Pennsylvania Medicine
Lead Cybersecurity Incident Response Analyst
Pennsylvania Medicine, Phila, Pennsylvania, United States, 19117
Penn Medicine is dedicated to our tripartite mission of providing the highest level of care to patients, conducting innovative research, and educating future leaders in the field of medicine. Working for this leading academic medical center means collaboration with top clinical, technical and business professionals across all disciplines.
Today at Penn Medicine, someone will make a breakthrough. Someone will heal a heart, deliver hopeful news, and give comfort and reassurance. Our employees shape our future each day. Are you living your life's work?
The role involves on-site presence for the first 6 months with the possibility of remote work after the introductory period is complete.
Summary:
The Lead Cybersecurity IR Analyst is responsible for ensuring that key cybersecurity operations response activities are completed, while providing technical direction and mentoring to one or more analysts. The Lead is responsible for coordinating multiple 24x7 cybersecurity incident follow-up activities, technical research and analysis of threat and vulnerabilities affecting information systems, and participating in other cybersecurity program activities, including risk assessment, risk management, risk remediation, and others.The role will liaise with other members of the Information Services team, coordinate the response to cybersecurity incidents, and maintain written documentation as needed.Responsibilities:
Provide technical leadership and coaching to multiple junior and senior SOC analysts, ensuring the highest quality in the delivery of response servicesAssist management in process, service and SLA development, metrics creation and management and maturity enhancementsReceiving escalations from the SOC team and conducting investigations as requestedConduct interviews as neededInvestigation of suspicious network and endpoint activityProvide feedback on IR playbooks, runbooks, and plans as neededPartners with information security engineers to implement and maintain security technologiesCollaborates with information assurance advisors to address network and endpoint security risksParticipates in vulnerability management, including scanning and remediationManage the forensic chain of evidence as neededMaintain written documentation on investigationsPerforms duties in accordance with Penn Medicine and entity values, polices, and proceduresOther duties as assigned to support the unit, department, entity, and health system organizationPerforms duties in accordance with Penn Medicine and entity values, policies, and proceduresOther duties as assigned to support the unit, department, entity, and health system organizationCredentials:
Information security certifications, such as Security+, Network+, CCNA Security, GSEC, GCIA, GCFA, GPEN, CEH. (Preferred)Education or Equivalent Experience:
Bachelor's degree. (Required)7+ years of experience in information technologies, especially information security, such as security operations and incident response, regulatory compliance or audit, vulnerability management, security engineering or similar experience. (Required)3+ years of experience with incident response technology, process, and programs. (Required)0-1 years of familiarity with security standards and frameworks such as: HIPAA, PCI DSS, HITRUST, NIST, ISO, etc. (Required)0-1 years of experience with Incident Response lifecycle and supporting technologies, including hands-on experience with modern SIEM/SOAR platforms, EDR tools, NDR and/or NBAD tools, or the like. (Required)Skills/Abilities:
Demonstrated leadership, interpersonal and verbal communication skillsDemonstrated written communication skillsExpert knowledge of cybersecurity monitoring and incident response techniques, as applied to cloud, data, applications, platforms, operating systems and network cybersecurityExpert knowledge of cyber defense tools, including SIEM, SOAR, EDR, UEBA, NDR, SWG, SEG, Firewalls, and otherA strong working understanding of cybersecurity architectural principlesAbility to troubleshoot, research and solve technically challenging cyber eventsOrganized, process-oriented and able to manage multiple concurrent work streamsAbility to work within tight timeframes and a fast paced environment with changing prioritiesKnowledge of laws, regulations, and standards relevant to the healthcare industry.
We believe that the best care for our patients starts with the best care for our employees. Our employee benefits programs help our employees get healthy and stay healthy. We offer a comprehensive compensation and benefits program that includes one of the finest prepaid tuition assistance programs in the region. Penn Medicine employees are actively engaged and committed to our mission. Together we will continue to make medical advances that help people live longer, healthier lives.
