Cybersecurity Incident Response Analyst II

Primary City/State:
Phoenix, Arizona

Department Name:
IT Threat & Vulnerability Mgmt

Work Shift:
Day

Job Category:
Information Technology

Help lead healthcare IT into the future. Our Information Technology professionals play a key role in excellent patient care. If you like the idea of making a positive change in people's lives - apply today.

Banner Health is seeking a Cybersecurity Incident Response Analyst. As Banner continues to leverage technology to deliver the highest quality of possible care cybersecurity is a top priority. The Cyber Security Operations Center (CSOC) is responsible for monitoring and responding to cyber security threats targeting Banner Health and its patients. This position helps detect and secure Banner's computing environment against both insider and outsider threats.

As a Cybersecurity Incident Response Analyst II, you will be at the frontlines of this effort. Response Analysts respond to threats in real-time through effective analysis, triage, and handling of cybersecurity alerts and events, help investigate and remediate cybersecurity incidents, escalate cybersecurity incidents as defined by procedure, and help liaise closely with other teams to ensure the correct response and remediation of cybersecurity incidents. The location for this role will be remote and does include on-call rotation duties. The typical schedule for this role is Monday-Friday 10 am-6 pm AZ time.

The ideal candidate will possess a bachelor's degree and 4 years of experience as cybersecurity operations center analyst, participating in 24/7 incident response. Experience working within a Security Operations Center to include an in-depth understanding of cyber incident response and the ability to effectively triage security events.

Within Banner Health Corporate, you will have the opportunity to apply your unique experience and expertise in support of a nationally-recognized healthcare leader. We offer stimulating and rewarding careers in a wide array of disciplines. Whether your background is in Human Resources, Finance, Information Technology, Legal, Managed Care Programs or Public Relations, you'll find many options for contributing to our award-winning patient care.

POSITION SUMMARY
This position helps secure Banner's computing environment against both insider and outsider threats. The incumbent will utilize Banner's various security tools and processes to complete real-time monitoring & alert triage, log correlation analysis, incident analysis & response, intrusion detection, cloud security, trade craft analysis, traffic analysis, malware analysis, forensic artifact handling & analysis, and blue teaming. The incumbent will work collaboratively to develop new procedures and runbooks.

CORE FUNCTIONS
1. Respond to threats in real-time through effective analysis, triage and handling of cybersecurity alerts and events.

2. Perform cyber security investigations and recommend remediation actions.

3. Take ownership of escalated cybersecurity incidents and work until conclusion.

4. Evaluate cyber incidents for legal concerns and where appropriate engage internal forensics and compliance teams.

5. Assist in updating/developing, implementing and operating requisite processes and procedures.

6. Establish and evaluate appropriate Key Performance Indicators, or Key Risk Indicators for accuracy and value.

7. Identify gaps in incident handling use cases and drive/lead the effort to develop process and alerting rules within SIEM technologies.

8. This position is responsible for Cybersecurity across multiple departments system-wide and requires interaction at all levels of staff and management.

Performs all functions according to established policies, procedures, regulatory and accreditation requirements, as well as applicable professional standards. Provides all customers of Banner Health with an excellent service experience by consistently demonstrating our core and leader behaviors each and every day.

MINIMUM QUALIFICATIONS

Must possess strong knowledge of business, cybersecurity and/or computer science as normally obtained through the completion of a bachelor's degree.

Four years of experience as cybersecurity operations center analyst, participating in 24/7 incident response. Experience working within a Security Operations Center to include an in-depth understanding of cyber incident response and ability to effectively triage security events. Strong understanding of system, network, and/or application security experience, Linux, virtualization, and networking concepts. Technical proficiency in SIEM (Security information and event management) tools, such as Splunk. Strong Technical proficiency in Endpoint Detection and Response security tools, CASB (cloud access security broker) tools, and DLP (Data Loss Prevention) solutions. Knowledge of utilizing enterprise managed Antivirus and encryption tools. Strong technical competence up and down the technology stack - user interface, applications, communications, infrastructure, database, network, storage, etc. Strong communication skills to work with both collaborative cross-functional team of peers and departments within the company (product development, operations, networking, etc.). Must possess strong critical thinking, analytical, troubleshooting and problem-solving skills. Must be a team player with ability to work autonomously. Ability to prioritize and reprioritize work as required. Experience with Vulnerability Assessment tools and processes and experience leveraging their output to support incident handling. Technical proficiency for creating and updating standard operating procedures. Ability to work calmly under pressure in the face of adversity and threat activity. Ability to establish positive working relationships and garner influence with other teams and team members. Strong desire and aptitude for continuous learning and keeping abreast of new and emerging technology. A collaborative attitude and strong desire to succeed as part of the team. Self-motivated and a strong passion for learning. Knowledge of MITRE ATT&CK Framework and Lockheed Martin Cyber Kill Chain. Knowledge of security threat and attack countermeasures. Experience in automation of tasks through scripting or programming with Bash, Python, Perl, etc.

PREFERRED QUALIFICATIONS
GIAC Continuous Monitoring Certification (GMON). GIAC Certified Incident Handler (GCIH). GIAC Certified Intrusion Analyst (GCIA).

Additional related education and/or experience preferred.

EOE/Female/Minority/Disability/Veterans

Our organization supports a drug-free work environment.

Privacy Policy