Cyber Security Engineer - Incident Response Team (Remote)

Community Health Systems is one of the nation’s leading healthcare providers. Developing and operating healthcare delivery systems in 39 distinct markets across 15 states, CHS is committed to helping people get well and live healthier. CHS operates 70 acute-care hospitals and more than 1,000 other sites of care, including physician practices, urgent care centers, freestanding emergency departments, occupational medicine clinics, imaging centers, cancer centers and ambulatory surgery centers.

Summary:

As a Security Engineer, you are expected to have practical knowledge in the responsibilities listed below, gained through both education and work experience. You can be trusted to work independently with general supervision, and can tackle difficult problems. You can be trusted to work independently with limited supervision, and can help define best practices and strategy for your areas of responsibility.

Technical competence in areas listed below is expected. Must have good critical thinking skills, strong analytical and problem resolution skills, and organizational skills. Willingness to participate in cross-functional training and support. Ability to work independently.

Essential Duties and Responsibilities:

• Investigate malicious activity and perform incident investigations to determine the root cause of the incident while preserving evidence for potential legal action
• Participate in containment, eradication and remediation efforts with the incident response team by detecting, analyzing and performing remediation on attacks that deny the use of authorized applications, network systems or other resources while working in partnership with the constituents that consist of enterprise legal staff, litigation or Ethics and Compliance
• Conduct research to create Threat Hunting and Detection Engineering opportunities for team members
• Maintain in-depth knowledge of the MITRE ATT&CK, MITRE D3FEND, and Cyber Kill Chain frameworks.
• Participation in the team on-call rotation and respond to after hour escalations when needed.
• Demonstrate intuitive problem solving skills and communicate incidents to the appropriate stakeholders for remediation
• Develop and accumulate lessons learned documentation from incidents to identify controls to prevent identified malicious activity from reoccurring
• Partner with technical personnel and additional teams as required in order to contain, eradicate and remediate incidents to drive incidents to closure as part of the incident response life cycle
• Appropriately inform and advise team members and leadership on incidents and incident prevention
• Participate in knowledge sharing with other analysts and develop sound processes and solutions efficiently

 
Qualifications:

• Required Education: High School diploma
• Preferred Education: Bachelor’s degree preferred or relevant experience. Appropriate industry certification(s) desired.
• Required Experience:
  • 2+ years of IT or Information Security experience
  • Knowledge of typical IT platforms, operating systems, and configuration methods
  • Knowledge of Security threat tactics and prevention and detection techniques
  • Knowledge of system administration concepts
• Preferred Experience:
  • Industry recognized cyber security training or certifications to include SANS, ISC2, EC-Council or CompTIA vendors.
  • Experience working with or on a CSIRT or Security Incident Response team
  • Security background, with understanding of SANS Preparation Identification Containment Eradication Recovery Lesson Learned (PICERL) or similar Incident Response methodologies
• Required License/Registration/Certification: None
• Computer Skills Required: Productivity suite software required

Physical Demands:
In order to successfully perform this job, with or without a reasonable accommodation, the following are outlined below:

• The Employee is required to read, review, prepare and analyze written data and figures, using a PC or similar, and should possess visual acuity.
• The Employee may be required to occasionally climb, push, stand, walk, reach, grasp, kneel, stoop, and/or perform repetitive motions.
• The Employee is not substantially exposed to adverse environmental conditions and; therefore, job functions are typically performed under conditions such as those found within general office or administrative work.