GENERAL SUMMARY:
The Information Security Forensic Lead position is a valued member of the IPSO department and will work closely with other members of the SOC, IPSO (Risk, Privacy, etc.) and IT programs to develop and implement a comprehensive approach to the management of security risks and forensics. The Information Security Forensic Lead conducts thorough investigations into the nature of the attack. The Information Security Forensic Lead looks deeper into security incidents and assist in investigating cyber incidents. The primary purpose of this position is to conduct high-level security investigations, computer forensic investigations, data recovery, and electronic discovery. The candidate will be expected to have a solid foundation of technical experience and expertise and possess strong communication skills. The Information Security Forensic Lead leads and addresses real security incidents and evaluates incidents identified by SOC Analyst analysts. The Information Security Forensic Lead uses threat intelligence such as updated rules and Indicators of Compromise (IOCs) to pinpoint affected systems and the extent of the attack. Analyzes running processes and configs on affected systems taking forensic imaging as needed and analyzing forensic images with approved legal forensic software (encase, FTK). Carries out in-depth threat intelligence analysis to find the perpetrator, the type of attack, and the data or systems impacted. Creates and implements a strategy for containment and recovery formulate plans to repair damaged assets, keep other assets safe, and work to remove the threat. Working with all aspects of the SOC and IT teams to focus on containment, repel attacks, and repair affected systems. Intelligence gathered after an incident is often shared with authorities and other organizations and can be used as a basis to prevent future attacks.
PRINCIPLE DUTIES AND RESPONSIBILITIES:
Conduct computer forensic investigations and electronic discovery requests for legal and corporate clients, using forensic tools.
Support the HFHS manager by communicating the progress and any issues of all assignments, internal and external attorneys, law firms, and litigation support firms.
Support the Security Information and Event Management (SIEM) and Endpoint Detection and response (EDR) fine-tune the SIEM and EDR tools needed to identify and repel threats.
Train L1 SOC analysts, DLP, and other SOC members on all related SOC matters and investigation.
Senior level response for real time security alerts and events.
Secure a system or device so it can't be tampered with and must be able to conduct exams on compromised computers and servers and collect information and evidence in a legally admissible way
Recover damaged, deleted or access hidden, protected or encrypted files
Must possess the ability to articulate in written and oral communication and present findings of on-going incidents to management and other members in the investigation team, law enforcement agencies and clients. Write technical reports based on your findings and, if required, give evidence in court as an expert witness
Manage multiple projects and maintain a computer forensic lab on a daily basis.
Ensure that all security events are properly documented/tracked to meet audit and legal requirements.
On call rotation 24x7 shift environment.
Keep up to date with evolving cybercrime methods and developments within the digital forensics field
EDUCATION/EXPERIENCE:
Bachelor's degree in Computer Science, Cybersecurity, Information Security, Management Information Systems, Information Technology, Engineering, or related field required.
Five (5) years of experience in the following:
Information Technology/Cybersecurity.
System Analysis and Forensic Tools (e.g. FTK, EnCase).
Log Management and SIEM (e.g. Splunk, IBM QRadar, HP ArcSight).
Experience in Endpoint Security (e.g. Carbon Black Enterprise Protection, Carbon Black Enterprise Response, Symantec, McAfee, Forefront).
Experience in various areas of IT system/network administration.
Experience conducting security assessments, penetration testing, and ethical hacking, preferred.
Knowledge and experience with the following operating systems: Windows, Macintosh, Linux or UNIX.
Must have understanding of information systems security; network architecture; general database concepts; document management; hardware and software troubleshooting; electronic mail systems, Microsoft Office applications; intrusion tools; and computer forensic tools such as EnCase, Access Data, and FTK.
Inquisitive, problem solving oriented with strong analytical, critical observation skills.
Willing to follow processes and procedures while maintaining the flexibility to 'think outside the box'.
Excellent written and oral communication skills.
Highly motivated with the ability to self-start, prioritize, multi-task and work in a team setting.
Logical and independent mind and meticulous attention to detail.
Objectivity and sensitivity when dealing with confidential information.
Ability to work under pressure and to a deadline and the ability to deal with stressful and emotional situations with concentration and patience.
Proficiency in conducting live analysis on endpoints, networks, and multiple platforms is desired.
CERTIFICATIONS (ideal candidate will have at least one of the following certifications) :
GCIH - GIAC Certified Incident Handler
GNFA - GIAC Network Forensic Analyst
GCFA - GIAC Certified Forensic Analyst
GCFE - GIAC Certified Forensic Examiner
CFCE -- Certified Forensic Computer Examiner
CEECS - Certified Electronic Evidence Collection Specialist
Additional Information
Organization: Corporate Services
Additional Details
This posting represents the major duties, responsibilities, and authorities of this job, and is not intended to be a complete list of all tasks and functions. It should be understood, therefore, that incumbents may be asked to perform job-related duties beyond those explicitly described above.
Overview
Under the leadership of President and CEO Robert G. Riney, Henry Ford Health is a $6 billion integrated health system comprised of six hospitals, a health plan, and 250+ sites including medical centers, walk-in and urgent care clinics, pharmacy, eye care facilities and other healthcare retail. Established in 1915 by auto industry pioneer Henry Ford, the health system now has 32,000 employees and remains home to the 1,900-member Henry Ford Medical Group, one of the nation's oldest physician groups. An additional 2,200 physicians are also affiliated with the health system through the Henry Ford Physician Network. Henry Ford is also one of the region's major academic medical centers, receiving between $90-$100 million in annual research funding and remaining Michigan's fourth largest NIH-funded institution. Also an active participant in medical education and training, the health system has trained nearly 40% of physicians currently practicing in the state and also provides education and training for other health professionals including nurses, pharmacists, radiology and respiratory technicians. visitHenryFord.com.
Benefits
Whether it's offering a new medical option, helping you make healthier lifestyle choices or making the employee enrollment selection experience easier, it's all about choice. Henry Ford Health has a new approach for its employee benefits program - My Choice Rewards. My Choice Rewards is a program as diverse as the people it serves. There are dozens of options for all of our employees including compensation, benefits, work/life balance and learning - options that enhance your career and add value to your personal life. As an