Job Summary:
Information Protection: includes the development, implementation, communication, monitoring and maintenance of information security policies and procedures which promote a secure and uninterrupted operation of all data processing systems.
Essential Functions:
- Assigns and monitors alerts, events and incidents identified through security event management tool
- Leverage standard supporting tools and use advanced tools to perform initial triage of incidents identified through security event management tool.
- Collaborate with ARS personnel during triage of incidents.
- Open, track, and close Remedy trouble tickets resulting from triage and investigation
- Place outgoing phone calls and email and act according to security incident management procedures and processes
- Produce daily reports
- Participate in the improvement and development of process/procedure manuals and documentation
- On-call responsibilities with respect to security incident management support
- Differentiates false positives from true intrusion attempts.
- Actively investigates the latest in security vulnerabilities, advisories, incidents, and penetration techniques and notifies clients when appropriate
- Advanced understanding of vulnerability scans
- Performs tasks as identified in a daily task list.
- Identifies emerging trends for metrics and reporting development in support of SOC communications to stakeholders
- Intermediate experience with investigation solutions use and operation
- Advanced knowledge of typical attack vectors and information systems penetration techniques
- Provide feedback for the development of future goals and objectives for the department and services
- Attend regular meetings regarding the department
- Participate in department issues that may require resolution coordination across multiple stakeholders
- Participate in the execution of the department incident response plan
- Support the department is aligned with the business strategy
- Create advanced reports and visualizations of security attacks on an ad-hoc basis using defined tools
- Work closely with the Incident Response coordinator(s), Information Security Management, the Investigations/Forensics team, as well as many other IT and application teams to form a cohesive monitoring and response function
- Contribute to thought leadership in the design and development of innovative new solutions and internal procedures to help improve and grow the SOC function
- Leads small or moderately complex investigations or multiple investigations of smaller complexity
- Assist with the design technologies and services for department. Total managed Department budget may be up to $20M
- Department Complexity can be multiple services and up to 200 correlated threat vectors
- May work in department team of remote, national, regional and external resources
- Assists with the development of the department plan
- Monitors the work of the department teams
- Implements department processes for balancing schedule, scope and budget within the department and collects information for BMO as needed
- Accurately reports time
- Tracks information to assist with engaging business partners in preparation of department/project financial materials for presentation to funding governance groups at specified service transition points
- Implements and tracks department quality assurance plan
- Tracks information to assist with the determination of department resource requirements
- Assists with tracking the assignment of work, setting of priorities, guidance provided in the completion of tasks and the review of department deliverables
- Collects information for communications with enterprise-wide projects to plan and manage project/department interdependencies
- Assists in the development of department issue escalation and the resolution process
- Assists in the development for department protocols for applying the risk management process
- Tracks information for negotiation of vendor contracts with IT Procurement
- Participates in the departments service delivery life cycle
- Assist with the design and implementation process to ensure department alignment with business strategy and architecture
- May collaborate in a department of 6-28 staff
- Effectively collaborate with cross-functional team members
- Responsible for the coaching, mentoring and support of the SOC Analysts and Interns
- Assists in large investigations teams of up to 100 combined resources
- Assists with sustaining strong ongoing relationships with client and middle management
- Assists with lead of administration of schedules and performance requirements
Qualifications:
Basic Qualifications:
- Bachelor's degree in a related field and/or 4 years of equivalent work experience.
- A minimum of 5 years Information Technology (IT) experience including development, implementation, communication, monitoring and maintenance of information security policies and procedures.
- Intermediate SME with firewalls, intrusion detection systems
- Intermediate SME with network/systems management and helpdesk software, specifically Remedy ARS/Helpdesk
- Intermediate SME understanding of routers, switches, and networking technology
- Intermediate SME with systems administration in both UNIX and Windows platforms
- Familiarity with ITIL incident and problem management
- Knowledge of security regulations in compliance legislation and other directives - PCI, Sarbanes Oxley and HIPAA
- Intermediate SME of Cisco PIX, Cisco IDS/Netranger, McAfee EPO, and Cisco ACS
- Knowledge of vulnerability management technologies i.e. Foundstone, Qualys
- Intermediate knowledge of programming or scripting languages such as C, Java, Perl
- Intermediate SME with basic networking and security tools i.e. ping, traceroute, nmap
- Demonstrated capability of complex decision-making
- Experience in a fast paced, high expectations, Network or Security Operation, Response, or Investigations environment
- Demonstrated work on unique issues where analysis of situations or data requires an evaluation of intangibles
- Demonstrated use of skills to contribute to the development of company objectives and principles and to achieve goals in creative and effective ways
- Intermediate expertise or unique information security and threat mitigation skills
- Having broad expertise or unique information security and threat knowledge, uses skills to follow designed threat protection priorities which meet company objectives and principles as well as achieve goals in creative and effective ways
- Leverages experience and knowledge by acting as mentor on relevant training or by providing in department learning to team members
- Requires full knowledge of own area of functional responsibility and working knowledge of SIEM functions
- Demonstrates intermediate understanding and knowledge of Information Security protections methods and incident management
- Can work independently to perform analyses, triage, and investigations
- Ability to determine key issues and follow appropriate action plans
- Excellent customer service skills
- Excellent verbal and written communication skills
- Technical (IT) background
- Ability to lead with influence
- Intermediate strategic/critical thinking skills within a information security environment
- Intermediate in malicious threat analysis and pen testing
- Intermediate security threat analysis experience
- Healthcare experience
Preferred Qualifications
- Bachelor's dregree in Information Security
- Intermediate experience in vulnerability analysis, software reverse engineering, exploit development, penetration testing
- Current or previous U.S. Security Clearance
- Strong information technology experience
- 5 years experience in information security threat mitigation
- CISSP or relevant GIAC certification
- Healthcare industry knowledge
- Experience in conducting security and Risk Assessments
External hires must pass a background check/drug screen.
We are proud to be an equal opportunity/affirmative action employer.