SUMMARY:

The Cyber Security Threat Intelligence Engineer will be responsible for planning, designing, developing, validating, and verifying information security solutions. This role requires an individual with an analytical mindset and an understanding of the incident response process, advanced adversaries, Blue Team Activities, PAM, SIEM, and Web & Email gateway security. In addition, the Cyber Security Threat Intelligence Engineer must have meticulous attention to detail, outstanding problem-solving skills, work comfortably under pressure, and deliver on tight deadlines. To ensure success, a Cyber Security Threat Intelligence Engineer must display an excellent understanding of vulnerability management, patch management, endpoint security, data loss prevention, threat hunting, and incident response. Additionally, be comfortable working with various technologies, security problems, and troubleshooting & resolving security problems.

PRIMARY RESPONSIBILITIES:

• Develop and implement sufficient measures to detect cyber threats
• Deploys and maintains large-scale enterprise level security services
• Leads projects from requirements gatherings and scope to implementation and rollout
• Installs, monitors, fixes, and maintains functionality of Cybersecurity tools or systems
• Assists in making key decisions to drive technical direction
• Identifies and makes plans to address areas for process improvement
• Participates and collaborates cross-functionally with groups (Network, Server, Storage etc.)
• Engages and maintains relationships with vendors
• Participates in an on-call rotation
• Configure and analyze EDR, IDS, vulnerabilities, network, and system events logs to detect and report threats.
• Perform deep-dive and root cause analyses of security incidents.
• Responsible for Security Awareness Training using KnowBe4 Platform
• Analyze and investigate malware, phishing, applications, and network-based attacks.
• Provide recommendations and implement solutions to remediate and mitigate threats.
• Document all actions, decisions, and outcomes throughout a cybersecurity incident and be responsible for tracking and reporting information security vulnerabilities and risks.
• Have a technical understanding of cybersecurity requirements based on NIST 800.53, NIST CSF, ISO/IEC 27001 and other control frameworks.
• Routinely validate security controls and processes and perform internal risk assessments.
• Lead and provide direction for the cybersecurity technical baseline of tools (i.e. NESSUS, Sophos, NMAP, Artic Wolf, SIEM, Microsoft Endpoint Manager, etc) along with system configuration and hardening guidance.
• Lead proactive remediation efforts in response to external audits, penetration tests and vulnerability assessments.
• Provide Leadership and direction to the security team specifically in the interpretation and improvement of Information Security policies and procedures.
• Act as a mentor for the new and junior members of the team.
• Actively monitor relevant security bulletins and security forums.
• Analyze emerging threats and impacts to the environment and systems.
• Security lead for projects involving data security, data classification and data loss prevention.
• Assess systems, processes, and projects against compliance requirements, control objectives, and security best practices
• Interact with internal and external technical staff and consult with project teams at various stages of project cycles.
• Assume the role and responsibility of Information Security Officer as defined in the Information Security Policies and Procedures.

ITI INFRASTRUCTURE MANAGEMENT AND OPERATIONAL SUPPORT: 

• Utilizes IT Operational support systems to include the Customer Support Center, Problem Management, Incident Management, Event Management, Configuration Management, Release Management, and other systems as required. 
• Ability to lead a project from start to finish with proven track record of success.
• Works to minimize systems outages or downtime for users and the effects of outages on users. Proactively monitoring the group work order queue, email, change control, new employee orientation listing, and move sheets to proactively anticipate customer’s needs for PC support and placement of computer equipment. 
• Knowledgeable of and adheres to the organizations policies, processes, procedures, standards, and guidelines governing privacy, security, and disaster recovery/business continuity.
• Develops, implements, and/or maintains systems following IT Information Assurance policies, processes, procedures, and guidelines and industry standards to address security, privacy, and disaster recovery/business continuity needs to protect the organizations information and resources at established, defined levels.
• Reports suspected security and/or privacy incidents following established organizational procedures.
• Follows established procedures to conduct reviews and audits of systems and information for assigned areas of responsibility.
• Maintains systems to keep information and resources secure and safe from known vulnerabilities to include updating applications and systems with security patches and code updates, applying appropriate virus protection, and testing changes before placing into production environments.

• Minimum 5+ years working experience in Cyber Security or security related field.
• Experience with vulnerability management, endpoint security, email protection, Windows & Linux Security, SIEM, PAM tool, data loss prevention, Office 365 and Cloud Security.
• Keen understanding of national laws, regulations, policies, and ethics related to healthcare industry cyber security.
• One of the following security certifications preferred: CISSP, SSCP, CCSP, CISA, CISM, CompTIA CASP+
• Ability to modify work schedules and practices to meet job requirements; requires occasional overnight travel. This includes being on-call afterhours as required.