Security Incident Response Analyst (REMOTE)

Senior Incident Response Analyst (REMOTE/ On Call) The Organization Industry Healthcare

Compensation

Range$90,000 - $160,000 / year + 8% annual bonus On-Call Support Required Sponsorship No A diversified, national organization committed to improving health outcomes for its 28 million members through the innovative use of technology. The company offers competitive benefits, including flexible workplace options. Experience in the Healthcare industry is helpful but not required. Position Summary The Senior Incident Response Analyst is a critical role responsible for executing the enterprise-wide Incident Response Plan. This individual will resolve security incidents, recommend enhancements to bolster security posture, identify common attack patterns targeting the organization's publicly exposed environment, and contribute to the implementation of scalable, preventative security measures. The role involves high-level collaboration across business units for remediation efforts and requires developing and delivering presentations to the senior leadership team. Core Responsibilities

• Execute the enterprise-wide Incident Response Plan.
• Perform incident triage and resolution, including performing post-mortem analysis using logs, network traffic, and other recorded information to identify intrusions or unauthorized user activities.
• Review current configurations of production information systems and networks against compliance standards.
• Design and implement automated scripts, contingency plans, and other programmed responses launched upon attack detection.
• Tie third-party attack monitoring and threat reporting services into internal CIRT (Cyber Incident Response Team) communications systems.
• Notify internal and/or external teams based on agreed alert priority levels, escalation trees, and triaging of security alerts, events, and notifications.

Required Qualifications (4-6 Years of Experience) Must-Haves (Required Skills)

• 4-6 years of Incident Response experience.
• Demonstrated experience with both On-prem and Cloud incident response.
• Strong understanding of and hands-on experience with AWS and Azure environments.
• Experience with Endpoint protection and enterprise detection & response software (e.g., CrowdStrike, MS Defender, etc.).
• Knowledge of tools, techniques, and processes (TTP) used by threat actors.
• Knowledge of Indicators of Compromise (IOC).
• Knowledge of Network and infrastructure technologies including routers, switches, firewalls, etc.

Education

• Bachelor's degree in a quantitative or business field (e.g., statistics, mathematics, engineering, computer science), OR equivalent experience acquired through applicable knowledge, duties, scope, and skill.

Preferred or Nice-to-Have Skills

• Knowledge of Wiz & Wiz Defend.
• Preferred Certifications (Less Common Requirements):
• SANS GIAC Security Essentials (GSEC) or equivalent.
• SANS GIAC Certified Intrusion Analyst (GCIA) or equivalent.
• SANS GIAC Certified Incident Handler (GCIH) or equivalent.

Apply tot his job Apply To this Job