Incident Response Analyst

Incident Response Analyst – Transit Operations Center

Description

Apital is seeking a proactive and skilled Incident Response Analyst to join its growing cybersecurity team supporting modern train control systems, including CBTC and PTC networks. This analyst will work within the Security Operations Center (SOC) to defend real-time rail communication systems and help contain cyber events that could impact public safety or service continuity.

The Incident Response Analyst handles cyber incidents affecting transit operations, from system outages to control system intrusions, ensuring minimal disruption to service and safety.

Responsibilities

• Respond to cyber threats in real-time impacting OT or enterprise systems.
• Investigate and respond to anomalies or disruptions in CBTC and PTC communication systems, including data spoofing or jamming.
• Analyze incident data from train control centers, base stations, and onboard subsystems.
• Work with rail signal and telecom engineers to triage cyber-physical events affecting train movement or safety systems.
• Perform forensic analysis on devices like onboard data recorders and train control PLCs following a security breach.
• Investigate breaches of fare payment systems, control networks, or Wi-Fi systems.
• Coordinate with physical security and transit police during joint cyber-physical threats.
• Document incidents and create post-mortem reports with mitigation steps.

Required Skills/ Knowledge

• Familiarity with IC
  * S/SCADA for rail operations.
• Experience with log analysis, malware investigation, and forensics.
• Knowledge of MITRE ATT&CK for IC
  * S and NIST IR guidance.

Desired Skills/ Knowledge

• Bachelor’s degree or equivalent work experience.
• 3–5 years of incident response or SOC experience.
• Certifications:
  
  GIAC (GCIH, GCFA), ECIH, or CISA.

401K, 401 matching, disability insurance, employee assistance program, flexible spending account, health insurance.