Sr. Cyber Security Incident Responder

Medtronic   •  

Mounds View, MN

Industry: Manufacturing

  •  

Less than 5 years

Posted 48 days ago

This job is no longer available.


Careers that Change Lives

A Day in the Life

Participate in the detection, response and remediation of Information Security incidents as part of Medtronic’s CSIRT (Cyber Security Incident Response Team). Lead Incident Response for security incidents of many kinds, including advanced, targeted, attacks on Medtronic. Partner with Command Center, SOC and CSIRT personnel as a subject matter expert in Incident Response. Frequently collaborate with internal and external partners.

  • Act as technical lead in the full Incident Response Lifecycle. Perform investigations on information security and cyber incidents, including determining root cause and participating in lessons learned.

  • Develop custom detections and mitigations for advanced and persistent attacks.

  • Maintain a strong code of confidentiality based on the sensitivity of the work being performed.

  • Provide technical guidance and coaching to partner teams such as the Medtronic Command Center, SOC, and IT Support Center.

  • Recommends and participates in implementation of security remediation in the course of responding to security incidents, or to proactively prevent security incidents.

  • Conducts research and intelligence gathering on advanced threat actors known to be targeting the organization and/or healthcare industry.

  • Provides technical solutions to a wide range of difficult problems. Solutions are imaginative, thorough, and practicable, and consistent with organization objectives.

  • Analyzes complex issues and significantly improves, changes, or adapts existing methods.

  • Utilize a wide understanding security tools, including advanced threat detection, SIEM technology, web-filtering, and other related tools. Maintain general knowledge of other related disciplines including servers, workstations, software, and network-related technology.

  • Applies mastery of in-depth knowledge in cyber or information security. Considered an internal expert.

  • Works under general direction. Independently determines and develops approach to solutions.

  • Establishes inter-organizational and outside customer contacts. Represents the organization in providing solutions to difficult technical issues associated to information security incidents.

Must Have: Minimum Requirements

  • Bachelor’s degree required
  • 4+ years of relevant experience with a Bachelor’s Degree
  • 2+ years of relevant experience with a Master’s Degree

Specialized Knowledge

  • Working knowledge of Information Security Incident Response concepts.

Nice to Have

  • Experience with SIEM and log management tools (e.g., Splunk, McAfee Nitro, ELK, QRadar, ArcSight, Security Analytics).
  • Experience with incident detection and response tools (e.g., Full Packet Capture, FireEye, Cybereason, Carbon Black, Tanium, Crowdstrike Falcon Host).
  • Experience with On-Premise and Cloud architectures, engineering, and investigations.
  • Experience with multiple scripting languages (e.g., Python, Perl, Ruby, PowerShell).
  • Experience writing custom rules and signatures (e.g., Yara, Snort, OpenIOC).
  • Experience with forensics tools (e.g., FTK, EnCase, SleuthKit, Volatility).
  • Experience with malware analysis tools (e.g., IDA Pro, OllyDbg, Immunity Debugger).
  • Relevant information security certifications, such as GCIH, GCFE, GCFA, GREM, GNFA, GPEN, GCED, GMON, CISSP.
  • 18000N0I