Sr., Cyber Sec Incident Resp- security incident response experience required

Interested in a career with both meaning and growth? Whether your abilities are in direct patient care or one of the many other areas of healthcare administration and support, everyone at Parkland works together to fulfill our mission: the health and well-being of individuals and communities entrusted to our care. By joining Parkland, you become part of a diverse healthcare legacy that’s served our community for more than 125 years. Put your skills to work with us, seek opportunities to learn and join a talented team where patient care is more than a job. It’s our passion.

Primary Purpose Assists in operational support for continuous monitoring of all designated networks, infrastructure and systems. Supports an Incident Response Framework by ensuring preparation, detection, analysis, containment, eradication, recovery and post-incident activities to prevent threats and mitigate cyber incidents.

Minimum Specifications

Education - Must have a Bachelors degree in Computer Science or related field.

Experience - Must have five years of experience in an information systems security domain with a background in intrusion detection monitoring, incident response and mitigation, threat research and cyber intelligence analysis or other cyber security domain

Equivalent Education and/or Experience - May have equivalent work experience to substitute for education requirements.

Certification/Registration/Licensure - Must have one of the following certifications within 6 months of placement in position. - Must have a current CompTIA Security+ Certification or equivalent in industry certification (CISSP, GIAC), background and knowledge. Required Tests for Placement Skills or Special Abilities - Must be able to analyze and correlate security information with other relevant data sources. - Must have the ability to perform complex research in order to determine industry standard products and solutions to facilitate creation of security mitigation controls / recommendations. - Must have experience in Agile Methodologies. - Must have experience in contributing to audit requirements. - Must have superior writing skills and the ability to communicate effectively regarding technology. - Must have excellent documentation skills. - Experience in handling security incidents, which may include endpoint forensics, network forensics, malware analysis, reviewing raw log files, data correlation, and analysis of disparate data sources (i.e. firewall, network flow, IDS, system logs). - Must understand risk assessment models, such as NIST 800-61. - Must have a general understanding of the following technologies: Microsoft Active Directory, Data Loss Prevention, Encryption Technologies, Vulnerability Management, Intrusion Detection Systems, Intrusion Prevention Systems, Virtual Private Network, Linux Operating Systems, Windows Operating Systems, Communication Protocols, Multi-factor authentication, Cloud Access Security Broker, Endpoint Detection and Response Technologies, Security Information and Event Management Tools - Must have a working knowledge of network and vulnerability assessments. - Must have experience with malware analysis, threat intelligence and vulnerability management. - Must have good working knowledge of common security concepts. - Must have a working knowledge of the HIPAA Security Rule and PCI. - Must have excellent documentation and analytical skills. - Must be able to listen and communicate effectively. - Must be willing to work in an on-call situation. Responsibilities

Responsibilities 1. Participates in preparation of incident response actions to ensure security incidents are properly identified and created in a timely manner. 2. Develops and implements processes, while also being responsible, for validating indicators of compromise by investigating ambiguous, incomplete, contradictory or erroneous indicators to confirm actual security incidents. 3. Develops and implements, while also following, containment strategies associated to incident types. 4. Establishes operational plans, while also executing eradication actions, to eliminate threat components associated to the incident. 5. Engage appropriate resources to perform restoration of systems associated with the incident. 6. Establishes processes associated with, while participating in, post-incident activity meetings to improve incident response capabilities and prevent the incident from recurring. 7. Manages security assessments (physical and logical) to measure compliance status with security rules and regulatory mandates. 8. Compiles data and presents summary reports to peers for presentation to leadership. 9. Develops and implements processes to utilizes tools for review and monitoring of audit logs, devices, applications, and forensics. 10. Document procedures necessary for the implementation of Information Security Policies and Standards.

#LI-GC1

Parkland Health and Hospital System prohibits discrimination based on age (40 or over), race, color, religion, sex (including pregnancy), sexual orientation, gender identity, gender expression, genetic information, disability, national origin, marital status, political belief, or veteran status. As part of our commitment to our patients and employees’ wellness, Parkland Health is a tobacco and smoke-free campus.