Back to Job Search

Senior Cyber Security Engineer REMOTE

  • Location: Phoenix, Arizona, 85013
  • Salary: 73.0
  • Job Type:Contract

Posted 18 days ago

Excellent opportunity to work with one of the largest nationwide healthcare organizations.

Role: Cyber Security Engineer ll
Location: 100% Remote
Type: 6-month contract
Pay: $69-$73/hour DOE

Job Summary 

The purpose of the Cybersecurity Engineer III position is to support the Incident Response and Threat Intelligence group program.  This program is responsible for cyber security incident response and investigation including preparation, documentation, and coordination with other teammates and teams, assisting with eradication and recovery, and any necessary post-incident activities.   

The expectations for this position are:

  • Participate in a lead role in the Cyber Security Incident Response Team (CSIRT). Lead CSIRT to employ strategy, standards, processes and technology to detect, respond and recover from security incidents and to limit the impact of any such occurrence or reoccurrence by using risk-based triage.
  • Work with various internal teams to identify gaps in and expand coverage of endpoint, logging and network tooling to improve monitoring and response capabilities, including collaboration with Cyber engineers on solution design recommendations.
  • Technical Experience with cyber security investigative technologies such as SIEM, packet capture analysis, host forensics and memory analysis tools
  • Assist in the development of incident handling processes, standard operating procedures, playbooks and runbooks with ability to analyze and implement the technical changes required within IR tools necessary to meet those processes.
  • Ability to analyze data and communicate malicious behavior discoveries to non-technical consumers
  • Extensive experience in leading cyber-attack investigations and of working in a similar 24/7 environments managing cases with enterprise SIEM or Incident Management systems
  • Produce actionable intelligence in the form of alerts, reports, and briefings.

Essential Key Job Responsibilities

  • Become an expert in CommonSpirit Health’s technology stack to understand points of weakness and opportunities for security solutions.
  • Investigate, triage, contain, and mitigate complex  cybersecurity alerts and incidents using various cyber security tools such as: EDR, SIEM and CASB.
  • Determine nature and scale of complex threats and provide recommended containment actions
  • Design, Build, Manage internal tools for incident detection workflow and response orchestration
  • Create and tune complex data models and/or SIEM alerts for automated response orchestration and systemic improvement
  • Create and tune Use Cases as identified per roadmap and opportunity identification
  • Reviews threat intelligence reports and feeds, makes recommendations and leads implementations for profile or toolset changes based on reviews.
  • Perform threat hunting exercises by developing detection rules and analyzing cybersecurity data to discover complex activity not seen within the environment
  • Collaborate with internal stakeholders and leadership on addressing systemic security issues
  • Extensive experience with one or more scripting languages (PowerShell, Python, Bash, etc.)
  • Conduct trending and correlation of multiple cyber intelligence sources for the purposes of indicator collection, shifts in TTPs, attribution and establishing countermeasures to increase cyber resiliency
  • Demonstrated understanding of complex threat modeling techniques, in a cyber intelligence or cyber operations environment
  • Ability to maintain or develop professional contacts in the cyber security community and within multiple sectors/industries including healthcare and biomedical research.

Minimum Qualifications

Required Education and Experience
  • Bachelor’s Degree in Computer Science, Information Security, Information Systems, or related field, or equivalent professional experience required.
  • 4-5 years required, 5+ years preferred previous experience in related job area: Incident Response, Information Security,  Threat Management, Forensics/eDiscovery, Network or System Administration.
  • Previous experience in IT security/system/network operations and administration or programming preferred.
Required Licensure and Certifications
  • Two or more relevant technical/professional security certifications (such as: COMPTIA Network+, Security+, SANS/GIAC, EC-Council, CISSP or vendor-specific) preferred. 
Required Minimum Knowledge, Skills, Abilities and Training
  • Experience in Windows, UNIX/Linux OS and/or Cisco IOS, Network protocols, End Point Protection platforms, SIEM tools, SOAR platforms preferred.
  • Fundamental understanding of: TCP/IP, common ports and protocols, traffic flow, system administration, OSI model, defense-in-depth, common security elements and architectures (and associated tradeoffs).
  • Previous experience within Security Operations Centers or Incident Response teams preferred
  • Previous Information Security experience in the healthcare/medical environment strongly preferred.
  • Knowledge of healthcare environments preferred.