JOB SUMMARY

\n

The Sr. Incident Response Engineer will take on the lead cyber security incident responder role on the Baylor Scott & White Health cyber defense team. This role will be responsible for leading the incident response capabilities of the organization by developing and improving runbook procedures to mitigate risk and enhance incident response processes.

\n

The Pay range for this position is $56.02/hour ($116,521 annualized) for those with entry-level qualifications up to $100.75/hour ($209,560 annualized) for those highly experienced. The specific rate will depend upon the successful candidate's specific qualifications and prior experience..

\n

KEY RESPONSIBLITIES

\n\nConduct security investigations and lead security incident response in cross-functional environment and drive incident resolution\nActively call and lead security incident bridges and coordinate internal incident response efforts between operations team, and managed security services.\nDevelop Incident Response initiatives that improve our capabilities to effectively respond and remediate security incidents\nExpand SIEM program, ensuring log coverage, alert development, and process improvement.\nPartner with cyber threat intelligence, the vulnerability management team, and technology remediation groups to deliver shared outcomes that measurably improve our efficacy to detect, respond to, and remediate vulnerabilities\nSupport broader security operation initiatives both within the cyber defense team, and within engineering and operation departments across the organization\nBe a security liaison and enabler to Managed Service counter parts.\nCreate and improve security playbook for a variety of incident and compromise types for all levels of engineers and stakeholders.\n\n

KEY SUCCESS FACTORS

\n\nMore advanced leadership, problem solving, team building, and judgment-making skills.\nSkilled project manager with ability to articulate business needs.\nExcellent written, verbal, and social communication skills.\nProficient computer software and database skills.\nAbility to focus and prioritize strategic targets and work in a growing and challenging environment.\nDrives long term planning and strategic portfolio vision creation for improvements and strategies, with oversight from Director and VP as needed\nKnowledge of interdependencies of healthcare landscape and its influence on portfolio\nEstablishes external relationships with other thought leaders in healthcare IT\nMaintains a broad knowledge of state-of-the-art technology, equipment, and systems.\n\n

BENEFITS

\n

Our competitive benefits package includes the following

\n\nImmediate eligibility for health and welfare benefits\n401(k) savings plan with dollar-for-dollar match up to 5%\nTuition Reimbursement\nPTO accrual beginning Day 1\n\n

Note: Benefits may vary based upon position type and/or level

BASIC QUALIFICATIONS:

\n\nBS degree in computer science, computer engineering, software engineering, cybersecurity or related technical degree; or 5 years equivalent technology experience\n5+ years’ experience in information security in an enterprise environment \n3+ years’ experience and understanding of incident response processes in both datacenter and cloud based environments, forensic techniques, executing and administration of crisis bridges, and preparation and delivery of incident reports for executives\nKnowledge of malware trends and behaviors and the ability to work with other teams to detect and respond to these threats\nExperience with Intrusion Detection and Prevention Systems (IDS/IPS), Firewall and Network Log analysis, Security Information and Event Management (SEIM) tools, threat intelligence services, and malware analysis\nExperience analyzing network and host-based security events\nExperience with attacker tactics, techniques, and procedures\nExperience with Windows and Linux Operating Systems\nKnowledge of common software, operating systems vulnerabilities, and Unix/Linux\nUnderstanding of cybersecurity organizational practices, operations risk management processes, architectural requirements, and vulnerability risk\nExperience with controls or frameworks such as NIST 800-53, NIST CSF, CIS, MITRE ATT&CK\nKnowledge of existing, emerging, and long-range issues related to cyber operations strategy, policy, and organization\nExperience creating workflows and remediation plans for vulnerabilities identified\nIncident Response experience in a healthcare environment\nExperience using ServiceNow for SIR, CMDB, and/or ITSM functions\nContribution or development of policies and standards \nExperience participating in or leading security table top exercises\n\n

 

\n

PREFERRED CERTIFICATIONS

\n\nCertified Information Systems Security Professional (CISSP) certification\nCertified Information Security Manager (CISM) certification\nGIAC Certified Incident Handler (GCIH) certification\nFOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics\nFOR500: Windows Forensic Analysis\n\n

\n

MINIMUM QUALIFICATIONS

\n\nEDUCATION - Bachelor's or 4 years of work experience above the minimum qualification\nEXPERIENCE - 7 Years of Experience\n