Incident Response Analyst/Mgr DOE
Cambia Health Solutions

Incident Response Analyst/Mgr DOE

Remote within OR, WA, ID or UT

Operationalizes cyber threat intelligence and manages Cybersecurity incident response events. Participates in technical security testing of Cambia security controls to identify weaknesses and assist with the prioritization of remediation efforts.

General Functions and Outcomes

• Responsible for incident confirmation, response, data collection, investigation, and analysis.
  
• Assist in identifying opportunities for maturing Cambia's information security incident response process and procedures and guiding responders on the proper handling of cybersecurity incidents.
  
• Participate in threat hunting initiatives including hunting activities and handling of the resolution of events and alerts.
  
• Conducts forensics examination of digital media, memory, malware, packet capture and logs and can develop the tools necessary to perform cutting edge analysis.
  
• Partners with information security and architecture and information security operations teams on mitigations approaches.
  
• Designs and implements processes for continuous improvement of incident response processes, policies, procedures, and playbooks
  
• Provides reports and metrics on the health and welfare of Security within Cambia to the CISO.
  
• Responsible for the planning, design, enforcement, and review of technology events to help ensure compliance with security policies, standards, and procedures under appropriate management guidance.
  
• Maintains knowledge of changing technologies, provides recommendations and feedback on adaptation of new technologies or policies.
  
• Assists in the delivery of security briefings to management advising them of critical issues and metrics that may affect customer or corporate security objectives.
  
• Communicate with various departments and business units regarding sensitive and confidential issues.
  
• Work with IT team members, Privacy Office, Human Resources and Legal office in the collective effort of protecting Cambia's information assets.
  
• May serve as primary incident response management involving a shared 24x7 on call availability.
  
• Ally with other IT functional areas to remain apprised of project and available technology status and inform customer management of progress; conversely, keep IT technology and management teams aware of user issues and potential potholes or resolve conflicts.
  
• Knowledge of the nature and sources of infrastructure, web application and database vulnerabilities, how to identify and exploit them.
  
• Identify, collect, preserve, and analyze electronic information relevant to a case, incident or event of interest.
  
• Monitor threat and vulnerability management information resources to identify new and emerging enterprise concerns.
  
• Demonstrated understanding of complex systems integration issues involving many disparate data sources, and experience in resolving them through providing clear direction on scope of solution.
  
• Provides leadership, process, and procedures for Security incident management.
  
• Leverages commercial and open-source intelligence feeds to adequately cover business risks.
  
• Leads audit response requirements for incident response.
  

Minimum Requirements

Competencies and Knowledge:

• Demonstrated experience with cyber threat intelligence at both a technical and process level, security incident response process, forensics, chain of custody, and threat hunting.
  
• Demonstrated expertise with SIEM tuning and operations.
  
• Demonstrated experience with Security Operations Center (SOC) operations and processes.
  
• Excellent written and verbal communication skills with an ability to communicate with a variety of stakeholders, including all levels of staff and leadership.
  
• Passionate and curious with wide and mixed skills in active defense and intelligence analyst tradecraft.
  
• Skilled at leveraging multiple security tools and understanding and pushing the limits of those tools.
  
• Capable of analyzing competing sources of information to prioritize the best hypothesis while searching for and tracking adversaries over the course of a campaign.
  
• Skilled at advanced threat hunting campaigns and developing processes around threat hunting including insider threat.
  
• Knowledge of exploit development, vulnerability research/reporting or writing system modules in C & C++, a major advantage and added bonus.
  

Normally to be proficient in the competencies listed above:

An Incident Response analyst would have a Bachelor's degree in Computer Science, Mathematics, Business Administration or related field and 5+ years of experience in incident response and technical security testing or equivalent combination of education and experience. 5+ years of experience creating security policies, standards, or procedures.

The base pay annual salary range for Security Incident Response Analyst is $100,500 - $164,000.

The base pay annual salary range for Security Incident Response Manager is $110,500 - $180,500.

We are an Equal Opportunity and Affirmative Action employer dedicated to workforce diversity and a drug and tobacco-free workplace. All qualified applicants will receive consideration for employment without regard to race, color, national origin, religion, age, sex, sexual orientation, gender identity, disability, protected veteran status or any other status protected by law. A background check is required.

If you need accommodation for any part of the application process because of a medical condition or disability, please email CambiaCareers@cambiahealth.com. Information about how Cambia Health Solutions collects, uses, and discloses information is available in our Privacy Policy. As a health care company, we are committed to the health of our communities and employees during the COVID-19 pandemic. Please review the policy on our Careers site.

This job has expired.