IT Security – Incident Response (IR) Tier III Lead

NEW YORK CITY HEALTH & HOSPITALS COORPORATION

Sr. Manager- IT Security Incident Response/ Incident Management

Job Description

The Senior Management Consultant, EITS Security Incident Response (IR) Tier III will lead incident handling and perform in-depth forensic investigations, investigate alerts escalated by lower tiers, perform malware analysis, help review and enhance the current IR program, develop and lead threat hunting program, as well as help building a Security Operations Center.

Job Details:

The Incumbent is part of the Enterprise Information Technology Services, Information Security and Risk Management team and will work at an enterprise level to ensure a consistent delivery of information security and risk management services with focus on digital forensics and incident response (DFIR). This individual will act as a SME in DFIR and serve as escalation point for lower tiers.

Duties & Responsibilities

  • Develop and lead a threat-hunting program
  • Lead and mature the current incident response program
  • Conduct in-depth malware analysis, host and network forensics, log analysis, and be able to triage alerts
  • Utilize Security Incident & Event Management (SIEM) technologies; ArcSight preferred, host forensics tools (e.g. Autopsy, Forensic Toolkit (FTK), F-Response), Endpoint Detection & Response tools, and network forensics (full packet capture solution) to perform threat hunting and investigative activity
  • Attend regular team meetings and facilitate meetings between stakeholders, project leaders, and the Information Technology teams to help implement (where applicable) remediation plans in response to incidents
  • Effectively investigative and identify root cause findings then communicate findings to stakeholders including technical staff, and leadership
  • Improve security monitoring, analysis and incident response process by recognizing APT activities, indicators of compromise (IOCs), ingestion of additional log sources into the SIEM
  • Identify, develop and build scripts, tools, and security content to enhance the incident investigation processes, automate where applicable
  • Assist in developing, updating Standard Operating Procedures (SOPs), playbooks, incident response plan and training documentation when needed
  • Stay current with vulnerability information across all the products in H+H environment, maintain knowledge of the threat landscape
  • Keep informed on current threats and industry regulations
  • Attend regular team, management, and project meetings and provide both verbal and written reports to the Leadership Team as required.
  • Develop a strong working relationship within the ISRM team to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements
  • Be able to justify blocking requests for IOCs or additional security controls to staff within the ISRM team and other Enterprise IT teams

Minimum Qualifications

1. A Baccalaureate Degree from an accredited college or university with a major in Computer Science, Systems Engineering, applied Mathematics, Business Administration, Economics/Statistics, Telecommunications, Data Communications, or a related field of study; and

2. Five (5) years of progressive, responsible experience in the field of data processing, computer systems and applications.

Operations Specialty requires supervisory experience (5 years).

Network Services requires a telecommunications background and experience.

3. Broad knowledge and expertise in the characteristics of computers, peripheral devices, communications systems and hardware capabilities, programming languages, E.D.P. applications, systems analysis methodology, data management and retrieval techniques; or

4. OR: A satisfactory equivalent (~9 years) combination of training, education and experience.

Job Overview

The Forensic.jobs domain is for sale!

X

Receive job alerts twice per week:

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Choose one or more global alerts or browse to the USA and UK alert pages:



USA Specific Job Alerts
UK Specific Job Alerts

Our marketing platform's terms of use