Excellent opportunity to work with one of the largest nationwide healthcare organizations.
Role: Cyber Security Engineer ll
Location: 100% Remote
Type: 6-month contract
Pay: $58-$62/hour DOE
The purpose of the Cybersecurity Engineer II position is to support the Incident Response and Threat Intelligence group program. This program is responsible for cyber security incident response and investigation including preparation, documentation, and coordination with other teammates and teams, assisting with eradication and recovery, and any necessary post-incident activities.
The expectations for this position are:
- Participate in the Cyber Security Incident Response Team (CSIRT). Help CSIRT to employ strategy, standards, processes and technology to detect, respond and recover from security incidents and to limit the impact of any such occurrence or reoccurrence by using risk-based triage.
- Work with various internal teams to identify gaps in and expand coverage of endpoint, logging and network tooling to improve monitoring and response capabilities, including collaboration with Cyber engineers on solution design recommendations.
- Technical Experience with cyber security investigative technologies such as SIEM, packet capture analysis, host forensics and memory analysis tools
- Assist in the development of incident handling processes, standard operating procedures, playbooks and runbooks with ability to analyze and implement the technical changes required within IR tools necessary to meet those processes.
- Ability to analyze data and communicate malicious behavior discoveries to non-technical consumers
- Experience in leading cyber-attack investigations and of working in a similar 24/7 environments managing cases with enterprise SIEM or Incident Management systems
- Assist in producing actionable intelligence in the form of alerts, reports, and briefings.
Essential Key Job Responsibilities
- Investigate, triage, contain, and mitigate cybersecurity alerts and incidents using various cyber security tools such as: EDR, SIEM and CASB.
- Determine nature and scale of threats and provide recommended containment actions
- Design, Build, Manage internal tools for incident detection workflow and response orchestration
- Create and tune data models and/or SIEM alerts for automated response orchestration and systemic improvement
- Create and tune Use Cases as identified per roadmap and opportunity identification
- Reviews threat intelligence reports and feeds, makes recommendations and leads implementations for profile or toolset changes based on reviews.
- Perform threat hunting exercises by developing detection rules and analyzing cybersecurity data to discover activity not seen within the environment
- Collaborate with internal stakeholders on addressing systemic security issues
- Experience with one or more scripting languages (PowerShell, Python, Bash, etc.)
- Conduct trending and correlation of cyber intelligence sources for the purposes of indicator collection, shifts in TTPs, attribution and establishing countermeasures to increase cyber resiliency
- Demonstrated understanding of threat modeling techniques, in a cyber intelligence or cyber operations environment
- Ability to maintain or develop professional contacts in the cyber security community and within multiple sectors/industries including healthcare and biomedical research.
Required Education and Experience
- Bachelor’s Degree in Computer Science, Information Security, Information Systems, or related field, or equivalent professional experience required.
- 2-3 years required, 3-4 years preferred previous experience in related job area: Incident Response, Information Security, Threat Management, Forensics/eDiscovery, Network or System Administration.
- Previous experience in IT security/system/network operations and administration or programming preferred.
Required Licensure and Certifications
Required Minimum Knowledge, Skills, Abilities and Training
- Two or more relevant technical/professional security certifications (such as: COMPTIA Network+, Security+, SANS/GIAC, EC-Council, CISSP or vendor-specific) preferred.
- Experience in Windows, UNIX/Linux OS and/or Cisco IOS, Network protocols, End Point Protection platforms, SIEM tools, SOAR platforms preferred.
- Fundamental understanding of: TCP/IP, common ports and protocols, traffic flow, system administration, OSI model, defense-in-depth, common security elements and architectures (and associated tradeoffs).
- Previous experience within Security Operations Centers or Incident Response teams preferred
- Previous Information Security experience in the healthcare/medical environment strongly preferred.
- Knowledge of healthcare environments preferred.