Non-Cyber & Physical Incident Playbook Development