Incident Response (IR) Tier III Lead - Asst Dir Level, SME
: Job Details :

Asst Dir., Incident Response Tier III

Job Description

The Assistant Director, EITS Security Incident Response (IR) Tier III will lead incident handling and perform in-depth forensic investigations, investigate alerts escalated by lower tiers, perform malware analysis, help review and enhance the current IR program, develop and lead threat hunting program, as well as help building a Security Operations Center. This individual will act as a subject matter expert (SME) on digital forensics and incident response (DFIR) and serve as escalation point for lower tiers.

The Assistant Director, EITS Security Incident Response (Tier III) is part of the Enterprise Information Technology Services, Information Security and Risk Management team and will work at an enterprise level to ensure a consistent delivery of information security and risk management services with focus

Minimum Qualifications

A Master s degree from an accredited college or university in Healthcare, Hospital, Public or Business Administration, Industrial/Organizational Psychology, Organizational Behavior or a related discipline and three (3) years of full-time experience planning, developing and monitoring programs, systems and/or procedures in support of administrative management initiatives, one (1) year of which must have been in a responsible managerial or supervisory capacity;

OR - A Baccalaureate degree from an accredited college or university and four (4) years of full-time experience, as outlined in 1 above, two (2) years of which must have been in a responsible managerial or supervisory capacity;

OR - A satisfactory equivalent combination of education, training and/or experience. ~7+ yrs.

Department Preferences:

CISSP, GSEC, CEH, GCFA or other relevant security qualification

• Threat Intelligence and analysis and Malware Analysis packet and log analysis of Windows and Linux forensic artifacts
• Knowledge of Security Incident & Event Management (SIEM) technologies; ArcSight preferred

understanding of Tier 1/2 responsibilities/duties and how these feed into Tier 3.

• Take lead on incident research and mentor junior analysts
• Vulnerability and patch management
• Knowledge of vulnerability scoring systems (CVSS/CMSS), and security frameworks like OWASP (Open Web Application Security Project), MITRE ATT&CK
• Understanding of Windows and Linux patching
• Writing and communication skills of network, and operating system security of encryption algorithms, known vulnerabilities from alerts, advisories, errata and bulletins
• Use of open source tools such as Nmap, Shodan, and Metasploit to identify and confirm vulnerabilities and attack surface
• Able to create or modify scripts using frameworks such as PowerShell or Python
• Possess a high degree of integrity and trust along with the ability to work independently as well as work as part of a fast-moving team
• Knowledge of infrastructure, application and security protocols in addition to configuration management techniques of network security architecture concepts, including topology, protocols, components, traffic flows across the network (e.g. TCP/IP, OSI, etc.) working with operating systems (Microsoft Windows, Linux, UNIX, etc)