Principal Forensic & Incident Response Architect | Full Time
GENERAL SUMMARY:
Working within the Information Privacy and Security Office, the Principal Forensic and Incident Response Architect works closely with all IT departments to detect, analyze, contain, and mitigate computer security incidents. This position is expected to lead and participate in incident response activities including but not limited to computer forensic investigations, live response and triage, and electronic discovery. The Principal Forensic and Incident Response Architect will also perform proactive activities including, but not limited to threat hunting, detection engineering, and tabletop exercises. The Principal Analyst will serve as an escalation point for cyber security incidents and provide oversight of cyber security investigations. The Principal Forensic and Incident Response Architect will report to the Director of Incident Response. This position will work in a collaborative effort with IT and business units to ensure that cyber security incidents are handled appropriately to mitigate the impact of a cyber security incident.
PRINCIPLE DUTIES AND RESPONSIBILITIES:
This position responds to and investigates cybersecurity incidents using cutting edge incident response and digital forensic techniques and tools. Performs forensic analysis involving on-premise computer systems and cloud environments. This position will help assist in the recovery of potentially lost or compromised data. When investigating computer security incidents the person in this role collects, preserves, and analyzes digital evidence. In addition, the Principal Forensic and Incident Response Architect documents and reports on findings and recommends next steps. This position will evaluate the organization's digital forensics and threat detection tools to identify gaps in monitoring and procedures around the respective tools. This position works on advanced, complex, technical projects or business issues requiring state of the art technical or industry knowledge. The role will also provide a continuous feedback loop to both security architecture and Security Operations Center (SOC) staff to continuously improve the organization’s incident detection and response capabilities.
- Work with Director of Incident Response in developing a formal enterprise threat hunting capability • Execute threat hunting capabilities and track relevant metrics
- Coordinate technical resources for quick response and resolution of critical incidents.
- Coordinates with IT and business unit liaisons and performs after-incident case reviews, lessons learned, and collects incident metrics.
- Maintain, manage, and update the process for handling and responding to computer security incidents.
- Reviews computer security incident reports and documentation to ensure that each is properly documented in management and compliance systems.
- Maintain proficiency in incident response and digital forensics tools and industry best practices.
- Maintain forensic hardware and software for digital forensic lab practices and procedures and coordinate use of forensic field kits.
- Provides forensic and computer incident management subject matter expertise to leadership.
- Contributes to the development and maintenance of the Information Privacy and Security Office Service Catalog and Corporate Information Security policies and procedures.
- Provide project and status updates to the Director of Incident Response.
- Prioritize workload based on input and priorities from leadership.
- Ensure technical documentation is current.
- Train team members on forensic, incident response, threat hunting, and cyber operations.
- Identify and lead capacity planning activities.
- Comply with auditing requests.
EDUCATION/EXPERIENCE REQUIRED:
- Bachelor’s Degree (Security, Technology, or Forensics) or equivalent of 5 years of relevant experience in lieu of degree is required.
- Minimum of 2 years leading hands-on enterprise security incident response investigations, required.
- Minimum of 2 years executing threat hunting in both on-premise and cloud environments using both automated tools and manual techniques, required.
- Solid understanding of network and system intrusion and detection methods, examples of related technologies include SIEM, End Point Detection and Response, firewalls, hacking tools, techniques, and procedures.
- Deep understanding of Windows and Unix\Linux operating systems including logging facilities.
- Understanding of network protocol analysis, public key infrastructure, SSL, Active Directory.
- Understanding of basic malware analysis, endpoint lateral movement detection methodologies and host forensic tools.
- Understanding of Indicators of Compromise (IOCs) and attacker TTPs.
- Familiarity with MITRE ATT&CK.
- Expert understanding of information systems security; network architecture; general database concepts; document management; hardware and software troubleshooting; electronic mail systems; Microsoft Office applications; intrusion tools; and computer forensic tools such as Axiom, EnCase, Access Data, and/or FTK.
CERTIFICATIONS/LICENSURES PREFERRED:
- GCIH – GIAC Certified Incident Handler, preferred.
- GNFA – GIAC Network Forensic Analyst, preferred.
- GCFA – GIAC Certified Forensic Analyst, preferred.
- GCFE – GIAC Certified Forensic Examiner, preferred.
- CFCE - Certified Forensic Computer Examiner, preferred.
Overview
HAP is a Michigan-based, nonprofit health plan that provides health coverage to individuals, Â Â Â Â Â companies and organizations. A subsidiary of Henry Ford Health System, we partner with doctors, employers and community groups to enhance the overall health and well-being of the lives we touch. With more than 1,100 dedicated and passionate employees, our goal is to make health care easy for our members.
Â
Under the leadership of President and CEO Robert G. Riney, Henry Ford Health is a
$6 billion integrated health system comprised of six hospitals, a health plan, and 250+ sites
including medical centers, walk-in and urgent care clinics, pharmacy, eye care facilities and
other healthcare retail. Established in 1915 by auto industry pioneer Henry Ford, the health system
now has 32,000 employees and remains home to the 1,900-member Henry Ford Medical Group, one
of the nation’s oldest physician groups. An additional 2,200 physicians are also affiliated with the
health system through the Henry Ford Physician Network. Henry Ford is also one of the region’s Â
major academic medical centers, receiving between $90-$100 million in annual research funding and
remaining Michigan’s fourth largest NIH-funded institution. Also an active participant in medical
education and training, the health system has trained nearly 40% of physicians currently practicing
in the state and also provides education and training for other health professionals including nurses,
pharmacists, radiology and respiratory technicians. visit HenryFord.com.
Benefits
Whether it's offering a new medical option, helping you make healthier lifestyle choices or
making the employee enrollment selection experience easier, it's all about choice. Â Henry
Ford Health System has a new approach for its employee benefits program - My Choice
Rewards. Â My Choice Rewards is a program as diverse as the people it serves. Â There are
dozens of options for all of our employees including compensation, benefits, work/life balance
and learning - options that enhance your career and add value to your personal life. Â As an
employee you are provided access to Retirement Programs, an Employee Assistance Program
(Henry Ford Enhanced), Tuition Reimbursement, Paid Time Off, Employee Health and Wellness
and access to day care services at Bright Horizons Midtown Detroit, and a whole host of other
benefits and services. Employee's classified as contingent status are not eligible for benefits
Equal Employment Opportunity/Affirmative Action Employer
Equal Employment Opportunity / Affirmative Action Employer Henry Ford Health System is
committed to the hiring, advancement and fair treatment of all individuals without regard to
race, color, creed, religion, age, sex, national origin, disability, veteran status, size, height,
weight, marital status, family status, gender identity, sexual orientation, and genetic information,
or any other protected status in accordance with applicable federal and state laws.