Cybersecurity Senior Incident Response Analyst (Remote in US, preference hybrid based in Dallas, TX)

Tenet is seeking a Senior Incident Response Analyst to work for Tenet Healthcare.  Below is a brief outline of what Tenet is seeking for this role.

The Senior Incident Response Analyst will report to the Tenet Incident Response Manager. As the Incident Response analyst, you will respond to high severity cyber security threats while documenting and reporting incidents through the incident response lifecycle. The analyst will perform endpoint and network forensics, basic malware analysis, threat hunting, etc. You will apply your technical knowledge and investigative skills to perform in-depth analysis and report your findings and conclusions to management. 

Can be fully remote but preference is on-site (Mon-Thursday to start and eventually it being more of a flexible hybrid 2-3 days a week onsite at HQ)

Key Accountabilities

The functions listed describe the business purpose of this job. Specific duties or tasks may vary and be documented separately. The employee might not be required to perform all the functions listed. Additional duties may be assigned, and functions may be modified, according to business necessity.

• Respond to incident using the incident response cycle: Preparation, Detection/Identification, Containment, Eradication, Recovery, and follow-up
• Perform threat hunting using EDR solution, Splunk and other security tools
• Evaluate threats and threat intelligence sources and determine organization risk and improve threat detection
• Conduct host-based forensics and analysis to identify threat, root cause, impact, etc
• Communicate with various teams across the enterprise to perform initial triage and information gathering of security incidents
• Consistently review playbooks and improve as necessary
• Perform basic malware analysis to identify basic IOCs and/or BIOCs
• Build and maintain sandbox environment to be able to safely investigate threats
• Deliver findings, recommendations, and remediation steps for all activities
• Create reports and document incidents

Skills, Experience & Competencies

• Bachelor’s degree in information security or a related field or an equivalent combination of training and experience.
• Strong experience with EDR, CrowdStrike preferred
• Highly experienced and skilled using Splunk to perform investigations and threat hunts 
• Highly experienced performing endpoint forensics. DFIR experience required.
• 3+ years of experience in the Incident Response field
• Red Team experience
• One or more professional security certifications such as CISSP, CEH, GIAC, or ECIH 
• Experience with intrusion detection, network security management, endpoint security and architecture
• Basic malware analysis

Tenet Healthcare/USPI complies with federal, state, and/or local laws regarding mandatory vaccination of its workforce.  If you are offered this position and must be vaccinated under any applicable law, you will be required to show proof of full vaccination or obtain an approval of a religious or medical exemption prior to your start date.  If you receive an exemption from the vaccination requirement, you will be required to submit to regular testing in accordance with the law.                                   

#LI-NO1   

• Graduation from college or  with a degree or major course work in computer science, telecommunications, networking, engineering or other related technical field
• Five years of progressive work experience in information technology and at least five years of experience in the information security field
• Knowledge of information security policies, "best practices", protocols, and procedures
• Understanding of networking architectures, topologies, practices and technologies
• Demonstrated verbal and written communications skills and organizational and leadership skills
• Demonstrated level of integrity and judgment concerning privacy issues
• Demonstrated ability to maintain a well-reasoned, objective, and independent point of view
• Able to work in a collaborative manner with teammates within Information Resources as well as the rest of the Organization.

• CISSP, CISM or GIAC certification (candidates not certified will be expected to achieve certification within 12 months of hire)
• Detailed knowledge of industry-standard commercial and desktop, server, and network operating systems and enterprise database software
• Related work experience in a higher education or academic health organization
• A technical skill set to configure, install, and monitor security software/hardware
• Knowledge of and experience implementing technical aspects of compliance standards\regulations such as HIPAA, PCI DSS, etc.
• Knowledge of and experience implementing an information security framework based on either ISO 27000 series standard, NIST 800-30, CObIT, etc.
• Experience working in a decentralized  environment