As the health care industry continues to rapidly transform, our IT team conceives, develops and delivers impactful technology solutions to support access to quality, affordable health care for our members. We are driven by our collective company purpose: To do everything in our power to stand with our members in sickness and in health . Our IT team unleashes the power of this purpose through technology. We come to work every day to make a difference, and we deliver the highest quality and best solutions to our members.
The position is responsible for developing, supporting, coordinating, and orchestrating the response activities to cyber security incidents and threats identified by security teams in a collaborative manner. Additional duties of this position are:
- The development and maintenance of comprehensive incident response plans and processes that minimize the damage resulting from security incidents
- Creation and delivery of training material to staff and leaders about all facets of the security incident response process
- Maintenance the incident type and categorization framework
- Working with teams monitoring and analysis teams to coordinate activities with other stakeholders for containing, eradicating, and recovering from security incidents
- Develop threat rules and signatures for cyber defense technologies
- Spearhead the development of innovative approaches to detect, respond to, and eradicate threats; improve the overall ability of the organization to respond to and eliminate threats; and increase effectiveness of analysts
- Routinely review existing tools for new capabilities or deficiencies and maintain relationships with vendors and formalized partners to understand the latest deployment strategies and trends
- Identification of security controls or capabilities that will assist in the prevention, discovery, or resolution of future security incidents
- Set standards for the documentation of activities during an incident, creation of security incident reports, and for conducting post-incident reviews.
- Create comprehensive security write-ups which describe security issues, analysis outcomes, and remediation techniques to management
- Facilitate Root Cause Analysis (RCA) analyses between technology and business partners to deliver recommendations which drive continuous improvement of the organization's defensive capabilities.
- Develop, track, and maintain metrics reporting to enable the organization track security trends and enable leadership.
- Support response activities associated with a 24/7/365 matrixed team delivering real time security monitoring and response functions
Required Job Qualifications:
- Bachelor's degree and 3 years of experience in Information Technology, Or Technical Certification and 5 years of experience in Information Technology
- Oral and written communications.
- Problem solving / analytical skills.
- Experience with enterprise problem management or incident management procedures.
- Ability to execute technical analysis and response procedures.
- Team player with strong relationship building skills that assists with interconnecting and high collaboration across all IT departments - promptly shares relevant information with others
- Working knowledge of Windows and Unix/Linux
- Working knowledge of Firewall and Proxy technology
- Knowledge of networking fundamentals (TCP/IP, network layers, Ethernet, ARP, etc.)
- Organized and detail oriented.
- Analytical and problem-solving skills.
- Ability to work under stress in emergencies.
- Customer focus and the ability to manage customer expectations.
- Positive can-do outlook, rebounds quickly from frustrations, and maintains composure and friendly demeanor while dealing with demanding situations.
Preferred Job Qualifications:
- Bachelors or Master's Degree in Computer Science, Information Systems, cybersecurity, or other related field. Or an equivalent amount of experience in security engineering or incident handling/analysis work experience.
- CISSP, GIAC, or other related Information Security certifications
- Previous work in a security operations center or in digital security investigations
- Experience with implementing capabilities related to the Cyber Kill Chain. ATT&CK Framework, and Intelligence Driven Defenses.
- Operational experience with HIDS, NIDS, Firewalls, routers, switches, various commonly used operating systems, common attack tools, common analysis tools, and vulnerability detection/management tools.
- Experience with Signature development/management (e.g. Snort rules, Yara rules)
- Scripting skills in Powershell, Python, or other languages
- Experienced in mentoring and training junior analysts
- Working knowledge of current cyber threat landscape (e.g. threat actors, APT, cyber-crime, etc.) and the current state of defensive strategies and solutions
Location: IL - Chicago, TX - Richardson
Activation Date: Tuesday, November 27, 2018
Expiration Date: Saturday, December 29, 2018
Associated topics: attack, forensic, identity, iam, idm, malicious, security analyst, security engineer, violation, vulnerability