Acadia Healthcare - Franklin, TN

posted about 1 month ago

Full-time - Senior
Franklin, TN
Ambulatory Health Care Services

About the position

We are seeking a skilled Senior DFIR Specialist to join our team in Franklin, TN. The first 90 days in this role will be fully in-person to ensure comprehensive onboarding and training. After the initial period, the position will transition to a hybrid model, with 2 days remote and 3 days in the office each week. The Senior Digital Forensics and Incident Response (DFIR) Specialist will work with the Security Operations Center (SOC) Incident Response (IR) and Forensics and play a critical role in the detection, analysis, and response to cybersecurity threats and incidents. This position is responsible for leading and executing advanced security operations, incident response activities, threat analytics, and forensic investigations to protect our organization's digital assets.

Responsibilities

  • Utilize advanced SIEM tools to aggregate, correlate, and analyze security event data from various sources.
  • Coordinate incident response activities, including identification, containment, eradication, and recovery from security incidents.
  • Develop and implement additional incident response plans, ensuring readiness to respond to security breaches and incidents.
  • Conduct post-incident reviews and create detailed incident reports, identifying lessons learned and recommending improvements.
  • Develop containment and remediation strategies for risk mitigation.
  • Develop automated workflows for threat detection and response.
  • Perform digital forensics investigations to collect, analyze, and preserve digital evidence in response to security incidents.
  • Utilize advanced forensic tools and methodologies to identify root causes and impacts of security breaches.
  • Collaborate with legal and compliance teams to ensure that forensic processes adhere to regulatory and legal requirements.
  • Gather and analyze threat intelligence to understand emerging threats, tactics, techniques, and procedures (TTPs) used by adversaries.
  • Integrate threat intelligence into SOC operations and incident response processes to enhance detection and mitigation capabilities.
  • Develop and implement strategies to detect and respond to advanced persistent threats (APTs).
  • Utilize threat intelligence platforms (TIPs) to gather and analyze threat data.
  • Work closely with other cybersecurity team members, IT staff, and business units to improve the organization's security posture.
  • Provide mentorship and training to junior SOC analysts and incident responders.
  • Participate in security awareness training and exercises to educate employees on security best practices and response procedures.
  • Define operational metrics and KPIs.
  • Establish quantifiable performance indicators.
  • Regularly review and refine operational metrics.
  • Develop and monitor service level objectives (SLOs) to ensure operational excellence.
  • Conduct regular vulnerability assessments and penetration tests to identify security gaps.
  • Work with IT teams to remediate vulnerabilities in a timely manner.
  • Plan and execute red team exercises to simulate adversary tactics and techniques.
  • Perform regular penetration testing to identify security weaknesses and provide recommendations for improvement.
  • Identify potential insider threats, assess the likelihood and impact of these threats, and prioritize mitigation efforts.
  • Collect and analyze information about individuals with access to sensitive resources, including employees, contractors, and vendors.
  • Conduct investigations into suspected insider threats and assist in responding to and remediating incidents when they occur.
  • Recommend and implement strategies to mitigate insider threats, including policy changes, procedural updates, and technical controls.
  • Monitor emerging threat trends and technologies to ensure that the organization's insider threat program remains effective and relevant.
  • Perform other tasks as assigned.

Requirements

  • A bachelor's degree or equivalent work experience.
  • Minimum of 5 years of cybersecurity experience, with a preference for at least 4 years in detection and response and forensics.
  • Strong knowledge of cybersecurity principles, technologies, and best practices.
  • Proven experience in healthcare security and knowledge of industry regulations, such as HIPAA and HITECH.
  • Excellent communication and collaboration skills to work with diverse teams and vendors.
  • Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), HIPAA, and PCI.
  • Proficiency in common information security management frameworks, such as ITIL, CIS Critical Security Controls, and NIST.
  • Strong problem-solving and analytical abilities.
  • Proficient in using SIEM platforms and other security monitoring tools.
  • Advanced knowledge of incident response methodologies, including NIST, SANS, or similar frameworks.
  • Self-motivated with strong organizational skills and exceptional attention to detail.
  • Ability to manage multiple tasks/projects simultaneously within strict time frames.
  • Capability to work within established policies, procedures, and practices set by the organization.
  • Commitment to continuous learning and professional development in cybersecurity.
  • Proficient in English to provide and receive instructions and directions effectively.

Nice-to-haves

  • Certifications such as CISSP, CISM, CISA, CompTIA Security +, GIAC Certified Forensic Examiner, and others.
Job Description Matching

Match and compare your resume to any job description

Start Matching
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service