Incident Response Lead

Piper companies is seeking an Incident Response Lead for a major hospital system. This individual would lead key cybersecurity operations response activities while providing technical direction and mentoring to one or more analysts. Additional responsibilities include coordinating 24x7 cybersecurity incident follow-up activities, technical research and analysis of threat and vulnerabilities affecting information systems, and participating in other cybersecurity program activities, including risk assessment, risk management, risk remediation, and others. The role will liaise with other members of the Information Services team, coordinate the response to cybersecurity incidents, and maintain written documentation as needed. Current experience as a Lead, Consultant, or Tier III analyst is required.

Responsibilities of the Incident Response Lead:

• Provide technical leadership and coaching to multiple junior and senior SOC analysts, ensuring the highest quality in the delivery of response services
• Assist management in process, service and SLA development, metrics creation and management and maturity enhancements
• Receiving escalations from the SOC team and conducting investigations as requested
• Conduct interviews as needed
• Investigation of suspicious network and endpoint activity
• Provide feedback on IR playbooks, runbooks, and plans as needed
• Partners with information security engineers to implement and maintain security technologies
• Collaborates with information assurance advisors to address network and endpoint security risks
• Participates in vulnerability management, including scanning and remediation
• Manage the forensic chain of evidence as needed
• Maintain written documentation on investigations
• Performs duties in accordance with Penn Medicine and entity values, polices, and procedures
• Other duties as assigned to support the unit, department, entity, and health system organization

Qualifications for the Incident Response Lead:

• 7 years in information technologies, especially information security, such as security operations and incident response, regulatory compliance or audit, vulnerability management, security engineering or similar experience. Triage active high-stakes security events, including reviewing and applying security controls to detect, respond, prevent and remediate threats
• Demonstrated leadership experience and excellent interpersonal skills
• Ability to evaluate cybersecurity tools, systems, processes and make effective recommendations and changes
• Information security certifications, such as Security , Network , CCNA Security, GSEC, GCIA, GCFA, GPEN, CEH
• Familiarity with security standards and frameworks such as: HIPAA, PCI DSS, HITRUST, NIST, ISO, etc.
• Experience with Incident Response lifecycle and supporting technologies
• Hands-on experience with modern SIEM/SOAR platforms, EDR tools, NDR and/or NBAD tools, or the like.

Compensation of the Incident Response Lead:

• Comprehensive Benefits: Medical, Dental, Vision, 401K, PTO, Sick Leave if required by law, and Holidays
• $140,000 - $160,000

Keywords: #LI-RL1

SIEM, SOC, SOAR, IR, Incident response, Microsoft, google, EDR, Crowdstrike, Google Chronicle, Defender, Forensics, DFIR, Live analysis, Log, log ingestion, alerts, detection, rules, strategy, operations, investigations, incident management, incident, vulnerabilities, BEC, phishing, IP theft, HIPAA, frameworks, Playbooks, monitoring, threat hunting, threat hunt, mentor, lead, healthcare, hospitals, engineering, compliance