Health Care Service Corporation
Cybersecurity Event/Incident Consultant
Health Care Service Corporation, Chicago, Illinois, United States, 60290
At HCSC, our employees are the cornerstone of our business and the foundation to our success. We empower employees with curated development plans that foster growth and promote rewarding, fulfilling careers.Join HCSC and be part of a purpose-driven company that will invest in your professional development.Job Summary This position is responsible for handling 24x7 Cyber Defense & Investigation (CD&I) Incident Response (IR) services of HCSC's threat landscape. This role coordinates and drives the response of cyber security incidents within the HCSC environments through leadership, investigation, analysis, containment, eradication, recovery, and mitigation. The incumbent is responsible for leveraging security data from internal sensors, systems, (IDS, routers, SIEMS, XDR, firewalls, hosts, etc.) and external sources (Industry portals, the DoD, US-CERT, partners, etc.) to track down potential threats and attack activity.
Additionally, the role conducts forensic network analysis, environment monitoring, and development of thorough incident reports to deliver threat awareness and executive briefings. Incident Response develops, maintains, and trains staff and leaders on comprehensive incident response activities and plans. IR makes recommendations to enhance the cyber defense technology stack; and develops threat rules and signatures for cyber defense technologies. Maintains the incident type and categorization framework.
NOTE: This hybrid role can be located in CHICAGO or WAUKGEN,IL or RICHARDSON TX ~ relocation will not be offered; sponsorship is not available.Required Job Qualifications:* Bachelor's degree and 6 years of experience OR 7 years of experience plus associate degree or technical certification(s) OR 8 years military experience in Cybersecurity OR 9 years technical experience.*Experience with digital forensics techniques and tools.*Proficient in researching and tracking Advanced Persistent Threat (APT) campaigns.*Expertise in malware analysis or malware reverse engineering.* Understanding of business operations including portfolios, product, technologies, and services.* Extensive expertise and experience with (SIEM) and SOAR technologies.*Ability to verbally communicate complex technical concepts to both technical and non-technical audiences and collaborate effectively with IT teams and stakeholders.* Understanding of the current and emerging threat vectors and adversary Tactics, Techniques, and Procedures (TTPs).* Drive maturity in process improvement and process documentation leveraging best practices.* Strong knowledge of attack classes (i.e., passive, active, insider, close-in, distribution attacks).* Strong knowledge of attack concepts (i.e., PTH, phishing, drive by, watering hole, malvertising, vishing, smishing, kerberoasting).* In-depth understanding of cloud service models.* Expert in common security tooling.* Understanding of cyber attackers (i.e., script kiddies, insider threat, non-nation state-sponsored, and nation sponsored).* Understanding of Cyber Kill Chain, attack lifecycle, attack vectors, and methods of exploitation.* Proficient in cybersecurity nomenclature.* Advanced in Intrusion Detection System (IDS) tools.* Expert in malware identification, analysis concepts and methodologies, capturing, containing, and reporting.* Well-versed in network security architecture concepts including topology protocols, components, principles, and technologies.* Deep understanding of OSI model and underlying network protocols.* Skilled in system administration, network, and operating system hardening techniques.* Skilled in system and application security threats and vulnerabilities (i.e., buffer overflow, mobile code, cross site scripting, procedural language/structured query language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).* Strong knowledge of what constitutes a network attack and a network attack's relationship to both threats and vulnerabilities.* Understanding of Active Directory components.* Recognizing and categorizing types of vulnerabilities and associated attacks.* Experience reading PCAPs, programming, scripting, and log analysis.*Capable of mentoring junior levels on offensive and defensive techniques.*Manage security projects and resources.*Identify security gaps and recommend solutions to correct.*Able to teach cyber defense orchestration and response leadership techniques.*Able to lead, direct, and teach Incident Response.*Understand requirements for forensic activity across multiplatform variations, such as VDI, AVD, physical, persistent, and non-persistent connections.*Identifies and helps solution visibility gaps.*Identifies and helps solution training gaps.*Provides oversight and direction on critical cases worked by junior members.* Ability to handle high pressure situations.*Ability to work under stress in emergencies.*Problem solving / analytical skills.* Attention to detail.*Continuous learning mindset.* Curious in nature.* Customer focus and the ability to manage customer expectations.*Demonstration of sound judgement.*Oral and written communications.*Organized and detail oriented.*Experience with enterprise incident handling.Preferred Job Qualifications:* Bachelor's OR Master's Degree in Computer Science, Information Systems, or other related field. Or equivalent work experience.* Relevant experience in the field of Cyber Defense.* Abides by ISC2 Code of Ethics.* Can-do mindset and attitude.* Continuous learning and development mindset.* Security Certifications Preferred (Including but not limited to the following certifications):Cybersecurity Nexus (CSX) PractitionerCertified Incident Handler (GCIH)GIAC Experienced Incident Handler (GX-IH)Certified Intrusion Analyst (GIAC)Offensive Security Certified Professional (OSCP)GIAC Defending Advanced Threats (GDAT)Certified Expert penetration tester (CEPT)GIAC Cloud Penetration Tester (GCPN)Certified Information Systems Security Professional (CISSP)Networking Certifications (CCNA, etc.)Platform Certifications (Microsoft, Linux, Solaris, etc.).CompTIA Security+CompTIA Cybersecurity Analyst+ (CySA+)Certified Ethical Hacker (CEH)Licensed Penetration Tester (LPT)Computer Hacking Forensic Investigator (CHFI)Cisco Certified CyberOps Associate#LI-ES1#LI-HybridINCRAre you being referred to one of our roles? If so, ask your connection at HCSC about our Employee Referral process!HCSC Employment Statement:
We are an Equal Opportunity Employment / Affirmative Action employer dedicated to providing an inclusive workplace where the unique differences of our employees are welcomed, respected, and valued. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other legally protected characteristics.Base Pay Range$97,600.00 - $176,300.00
Additionally, the role conducts forensic network analysis, environment monitoring, and development of thorough incident reports to deliver threat awareness and executive briefings. Incident Response develops, maintains, and trains staff and leaders on comprehensive incident response activities and plans. IR makes recommendations to enhance the cyber defense technology stack; and develops threat rules and signatures for cyber defense technologies. Maintains the incident type and categorization framework.
