Manager Cyber Fusion Center

INTEGRIS Health Two Corporate Plaza Bldg., Oklahoma’s largest not-for-profit health system has a great opportunity for a Manager Cyber Fusion Center in Oklahoma City, OK. In this position, you’ll be a part of our IT Standards team providing exceptional work supporting the INTEGRIS Health caregivers and the community at large. If our mission of partnering with people to live healthier lives speaks to you, apply today and learn more about our recently enhanced benefits package for all eligible caregivers such as, front loaded PTO, 100% INTEGRIS Health paid short term disability, increased retirement match, and paid family leave. We invite you to join us as we strive to be The Most Trusted Partner for Health.

The Manager Cyber Fusion Center is a role within a security organization that will lead a Security Operations Center with eventual growth into a full Cyber Fusion Center. This role will be responsible for leading the team in defending against cybersecurity incidents and identifying, analyzing, communicating, and containing incidents as they occur. This role will then provide CSIRT reports to Executive Leadership and collaborate with Security Engineering to develop strategy to close any security gaps found through incidents. This role will oversee the maturity of the Security Operations Center to provide more automation and eventually transform the organization into a Cyber Fusion Center with a proactive posture.

Security Operations Center

• Lead the Security Operations Center in activities, such as network monitoring, intrusion detection analysis, threat detection, event correlation, development of formal incident reports.
• Lead collaboration with private, local, state, and federal agencies to gather and share intelligence and develop strategies for threat hunting.

Security Incident Response

• Lead Security Incident Response in activities such as, responding to security incidents in line with security incident response policy and procedures, and being able to direct instruction and delegate incident command activities during escalated war room situations.
• Provide technical guidance to first through third level responders for handling information security incidents.
• Provide timely and relevant updates, SLA’s, metrics, and reports to appropriate stakeholders & decision makers and communicate investigation findings to relevant business units to help improve the information security posture.
• Ensure the validation and maintenance of incident response plans to address potential threats.
• Ensure analysis of potential impact of new threats is communicated back to detection engineering functions.

Forensics

• Ensure computer forensic analysis, data recovery, eDiscovery and other IT investigative work is being appropriately conducted in accordance with internal, state & federal policies.
• Ensure the collaborates with fraud examiners, other IT investigative experts, counsel, human resources (HR) and other IT technical personnel in investigations.

A successful candidate will have the expertise and skills described below.

• Bachelor's degree in computer science or a related field and 8 years in a Security Operations Center, Security Incident Response, or Cyber Fusion Center with increasing levels of responsibility.
• Practical depth of knowledge of operational functions across Security Operations, Security Incident Response, Cyber Forensics, Cyber Investigations, and Incident & Event Handling, along with having experience creating documentation such as CSIRT reports, RCA reports, and communicating risks to executive leadership.
• Technical breadth of knowledge overall security domains, to include network security (VPN, firewall, encryption, network monitoring, content filtering, wireless security), vulnerability security (scanning, static/dynamic code analysis, patching), endpoint protection (anti-malware/virus, intrusion detection/prevention), server security (web server, database), and cloud security (Azure, AWS).
• Can demonstrate a history of being a security thought leader and mentor within the Security Operations & Incident Response domain.
• Understands common security concerns, vulnerabilities, and exploitation techniques to think like an attacker and guard against those attack vectors.
• Proficiency with at least at least one scripting language (e.g., Python, PowerShell) to perform API integrations between technology systems.
• Strong documentation skills, especially with architecture diagrams and tool roadmap development.

• One or more of the following certifications specific to Incident Response: EC-Council Certified Incident Handler (ECIH), GIAC Certified Incident Handler (GCIH), CREST Registered Intrusion Analyst (CRIA), or COMPTIA Cybersecurity Analyst (CySA )
• Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), and/or Global Information Assurance Certification or capability to show relevant experience.