Lead Cybersecurity Incident Response Analyst

DescriptionPenn Medicine is dedicated to our tripartite mission of providing the highest level of care to patients, conducting innovative research, and educating future leaders in the field of medicine. Working for this leading academic medical center means collaboration with top clinical, technical and business professionals across all disciplines.Today at Penn Medicine, someone will make a breakthrough. Someone will heal a heart, deliver hopeful news, and give comfort and reassurance. Our employees shape our future each day. Are you living your life's work?The role involves on-site presence for the first 6 months with the possibility of remote work after the introductory period is complete.Summary:• The Lead Cybersecurity IR Analyst is responsible for ensuring that key cybersecurity operations response activities are completed, while providing technical direction and mentoring to one or more analysts. The Lead is responsible for coordinating multiple 24x7 cybersecurity incident follow-up activities, technical research and analysis of threat and vulnerabilities affecting information systems, and participating in other cybersecurity program activities, including risk assessment, risk management, risk remediation, and others. The role will liaise with other members of the Information Services team, coordinate the response to cybersecurity incidents, and maintain written documentation as needed.Responsibilities:• Provide technical leadership and coaching to multiple junior and senior SOC analysts, ensuring the highest quality in the delivery of response services• Assist management in process, service and SLA development, metrics creation and management and maturity enhancements• Receiving escalations from the SOC team and conducting investigations as requested• Conduct interviews as needed• Investigation of suspicious network and endpoint activity• Provide feedback on IR playbooks, runbooks, and plans as needed• Partners with information security engineers to implement and maintain security technologies• Collaborates with information assurance advisors to address network and endpoint security risks• Participates in vulnerability management, including scanning and remediation• Manage the forensic chain of evidence as needed• Maintain written documentation on investigations• Performs duties in accordance with Penn Medicine and entity values, polices, and procedures• Other duties as assigned to support the unit, department, entity, and health system organization• Performs duties in accordance with Penn Medicine and entity values, policies, and procedures• Other duties as assigned to support the unit, department, entity, and health system organizationCredentials:• Information security certifications, such as Security+, Network+, CCNA Security, GSEC, GCIA, GCFA, GPEN, CEH. (Preferred)Education or Equivalent Experience:• Bachelor's degree. (Required)• 7+ years of experience in information technologies, especially information security, such as security operations and incident response, regulatory compliance or audit, vulnerability management, security engineering or similar experience. (Required)• 3+ years of experience with incident response technology, process, and programs. (Required)• 0-1 years of familiarity with security standards and frameworks such as: HIPAA, PCI DSS, HITRUST, NIST, ISO, etc. (Required)• 0-1 years of experience with Incident Response lifecycle and supporting technologies, including hands-on experience with modern SIEM/SOAR platforms, EDR tools, NDR and/or NBAD tools, or the like. (Required)Skills/Abilities:• Demonstrated leadership, interpersonal and verbal communication skills• Demonstrated written communication skills• Expert knowledge of cybersecurity monitoring and incident response techniques, as applied to cloud, data, applications, platforms, operating systems and network cybersecurity• Expert knowledge of cyber defense tools, including SIEM, SOAR, EDR, UEBA, NDR, SWG, SEG, Firewalls, and other• A strong working understanding of cybersecurity architectural principles• Ability to troubleshoot, research and solve technically challenging cyber events• Organized, process-oriented and able to manage multiple concurrent work streams• Ability to work within tight timeframes and a fast paced environment with changing priorities• Knowledge of laws, regulations, and standards relevant to the healthcare industry.We believe that the best care for our patients starts with the best care for our employees. Our employee benefits programs help our employees get healthy and stay healthy. We offer a comprehensive compensation and benefits program that includes one of the finest prepaid tuition assistance programs in the region. Penn Medicine employees are actively engaged and committed to our mission. Together we will continue to make medical advances that help people live longer, healthier lives.Live Your Life's WorkWe are an Equal Opportunity and Affirmative Action employer. Candidates are considered for employment without regard to race, ethnicity, color, sex, sexual orientation, gender identity, religion, national origin, ancestry, age, disability, marital status, familial status, genetic information, domestic or sexual violence victim status, citizenship status, military status, status as a protected veteran or any other status protected by applicable law.