NOTE: This hybrid role can be located in CHICAGO or WAUKGEN,IL or RICHARDSON TX ~ relocation will not be offered; sponsorship is not available.Required Job Qualifications:* Bachelor's degree and 6 years of experience OR 7 years of experience plus associate degree or technical certification(s) OR 8 years military experience in Cybersecurity OR 9 years technical experience.*Experience with digital forensics techniques and tools.*Proficient in researching and tracking Advanced Persistent Threat (APT) campaigns.*Expertise in malware analysis or malware reverse engineering.* Understanding of business operations including portfolios, product, technologies, and services.* Extensive expertise and experience with (SIEM) and SOAR technologies.*Ability to verbally communicate complex technical concepts to both technical and non-technical audiences and collaborate effectively with IT teams and stakeholders.* Understanding of the current and emerging threat vectors and adversary Tactics, Techniques, and Procedures (TTPs).* Drive maturity in process improvement and process documentation leveraging best practices.* Strong knowledge of attack classes (i.e., passive, active, insider, close-in, distribution attacks).* Strong knowledge of attack concepts (i.e., PTH, phishing, drive by, watering hole, malvertising, vishing, smishing, kerberoasting).* In-depth understanding of cloud service models.* Expert in common security tooling.* Understanding of cyber attackers (i.e., script kiddies, insider threat, non-nation state-sponsored, and nation sponsored).* Understanding of Cyber Kill Chain, attack lifecycle, attack vectors, and methods of exploitation.* Proficient in cybersecurity nomenclature.* Advanced in Intrusion Detection System (IDS) tools.* Expert in malware identification, analysis concepts and methodologies, capturing, containing, and reporting.* Well-versed in network security architecture concepts including topology protocols, components, principles, and technologies.* Deep understanding of OSI model and underlying network protocols.* Skilled in system administration, network, and operating system hardening techniques.* Skilled in system and application security threats and vulnerabilities (i.e., buffer overflow, mobile code, cross site scripting, procedural language/structured query language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).* Strong knowledge of what constitutes a network attack and a network attack's relationship to both threats and vulnerabilities.* Understanding of Active Directory components.* Recognizing and categorizing types of vulnerabilities and associated attacks.* Experience reading PCAPs, programming, scripting, and log analysis.*Capable of mentoring junior levels on offensive and defensive techniques.*Manage security projects and resources.*Identify security gaps and recommend solutions to correct.*Able to teach cyber defense orchestration and response leadership techniques.*Able to lead, direct, and teach Incident Response.*Understand requirements for forensic activity across multiplatform variations, such as VDI, AVD, physical, persistent, and non-persistent connections.*Identifies and helps solution visibility gaps.*Identifies and helps solution training gaps.*Provides oversight and direction on critical cases worked by junior members.* Ability to handle high pressure situations.*Ability to work under stress in emergencies.*Problem solving / analytical skills.* Attention to detail.*Continuous learning mindset.* Curious in nature.* Customer focus and the ability to manage customer expectations.*Demonstration of sound judgement.*Oral and written communications.*Organized and detail oriented.*Experience with enterprise incident handling.Preferred Job Qualifications:* Bachelor's OR Master's Degree in Computer Science, Information Systems, or other related field. Or equivalent work experience.* Relevant experience in the field of Cyber Defense.* Abides by ISC2 Code of Ethics.* Can-do mindset and attitude.* Continuous learning and development mindset.* Security Certifications Preferred (Including but not limited to the following certifications):Cybersecurity Nexus (CSX) PractitionerCertified Incident Handler (GCIH)GIAC Experienced Incident Handler (GX-IH)Certified Intrusion Analyst (GIAC)Offensive Security Certified Professional (OSCP)GIAC Defending Advanced Threats (GDAT)Certified Expert penetration tester (CEPT)GIAC Cloud Penetration Tester (GCPN)Certified Information Systems Security Professional (CISSP)Networking Certifications (CCNA, etc.)Platform Certifications (Microsoft, Linux, Solaris, etc.).CompTIA Security+CompTIA Cybersecurity Analyst+ (CySA+)Certified Ethical Hacker (CEH)Licensed Penetration Tester (LPT)Computer Hacking Forensic Investigator (CHFI)Cisco Certified CyberOps Associate#LI-ES1#LI-HybridINCRAre you being referred to one of our roles? If so, ask your connection at HCSC about our Employee Referral process!HCSC Employment Statement:
We are an Equal Opportunity Employment / Affirmative Action employer dedicated to providing an inclusive workplace where the unique differences of our employees are welcomed, respected, and valued. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other legally protected characteristics.Base Pay Range$97,600.00 - $176,300.00