Job Board
LogoLogo
Application Tracker

Get Jobs Tailored to Your Resume

Filtr uses AI to scan 1000+ jobs and finds postings that perfectly matches your resume

Amtrak Logo

Principal Cyber Threat SOAR Developer - 90397458 - Remote

Amtrak

$124,600 - $161,352
Aug 22, 2025
Remote, US
Apply Now

Amtrak is looking to transform its Cyber Fusion Center by automating security incident response processes and building a threat-informed defense.

Requirements

  • Must possess relevant experience with scripting, object-oriented programming, coding, or infrastructure-as-code (IaC).
  • Ability to think critically and like threat actors.
  • Ability to evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) into high quality threat detectors.
  • Knowledge of MITRE ATT&CK, Mobile, and ICS Frameworks or equivalent.
  • Knowledge of MITRE ATT&CK Navigator or equivalent.
  • Knowledge of MITRE Engage and Defend Frameworks or equivalent.
  • Skill in using multiple analytic tools, databases, and techniques. (e.g., Analyst’s Notebook, divergent/convergent thinking, link charts, matrices, etc.)

Responsibilities

  • Automate Amtrak Security Incident Response processes providing the ability to analyze and resolve alerts from existing security tools SOAR solution.
  • Integrate SOAR platform with other security tools and APIs to execute automated workflows
  • Assist with process development and process improvement for Security Analyst to include creation/modification of SOPs, Playbooks, and Work instructions.
  • Author, test, and maintain automation scripts/workflows within SOAR platform.
  • Identify relevant data sources to determine threat-detection scenarios and use cases.
  • Engineer specific, yet abstract detectors finding the ideal balance between an adversary’s tactics, techniques, and procedures (TTPs).
  • Automate threat-detection scenarios and use cases to improve Cyber Incident Response workflows.

Other

  • Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
  • May require occasional travel up to 10% of the time.
  • May require occasional on-call status.
  • May require occasional after hours, weekend, or periodic shift work supporting a 24x7x365 Cyber Fusion Center.
  • Must have excellent oral and written communication skills.