Summa Health System is recognized as one of the region's top employers by a number of third party organizations, including NorthCoast 99. Exceptional candidates gravitate to Summa because of its culture, passion for delivering excellent service to our patients and families commitment to our philosophy of servant leadership, collegial working relationships at every level of the organization and competitive pay and benefits.
Summary:
Under general direction of the Manager, Cybersecurity Operations, the Cybersecurity Incident Response Analyst III is responsible for performing the tasks that support incident detection, incident response, digital forensics, and threat intelligence capabilities across the organization.
The Cybersecurity Incident Response Analyst performs real-time cybersecurity event analysis and incident handling activities in order to identify, contain, and mitigate cybersecurity incidents relevant to the organization. The role conducts incident preparedness activities to ensure the organization is positioned to respond to cybersecurity incidents in a manner that maximizes the survival of life, preservation of property, and information security. The Cybersecurity Incident Response Analyst is responsible for documenting cybersecurity incident activity from initial detection through recovery.
The Cybersecurity Incident Response Analyst performs cybersecurity incident triage tasks, including determining scope, urgency, and potential impact; identifies specific vulnerabilities exploited; and makes recommendations that enable expeditious remediation. The role performs command and control tasks to support interdepartmental virtual incident response team activities.
The Cybersecurity Incident Response Analyst performs digital forensics duties for the organization. Digital forensics duties entail investigations of computer-based incidents, establishing documentary evidence, including digital media and logs associated with cyber incidents.
The Cybersecurity Incident Response Analyst also operates the organization's threat intelligence capabilities which includes monitoring and developing cyber indicators to maintain awareness of the threat status across a highly dynamic operating environment. The role collects, processes, analyzes, and disseminates cyber threat alerts & warnings.
Minimum Qualifications:
1. Formal Education Required:
a. Bachelor's Degree or equivalent in Computer Science, Cybersecurity, IT, or Engineering or equivalent combination of education and/or experience.
2. Experience & Training Required:
a. Seven (7) years information security experience; Seven (7) years of IT related experience; Experience working in a complex healthcare environment.
b. Certifications required:
i. CompTIA Security+ (or equivalent)
c. Certifications preferred:
i. GIAC Certified Forensic Analyst (GCFA) (or equivalent)
ii. GIAC Incident Handler (GCIH) (or equivalent)
iii. CompTIA CASP (or equivalent)
3. Other Skills, Competencies and Qualifications:
a. Advanced knowledge of computer networking concepts and protocols, and network security methodologies.
b. Advanced knowledge of front-end collection systems, including network traffic collection, filtering, and selection.
c. Advanced knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
d. Advanced knowledge of what constitutes a network attack and a network attack's relationship to both threats and vulnerabilities.
e. Advanced knowledge of incident response and handling methodologies.
f. Advanced knowledge of common adversary tactics, techniques, and procedures (TTPs) in assigned area of responsibility (e.g., historical country-specific TTPs, emerging capabilities).
g. Advanced knowledge of cyber threats and vulnerabilities.
h. Advanced knowledge of incident categories, incident responses, and timelines for responses.
i. Advanced knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
j. Advanced knowledge of processes for collecting, packaging, transporting, and storing electronic evidence while maintaining chain of custody.
k. Advanced knowledge of which system files (e.g., log files, registry files, configuration files) contain relevant information and where to find those system files.
l. Advanced knowledge of security event correlation tools.
m. Advanced knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
n. Advanced knowledge of common computer/network infections (virus, Trojan, etc.) and methods of infection (ports, attachments, etc.).
o. Intermediate knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
p. Intermediate knowledge of cybersecurity and privacy principles.
q. Intermediate knowledge of server and client operating systems.
r. Intermediate knowledge of how to extract, analyze, and use metadata.
s. Intermediate knowledge of malware.
t. Basic knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
u. Basic knowledge of data backup and recovery.
v. Basic knowledge of encryption algorithms
w. Advanced skill to identify cybersecurity and privacy issues that stem from connections with internal and external customers and partner organizations.
x. Advanced skill in using security event correlation tools.
y. Advanced skill in collecting, processing, packaging, transporting, and storing electronic evidence to avoid alteration, loss, physical damage, or destruction of data.
z. Advanced skill in using forensic tool suites.
aa. Advanced skill in analyzing anomalous code as malicious or benign.
bb. Advanced skill in processing digital evidence, to include protecting and making legally sound copies of evidence.
cc. Advanced skill in performing packet-level analysis.
dd. Advanced skill in evaluating information for reliability, validity, and relevance.
ee. Advanced skill in identifying cyber threats which may jeopardize organization and/or partner interests.
ff. Advanced skill in utilizing virtual collaborative workspaces and/or tools (e.g., IWS, VTCs, chat rooms, SharePoint).
gg. Advanced skill in using scientific rules and methods to solve problems.
hh. Intermediate skill in analyzing volatile data.
ii. Intermediate skill in interpreting results of debugger to ascertain tactics, techniques, and procedures.
jj. Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute).
kk. Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
ll. Ability to evaluate information for reliability, validity, and relevance.
mm. Ability to evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) into high quality, fused targeting/intelligence products.
nn. Ability to function effectively in a dynamic, fast-paced environment.
oo. Ability to function in a collaborative environment, seeking continuous consultation with other analysts and experts-both internal and external to the organization-to leverage analytical and technical expertise.
pp. Ability to think critically.
qq. Ability to think like threat actors.
rr. Ability to develop productive working relationships with a broad range of business, clinical, and operational professionals.
ss. Ability to negotiate resolutions for conflicting security and business objectives.
tt. Ability to exemplify Summa Health's core values.
uu. Ability to take direction and operate independently in highly ambiguous situations.
vv. Ability to effectively interact with populations of patients/customers with an understanding of their needs for self-respect and dignity.
4. Level of Physical Demands:
a. Sedentary: Exerts up to ten pounds of force occasionally and/or a negligible amount of force frequently.
b. Minimal, may occasionally move computer equipment (desktop, laptop, monitor, printer, and peripherals) when necessary.
Equal Opportunity Employer/Veterans/Disabled
$40.74/hr - $61.11/hr
The salary range on this job posting/advertising is base salary exclusive of any bonuses or differentials. Many factors, such as years of relevant experience and geographical location are considered when determining the starting rate of pay. We believe in the importance of pay equity and consider internal equity of our current team members when determining offers. Please keep in mind that the range that is listed is the full base salary range. Hiring at the maximum of the range would not be typical.
Summa Health offers a competitive and comprehensive benefits program to include medical, dental, vision, life, paid time off as well as many other benefits.
- Basic Life and Accidental Death & Dismemberment (AD&D)
- Supplemental Life and AD&D
- Dependent Life Insurance
- Short-Term and Long-Term Disability
- Accident Insurance, Hospital Indemnity, and Critical Illness
- Retirement Savings Plan
- Flexible Spending Accounts - Healthcare and Dependent Care
- Employee Assistance Program (EAP)
- Identity Theft Protection
- Pet Insurance
- Education Assistance
- Daily Pay
