Incident Response Analyst

Title: Incident Response Analyst III Location: Work from Home Schedule: Mon - Fri, 8:00AM - 5:30PM EST Note: This is a W2 contract role - C2C and 3 rd party candidates will NOT be considered Under general direction of the Manager of Cybersecurity Operations, the Cybersecurity Incident Response Analyst III is responsible for performing tasks that support incident detection, incident response, digital forensics, and threat intelligence capabilities across the organization. The Cybersecurity Incident Response Analyst performs real-time cybersecurity event analysis and incident handling activities in order to identify, contain, and mitigate cybersecurity incidents relevant to the organization. This role is responsible for: Conducting incident preparedness activities to ensure that the organization is positioned to respond to cybersecurity incidents in a manner that maximizes the survival of life, preservation of property, and information security Documenting cybersecurity incident activity from initial detection through recovery Performing cybersecurity incident triage tasks, including determining scope, urgency, and potential impacts; identifying specific vulnerabilities exploited and making recommendations that enable expeditious remediation Performing command and control tasks to support interdepartmental virtual incident response team activities Performing digital forensic duties for the organization, including investigations of computer-based incidents and establishing documentary evidence, including digital media and logs associated with cyber incidents Operating the organization's threat intelligence capabilities, which include monitoring and developing cyber indicators to maintain awareness of the threat status across a highly dynamic operating environment Collecting, processing, analyzing, and disseminating cyber threat alerts and warnings Position Qualifications: 7+ years of Information Security experience, with experience working within a complex healthcare environment Bachelor's Degree or equivalent in Computer Science, Cybersecurity, IT, or Engineering, AND Certifications in CompTIA Security+ (or equivalent), GIAC Incident Handler (GCIH) (or equivalent), and/or CompTIA CASP (or equivalent) required; GIAC Certified Forensic Analyst (GCFA) (or equivalent) Certification preferred Advanced knowledge of computer networking concepts and protocols, and network security methodologies Advanced knowledge of front-end collection systems, including network traffic collection, filtering, and selection Advanced knowledge of how traffic flows across the network (e.g. Transmission Control Protocol TCP and Internet Protocol IP , Open System Interconnection Model OSI , Information Technology Infrastructure Library, current version ITIL , etc.) Advanced knowledge of what constitutes a network attack, and a network attack's relationship to both threats and vulnerabilities Advanced knowledge of incident response and handling methodologies Advanced knowledge of common adversary tactics, techniques, and procedures (TTPs) in assigned area of responsibility (e.g. historical country-specific TTPs, emerging capabilities, etc.) Advanced knowledge of cyber threats and vulnerabilities Advanced knowledge of incident categories, incident responses, and timelines for responses Advanced knowledge of cyberattack stages (e.g. reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.) Advanced knowledge of processes for collecting, packaging, transporting, and storing electronic evidence while maintaining chains of custody Advanced knowledge of system files (e.g. log files, registry files, configuration files, etc.) Note: This is a W2 contract role - C2C and 3 rd party candidates will NOT be considered