Job Description

Enterprise Information Security at Providence is responsible for appropriately protecting all information relating to its caregivers and affiliates, as well as protecting its confidential business information (including information relating to its caregivers, affiliates, and patients) What will you be responsible for Leads the creation and maintenance of SOC Playbooks, SOPs and Training materials, managing shifts, onboarding, and training for SOC Engineers. Overseeing SIEM monitoring and ensure that SOC team is responding to all alerts Manage 24X7 Security Operations Centre (SOC). Ensure adequate staffing, seamless delivery of monitoring service & timely response on the incidents. Experience with writing/creation of formal documentation such as reports, slide decks, and architecture diagrams Participating and creation of detailed Incident Reports and contribute to lessons learned in collaboration with the appropriate team Analyze network perimeter data, flow, packet filtering, proxy firewalls, and IPS/IDS to create and implement a concrete plan of action to harden the defensive posture Utilize ticketing system and standard operating procedures for effective call processing and escalation to adhere to Service Level Agreement (SLA) Support and participate in SOC engineering efforts such as tool integration, development of automation, scripts, testing of new tools and evaluation of new technologies Knowledge of threat centric framework Cyber Kill chain and NIST Cyber Security Framework. Ensure that the incident response processes are kept up-to date and well-rehearsed during any real cyber-attacks or cyber drill. Proficiency with the latest intrusion detection platforms working knowledge of Linux and/or Windows systems administration (Including AD). What would your work week look like Collaborate with the other security teams to contain and investigate major incidents Perform all tasks required per shift including reporting, monitoring, and turnover logs Evaluate the type and severity of security events by making use of packet analyses and in-depth understanding of exploits and vulnerabilities Perform security log analysis during Information Security related events, identifying and reporting possible security breaches, incidents, and violations of security policies Oversee emerging cyber threats, proactive modelling, threat validation Escalate critical incidents that require management attention in a timely manner and provide timely updates Root cause analysis experience, getting to the root cause, problem solving Who are we looking for Bachelor s degree in related filed, to include computer science, or equivalent combination of education and experience 8+ years of relevant post-qualification experience, with at least five (5) years in Security Operations Center environment (SOC) Hands on experience or exposure to monitoring toolslike -Sentinel (preferred), Splunk, ArcSight, Logrythm, Qradar etc. Experience in SOAR (Security Orchestration Automation Response) platform is preferred Scripting or programming (Shell scripting, Power Shell, Python, KQL etc.) Should have worked on security monitoring in Cloud environment (Azure, Google Cloud etc)/ relevant knowledge in Cloud environment. Preferred SSCP, EC-Council CSA, CompTIA- CYSA+, SANS GCIH /GMON /GSOC certification.

Monster