Live Your Life's Work
We are an Equal Opportunity and Affirmative Action employer. Candidates are considered for employment without regard to race, ethnicity, color, sex, sexual orientation, gender identity, religion, national origin, ancestry, age, disability, marital status, familial status, genetic information, domestic or sexual violence victim status, citizenship status, military status, status as a protected veteran or any other status protected by applicable law.
Today at Penn Medicine, someone will make a breakthrough. Someone will heal a heart, deliver hopeful news, and give comfort and reassurance. Our employees shape our future each day. Are you living your life's work?
The role involves on-site presence for the first 6 months with the possibility of remote work after the introductory period is complete.
Summary:
The Lead Cybersecurity IR Analyst is responsible for ensuring that key cybersecurity operations response activities are completed, while providing technical direction and mentoring to one or more analysts. The Lead is responsible for coordinating multiple 24x7 cybersecurity incident follow-up activities, technical research and analysis of threat and vulnerabilities affecting information systems, and participating in other cybersecurity program activities, including risk assessment, risk management, risk remediation, and others.The role will liaise with other members of the Information Services team, coordinate the response to cybersecurity incidents, and maintain written documentation as needed.Responsibilities:
Provide technical leadership and coaching to multiple junior and senior SOC analysts, ensuring the highest quality in the delivery of response servicesAssist management in process, service and SLA development, metrics creation and management and maturity enhancementsReceiving escalations from the SOC team and conducting investigations as requestedConduct interviews as neededInvestigation of suspicious network and endpoint activityProvide feedback on IR playbooks, runbooks, and plans as neededPartners with information security engineers to implement and maintain security technologiesCollaborates with information assurance advisors to address network and endpoint security risksParticipates in vulnerability management, including scanning and remediationManage the forensic chain of evidence as neededMaintain written documentation on investigationsPerforms duties in accordance with Penn Medicine and entity values, polices, and proceduresOther duties as assigned to support the unit, department, entity, and health system organizationPerforms duties in accordance with Penn Medicine and entity values, policies, and proceduresOther duties as assigned to support the unit, department, entity, and health system organizationCredentials:
Information security certifications, such as Security+, Network+, CCNA Security, GSEC, GCIA, GCFA, GPEN, CEH. (Preferred)Education or Equivalent Experience:
Bachelor's degree. (Required)7+ years of experience in information technologies, especially information security, such as security operations and incident response, regulatory compliance or audit, vulnerability management, security engineering or similar experience. (Required)3+ years of experience with incident response technology, process, and programs. (Required)0-1 years of familiarity with security standards and frameworks such as: HIPAA, PCI DSS, HITRUST, NIST, ISO, etc. (Required)0-1 years of experience with Incident Response lifecycle and supporting technologies, including hands-on experience with modern SIEM/SOAR platforms, EDR tools, NDR and/or NBAD tools, or the like. (Required)Skills/Abilities:
Demonstrated leadership, interpersonal and verbal communication skillsDemonstrated written communication skillsExpert knowledge of cybersecurity monitoring and incident response techniques, as applied to cloud, data, applications, platforms, operating systems and network cybersecurityExpert knowledge of cyber defense tools, including SIEM, SOAR, EDR, UEBA, NDR, SWG, SEG, Firewalls, and otherA strong working understanding of cybersecurity architectural principlesAbility to troubleshoot, research and solve technically challenging cyber eventsOrganized, process-oriented and able to manage multiple concurrent work streamsAbility to work within tight timeframes and a fast paced environment with changing prioritiesKnowledge of laws, regulations, and standards relevant to the healthcare industry.
We believe that the best care for our patients starts with the best care for our employees. Our employee benefits programs help our employees get healthy and stay healthy. We offer a comprehensive compensation and benefits program that includes one of the finest prepaid tuition assistance programs in the region. Penn Medicine employees are actively engaged and committed to our mission. Together we will continue to make medical advances that help people live longer, healthier lives.
Live Your Life's Work
We are an Equal Opportunity and Affirmative Action employer. Candidates are considered for employment without regard to race, ethnicity, color, sex, sexual orientation, gender identity, religion, national origin, ancestry, age, disability, marital status, familial status, genetic information, domestic or sexual violence victim status, citizenship status, military status, status as a protected veteran or any other status protected by applicable law.