Cybersecurity Engineer III

Make a difference. Be happy. Grow your career.

The Role

The SOC Level III Automation Engineer responsibilities include designing, implementing, and maintaining automated solutions to enhance the efficiency and effectiveness of our Security Operations Center (SOC) and providing strategic guidance to enhance our organization's cybersecurity posture.  The ideal candidate will also possess advanced knowledge of cybersecurity incident response automation and skills in incident detection, analysis, response, and threat hunting as well as a solid understanding of cybersecurity principles and technologies.  Provide support and guidance to IT for all customer and affiliate entities.  Document work in the form of incident reports, policies, standards, network security diagrams, playbooks, and knowledge base articles in support of Payment Card Industry Compliance Data Security Standard (PCI-DSS), Health Information Trust Alliance (HITRUST), Health Insurance Portability and Accountability Act (HIPAA), and cybersecurity defense and protection due-diligence and due care.

Nordic, Best in KLAS IT Services Firm and solely serving the healthcare industry, strives to empower healthcare providers to leverage technology and to realize digital transformation. All Nordic staff embrace Nordic’s maxims to serve our customers who care so well for us. 

Key Responsibilities

Automation Solutions Development

• Serve as Lead for security automation technical implementations in a customer environment.
• Design, develop, and deploy automated scripts, tools, correlation policies and workflows, to streamline SOC operations, including incident response, log analysis, and threat intelligence processing.
• Evaluate, customize, and optimize security tools and platforms (SOAR, SIEM, etc.) to maximize automation capabilities within the SOC environment.
• Integrate disparate security technologies and use APIs to enable seamless communication and data sharing between SOC tools.
• Analyze existing SOC processes and workflows to identify bottlenecks or inefficiencies and propose automation strategies to improve operational efficiency.
• Implement continuous monitoring and improvement mechanisms for automated processes to ensure reliability and accuracy.
• Develop key performance indicators (KPIs), understand critical success factors, and continuously
  measure performance.

Monitoring and Detection 

• Monitor security alerts and events from various sources, including but not limited to SIEM (Security Information and Event Management), antivirus software, intrusion detection systems, and log analysis tools, to identify potential security incidents.
• Conduct analysis of security events to determine their nature, scope, and potential impact on the organization's systems and data.
• Stay abreast of the latest cybersecurity threats, vulnerabilities, and trends to enhance the SOC's capabilities in threat detection and response.

Support and Collaboration

• Collaborate with cross-functional teams to identify automation opportunities and implement solutions for security tool integration and orchestration.
• Collaborate with junior and senior SOC analysts and other IT security and operational teams to support incident response efforts.
• Assist in security awareness efforts and work with non-IT staff and leaders on cybersecurity-related issues.
• Assist in the development and implementation of long-term cybersecurity strategies and roadmaps aligned with industry best practices.

Skills and Experience

• Experience in scripting and programming languages (e.g., Python, PowerShell, Bash) for automation and tool development in a cybersecurity context.
• Experience with security information and event management (SIEM) platforms, orchestration and automation tools, and APIs for security tool integration.
• Knowledge of infrastructure and cloud technologies, including networking, virtualization, and containerization, to facilitate automated solutions deployment.
• Strong understanding of cybersecurity principles, threat landscapes, and SOC operations to identify areas for automation improvement.
• Analytical thinking and problem-solving skills to identify automation opportunities, design efficient solutions, and troubleshoot technical issues.
• Excellent communication and collaboration abilities to work effectively with cross-functional teams and translate technical concepts into actionable automation solutions.
• Project management skills to oversee automation initiatives, prioritize tasks, and manage timelines effectively.
• A strong knowledge of applicable laws, statutes (HIPAA, Privacy Act, PCI/DSS, GDPR, etc.), executive guidelines/standards (DISA STIG, CIS controls, etc.), and/or administrative/criminal legal guidelines and procedures.
• Strong knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth). 
• Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications, both network and host based.
• Proficient knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption). 
• Strong knowledge of cyber threats and vulnerabilities. 
• Knowledge of adversarial tactics, techniques, and procedures.
• Preferred experience in cybersecurity incident response
• Firm understanding of threat hunting. 
• Preferred experience with integration of Microsoft SharePoint.
• Preferred experience with integration of ServiceNow.

Education and Experience

• Generally, requires a Bachelor's degree and 8 years of related experience, a Master's degree and 6 years of related experience, or 11 years of related experience and no degree.

Additional Details

• Computer Science, Cybersecurity, Information Technology, Software Engineering, Information Systems, Computer Engineering
• Licensure/Certification Preferred
• Industry Certifications:   GCSA, CACE, CISSP, CEH, SANS GCIH, CASP+, OSCP,
• Other Knowledge, Skills and Abilities Required
• Strong interpersonal, oral communication, and proven analytical and problem-solving skills.   Ability to communicate clearly and present security findings with technical staff as well as non-technical colleagues.  Excellent communication skills to effectively annotate findings in both written and oral form. Able to prioritize and execute tasks in a high-pressure environment. Strong customer service, independence and experience working in a team-oriented, collaborative environment.

Other Knowledge, Skills and Abilities Preferred

• Experience working in a large healthcare organization.
• Knowledge of regulatory compliance and risk management frameworks PCI-DSS, HIPAA, NIST SP 800-30, 53, 37, 115
• Requires on-call duty 24-hrs/day as a part of a rotation schedule for emergency response to critical technical situations requiring immediate attention. 

Nordic is an equal opportunity employer. We are committed to creating an inclusive environment for all employees and applicants. We do not discriminate on the basis of race, color, religion, sex, national origin, age, disability, genetic information, marital or veteran status, or any other protected status under applicable federal, state, or local laws. We encourage individuals of all backgrounds to apply, including women, minorities, individuals with disabilities, and veterans.