Penn Medicine
Lead Cybersecurity Incident Response Analyst
Penn Medicine, Phila, Pennsylvania, United States, 19117
Description
Penn Medicine is dedicated to our tripartite mission of providing the highest level of care to patients, conducting innovative research, and educating future leaders in the field of medicine. Working for this leading academic medical center means collaboration with top clinical, technical and business professionals across all disciplines.
Today at Penn Medicine, someone will make a breakthrough. Someone will heal a heart, deliver hopeful news, and give comfort and reassurance. Our employees shape our future each day. Are you living your life's work?
The role involves on-site presence for the first 6 months with the possibility of remote work after the introductory period is complete
.
Summary:
The Lead Cybersecurity IR Analyst is responsible for ensuring that key cybersecurity operations response activities are completed, while providing technical direction and mentoring to one or more analysts. The Lead is responsible for coordinating multiple 24x7 cybersecurity incident follow-up activities, technical research and analysis of threat and vulnerabilities affecting information systems, and participating in other cybersecurity program activities, including risk assessment, risk management, risk remediation, and others. The role will liaise with other members of the Information Services team, coordinate the response to cybersecurity incidents, and maintain written documentation as needed.
Responsibilities:
Provide technical leadership and coaching to multiple junior and senior SOC analysts, ensuring the highest quality in the delivery of response services
Assist management in process, service and SLA development, metrics creation and management and maturity enhancements
Receiving escalations from the SOC team and conducting investigations as requested
Conduct interviews as needed
Investigation of suspicious network and endpoint activity
Provide feedback on IR playbooks, runbooks, and plans as needed
Partners with information security engineers to implement and maintain security technologies
Collaborates with information assurance advisors to address network and endpoint security risks
Participates in vulnerability management, including scanning and remediation
Manage the forensic chain of evidence as needed
Maintain written documentation on investigations
Performs duties in accordance with Penn Medicine and entity values, polices, and procedures
Other duties as assigned to support the unit, department, entity, and health system organization
Performs duties in accordance with Penn Medicine and entity values, policies, and procedures
Other duties as assigned to support the unit, department, entity, and health system organization
Credentials:
Information security certifications, such as Security+, Network+, CCNA Security, GSEC, GCIA, GCFA, GPEN, CEH. (Preferred)
Education or Equivalent Experience:
Bachelor's degree. (Required)
7+ years of experience in information technologies, especially information security, such as security operations and incident response, regulatory compliance or audit, vulnerability management, security engineering or similar experience. (Required)
3+ years of experience with incident response technology, process, and programs. (Required)
0-1 years of familiarity with security standards and frameworks such as: HIPAA, PCI DSS, HITRUST, NIST, ISO, etc. (Required)
0-1 years of experience with Incident Response lifecycle and supporting technologies, including hands-on experience with modern SIEM/SOAR platforms, EDR tools, NDR and/or NBAD tools, or the like. (Required)
Skills/Abilities:
Demonstrated leadership, interpersonal and verbal communication skills
Demonstrated written communication skills
Expert knowledge of cybersecurity monitoring and incident response techniques, as applied to cloud, data, applications, platforms, operating systems and network cybersecurity
Expert knowledge of cyber defense tools, including SIEM, SOAR, EDR, UEBA, NDR, SWG, SEG, Firewalls, and other
A strong working understanding of cybersecurity architectural principles
Ability to troubleshoot, research and solve technically challenging cyber events
Organized, process-oriented and able to manage multiple concurrent work streams
Ability to work within tight timeframes and a fast paced environment with changing priorities
Knowledge of laws, regulations, and standards relevant to the healthcare industry.
We believe that the best care for our patients starts with the best care for our employees. Our employee benefits programs help our employees get healthy and stay healthy. We offer a comprehensive compensation and benefits program that includes one of the finest prepaid tuition assistance programs in the region. Penn Medicine employees are actively engaged and committed to our mission. Together we will continue to make medical advances that help people live longer, healthier lives.
Live Your Life's Work
We are an Equal Opportunity and Affirmative Action employer. Candidates are considered for employment without regard to race, ethnicity, color, sex, sexual orientation, gender identity, religion, national origin, ancestry, age, disability, marital status, familial status, genetic information, domestic or sexual violence victim status, citizenship status, military status, status as a protected veteran or any other status protected by applicable law.
