Security Incident Response Analyst

INTEGRIS Health Two Corporate Plaza Bldg., Oklahoma’s largest not-for-profit health system has a great opportunity for a Security Incident Response Analyst in Oklahoma City, OK. In this position, you’ll be a part of our IT Standards team providing exceptional work supporting the INTEGRIS Health caregivers and the community at large. If our mission of partnering with people to live healthier lives speaks to you, apply today and learn more about our recently enhanced benefits package for all eligible caregivers such as, front loaded PTO, 100% INTEGRIS Health paid short term disability, increased retirement match, and paid family leave. We invite you to join us as we strive to be The Most Trusted Partner for Health.

The Security Incident Response Analyst is a role within the Cyber Fusion Center and will be responsible for developing and executing standards, procedures, and processes to uncover, resist and recover from security incidents.

The Security Incident Response Analyst will be responsible for the following activities and functions:

• Responds to computer security incidents according to INTEGRIS Health’s computer security incident response policy and procedures.
• Provides technical guidance to first responders for handling information security incidents.
• Provides timely and relevant updates to appropriate stakeholders and decision makers.
• Communicates investigation findings to relevant business units to help improve the information security posture.
• Validates and maintains incident response plans and processes to address potential threats.
• Compiles and analyzes data for management reporting and metrics.
• Monitors relevant information sources (such as Twitter, LinkedIn and information sharing and analysis centers) to stay up to date on current attacks and trends.
• Analyzes potential impact of new threats and communicates risks back to detection engineering functions.
• Performs root-cause analysis to document findings in CSIRT Reports and participate in root-cause elimination activities as required.

A successful candidate will have the expertise and skills described below.

• Bachelor's degree in computer science or a related field and 3 years in security incident response in a Security Operations Center or a Cyber Fusion Center.
• Triages and assesses the risk of incidents, performing real-time analysis and managing workload during investigations/incidents.
• Creates runbooks for frequently occurring incidents to automate or at least assist with the resolution of those cases.
• Create organized and well-written after action, CSIRT and RCA reports.
• Understands common security concerns, vulnerabilities, and exploitation techniques to think like an attacker and guard against those attack vectors.
• Proficiency with at least at least one scripting language (e.g., Python, PowerShell) to perform SOAR automation playbooks.
• Strong documentation skills, especially when writing up CSIRT reports for Executive Leadership.

• One or more of the following certifications specific to Incident Response: EC-Council Certified Incident Handler (ECIH), GIAC Certified Incident Handler (GCIH), CREST Registered Intrusion Analyst (CRIA), or COMPTIA Cybersecurity Analyst (CySA )
• Certified Information Systems Security Professional (CISSP)