Information Security Incident Response Analyst

At Harris Health System, we champion better health for our patients, their families and our community, by connecting them to an integrated healthcare system that provides high-quality healthcare. Harris Health focuses on the delivery of primary care, wellness and prevention services to the residents of Harris County, Texas, through its extensive network of inpatient and outpatient facilities. Harris Health is a proud recipient of the prestigious National Committee for Quality Assurance designation for its patient-centered medical homes. Harris Health’s medical faculty and residents are provided by its nationally recognized medical school partners: Baylor College of Medicine; McGovern Medical School at The University of Texas Health Science Center at Houston (UTHealth); and The University of Texas MD Anderson Cancer Center.

Job Summary
The Information Security Incident Response Analyst reports to the Manager-Information Security Operations. Will identify, isolate, investigate, inform, and help implement measures to detect and protect data across the entire organization. Is required to validate suspicious events or reports and determine if the event constitutes an incident. The individual will ensure incidents are properly entered into the appropriate reporting system and determine the severity of the incident while working to consistently maintain situational awareness required to identify and verify security incidents. Analyze, document and report on security incidents through the Incident Attack Lifecycle. Provide technical analysis to understand compromise, coordinate the response and advise on remediation/mitigation tactics.

Minimum Qualifications

Education/Degrees: Computer Science, Information System- Preferred

Licenses & Certification: E|CIH, GCIH, CCNA, C|CTA), C|EH, C|NDA Preferred

Work Experience

• 3 Years of Experience monitoring incidents, from the following systems, Qradar, FireEye, Insight IDR, Securonix, IPS, etc
• Experience with incident management solutions is a must.
• Understanding of HIPAA Security rule, HITECH, Payment Card Industry (PCI), NIST Cybersecurity Framework. In addition, understanding of NIST SP 800-53r4, COBIT, and ITIL frameworks preferred

Communication Skills
Exceptional Verbal (Public Speaking) Writing/ Correspondence Writing/ Reports

Job Attributes
Knowledge/Skills/Abilities

KSAs
Analytical Statistical

Reports to Position
Manager (Non-Dept Head)

Typical Duties That May Be Performed

• Monitor security operations for security issues and investigate incidents.
• Incidents triage, prioritization, investigation, response coordination and closure documentation
• Hands on work with SIEM (Qradar) and logging solutions
• Classify incidents and take appropriate course of action.
• Ensure compliance with internal and external policies.
• Assist with development of security standards and best practices for the Information Security department
• Plan and executed against current Incident Response plan (IR).
• Identifies and reports on gaps within the Incident Response Plan
• Provides support for complex computer network exploitation and defense techniques to include deterring, identifying and investigating computer and network intrusions.
• Prepare reports that document security incidents and the extent of the damage caused by the incident.
• Provides technical support for a comprehensive risk management program identifying mission critical processes and systems; current and projected threats; and system vulnerabilities.
• Research the latest cyber security threat and trends.
• Ability to review logs in order to perform triage to reduce impact
• Analyze both raw and processed security event data to identify potential security incidents, threats and vulnerabilities
• Perform initial incident investigation to be used for event investigation
• Initiate incident notification, case tracking/management and recovery action
• Ensures that incident documentation is comprehensive and accurate.
• Completes all relevant fields in incident tracking database and closes ticket
• Assists in other areas of the Information Security department as necessary