REQNUMBER: 232274
Penn Medicine is dedicated to our tripartite mission of providing the highest level of care to patients, conducting innovative research, and educating future leaders in the field of medicine. Working for this leading academic medical center means collaboration with top clinical, technical and business professionals across all disciplines.
Today at Penn Medicine, someone will make a breakthrough. Someone will heal a heart, deliver hopeful news, and give comfort and reassurance. Our employees shape our future each day. Are you living your life's work?
The role involves on-site presence for the first 6 months with the possibility of remote work after the introductory period is complete
.
Summary:
The Lead Cybersecurity IR Analyst is responsible for ensuring that key cybersecurity operations response activities are completed, while providing technical direction and mentoring to one or more analysts. The Lead is responsible for coordinating multiple 24x7 cybersecurity incident follow-up activities, technical research and analysis of threat and vulnerabilities affecting information systems, and participating in other cybersecurity program activities, including risk assessment, risk management, risk remediation, and others. The role will liaise with other members of the Information Services team, coordinate the response to cybersecurity incidents, and maintain written documentation as needed.
Responsibilities:
Provide technical leadership and coaching to multiple junior and senior SOC analysts, ensuring the highest quality in the delivery of response services
Assist management in process, service and SLA development, metrics creation and management and maturity enhancements
Receiving escalations from the SOC team and conducting investigations as requested
Conduct interviews as needed
Investigation of suspicious network and endpoint activity
Provide feedback on IR playbooks, runbooks, and plans as needed
Partners with information security engineers to implement and maintain security technologies
Collaborates with information assurance advisors to address network and endpoint security risks
Participates in vulnerability management, including scanning and remediation
Manage the forensic chain of evidence as needed
Maintain written documentation on investigations
Performs duties in accordance with Penn Medicine and entity values, polices, and procedures
Other duties as assigned to support the unit, department, entity, and health system organization
Performs duties in accordance with Penn Medicine and entity values, policies, and procedures
Other duties as assigned to support the unit, department, entity, and health system organization
Credentials:
Information security certifications, such as Security+, Network+, CCNA Security, GSEC, GCIA, GCFA, GPEN, CEH. (Preferred)
Education or Equivalent Experience:
Bachelor's degree. (Required)
7+ years of experience in information technologies, especially information security, such as security operations and incident response, regulatory compliance or audit, vulnerability management, security engineering or similar experience. (Required)
3+ years of experience with incident response technology, process, and programs. (Required)
0-1 years of familiarity with security standards and frameworks such as: HIPAA, PCI DSS, HITRUST, NIST, ISO, etc. (Required)
0-1 years of experience with Incident Response lifecycle and supporting technologies, including hands-on experience with modern SIEM/SOAR platforms, EDR tools, NDR and/or NBAD tools, or the like. (Required)
Skills/Abilities:
Demonstrated leadership, interpersonal and verbal communication skills
Demonstrated written communication skills
Expert knowledge of cybersecurity monitoring and incident response techniques, as applied to cloud, data, applications, platforms, operating systems and network cybersecurity
Expert knowledge of cyber defense tools, including SIEM, SOAR, EDR, UEBA, NDR, SWG, SEG, Firewalls, and other
A strong working understanding of cybersecurity architectural principles
Ability to troubleshoot, research and solve technically challenging cyber events
Organized, process-oriented and able to manage multiple concurrent work streams
Ability to work within tight timeframes and a fast paced environment with changing priorities
Knowledge of laws, regulations, and standards relevant to the healthcare industry.
We believe that the best care for our patients starts with the best care for our employees. Our employee benefits programs help our employees get healthy and stay healthy. We offer a comprehensive compensation and benefits program that includes one of the finest prepaid tuition assistance programs in the region. Penn Medicine employees are actively engaged and committed to our mission. Together we will continue to make medical advances that help people live longer, healthier lives.
Live Your Life's Work
We are an Equal Opportunity and Affirmative Action employer. Candidates are considered for employment without regard to race, ethnicity, color, sex, sexual orientation, gender identity, religion, national origin, ancestry, age, disability, marital status, familial status, genetic information, domestic or sexual violence victim status, citizenship status, military status, status as a protected veteran or any other status protected by applicable law.
REQNUMBER: 232274