Della Infotech
Cyber Security Specialist
Della Infotech, Akron, Ohio, 44329
Under general direction of the Manager, Cybersecurity Operations, the Cybersecurity Incident Response Analyst III is responsible for performing the tasks that support incident detection, incident response, digital forensics, and threat intelligence capabilities across the organization. The Cybersecurity Incident Response Analyst performs real-time cybersecurity event analysis and incident handling activities in order to identify, contain, and mitigate cybersecurity incidents relevant to the organization. The role conducts incident preparedness activities to ensure the organization is positioned to respond to cybersecurity incidents in a manner that maximizes the survival of life, preservation of property, and information security. The Cybersecurity Incident Response Analyst is responsible for documenting cybersecurity incident activity from initial detection through recovery. The Cybersecurity Incident Response Analyst performs cybersecurity incident triage tasks, including determining scope, urgency, and potential impact; identifies specific vulnerabilities exploited; and makes recommendations that enable expeditious remediation. The role performs command and control tasks to support interdepartmental virtual incident response team activities. The Cybersecurity Incident Response Analyst performs digital forensics duties for the organization. Digital forensics duties entail investigations of computer-based incidents, establishing documentary evidence, including digital media and logs associated with cyber incidents. The Cybersecurity Incident Response Analyst also operates the organization's threat intelligence capabilities which includes monitoring and developing cyber indicators to maintain awareness of the threat status across a highly dynamic operating environment. The role collects, processes, analyzes, and disseminates cyber threat alerts & warnings. Formal Education Required: a. Bachelor's Degree or equivalent in Computer Science, Cybersecurity, IT, or Engineering or equivalent combination of education and/or experience. Experience & Training Required: a. Seven (7) years information security experience; Seven (7) years of IT related experience; Experience working in a complex healthcare environment. b. Certifications required: i. CompTIA Security (or equivalent) ii. GIAC Incident Handler (GCIH) (or equivalent) iii. CompTIA CASP (or equivalent) c. Certifications preferred: i. GIAC Certified Forensic Analyst (GCFA) (or equivalent) Other Skills, Competencies and Qualifications: a. Advanced knowledge of computer networking concepts and protocols, and network security methodologies. b. Advanced knowledge of front-end collection systems, including network traffic collection, filtering, and selection. c. Advanced knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]). d. Advanced knowledge of what constitutes a network attack and a network attack's relationship to both threats and vulnerabilities. e. Advanced knowledge of incident response and handling methodologies. f. Advanced knowledge of common adversary tactics, techniques, and procedures (TTPs) in assigned area of responsibility (e.g., historical country-specific TTPs, emerging capabilities). g. Advanced knowledge of cyber threats and vulnerabilities. h. Advanced knowledge of incident categories, incident responses, and timelines for responses. i. Advanced knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks). j. Advanced knowledge of processes for collecting, packaging, transporting, and storing electronic evidence while maintaining chain of custody. k. Advanced knowledge of which system files (e.g., log files, registry files, configuration files) contain