A

Sr. Digital Forensics & Incident Response Specialist

Acadia Healthcare
Full-time
On-site
Franklin, Tennessee, United States

Overview

PURPOSE STATEMENT:

We are seeking a skilled Senior DFIR Specialist to join our team in Franklin, TN. The first 90 days in this role will be fully in-person to ensure comprehensive onboarding and training. After the initial period, the position will transition to a hybrid model, with 2 days remote and 3 days in the office each week. 

The Senior Digital Forensics and Incident Response (DFIR) Specialist will work with the Security Operations Center (SOC) Incident Response (IR) and Forensics and play a critical role in the detection, analysis, and response to cybersecurity threats and incidents. This position is responsible for leading and executing advanced security operations, incident response activities, threat analytics, and forensic investigations to protect our organization’s digital assets.

 

Responsibilities

ESSENTIAL FUNCTIONS:

  1. Security Operations:
    • Utilize advanced SIEM tools to aggregate, correlate, and analyze security event data from various sources.
  2. Incident Response:
    • Coordinate incident response activities, including identification, containment, eradication, and recovery from security incidents.
    • Develop and implement additional incident response plans, ensuring readiness to respond to security breaches and incidents.
    • Conduct post-incident reviews and create detailed incident reports, identifying lessons learned and recommending improvements.
    • Develop containment and remediation strategies for risk mitigation.
    • Develop automated workflows for threat detection and response.
  3. Forensics:
    • Perform digital forensics investigations to collect, analyze, and preserve digital evidence in response to security incidents.
    • Utilize advanced forensic tools and methodologies to identify root causes and impacts of security breaches.
    • Collaborate with legal and compliance teams to ensure that forensic processes adhere to regulatory and legal requirements.
  4. Threat Intelligence:
    • Gather and analyze threat intelligence to understand emerging threats, tactics, techniques, and procedures (TTPs) used by adversaries.
    • Integrate threat intelligence into SOC operations and incident response processes to enhance detection and mitigation capabilities.
    • Develop and implement strategies to detect and respond to advanced persistent threats (APTs).
    • Utilize threat intelligence platforms (TIPs) to gather and analyze threat data.
  5. Collaboration and Training:
    • Work closely with other cybersecurity team members, IT staff, and business units to improve the organization’s security posture.
    • Provide mentorship and training to junior SOC analysts and incident responders.
    • Participate in security awareness training and exercises to educate employees on security best practices and response procedures.
  6. Operational Metrics and SLOs:
    • Define operational metrics and KPIs.
    • Establish quantifiable performance indicators.
    • Regularly review and refine operational metrics.
    • Develop and monitor service level objectives (SLOs) to ensure operational excellence.
  7. Vulnerability Management:
    • Conduct regular vulnerability assessments and penetration tests to identify security gaps.
    • Work with IT teams to remediate vulnerabilities in a timely manner.
  8. Red Teaming and Penetration Testing:
    • Plan and execute red team exercises to simulate adversary tactics and techniques.
    • Perform regular penetration testing to identify security weaknesses and provide recommendations for improvement.
  9. Insider Threat Detection and Mitigation:
    • Identify potential insider threats, assess the likelihood and impact of these threats, and prioritize mitigation efforts.
    • Collect and analyze information about individuals with access to sensitive resources, including employees, contractors, and vendors.
    • Conduct investigations into suspected insider threats and assist in responding to and remediating incidents when they occur.
    • Recommend and implement strategies to mitigate insider threats, including policy changes, procedural updates, and technical controls.
    • Monitor emerging threat trends and technologies to ensure that the organization's insider threat program remains effective and relevant.

OTHER FUNCTIONS:

  • Performs other tasks as assigned.

STANDARD EXPECTATIONS:

  • Complies with organizational policies, procedures, performance improvement initiatives and maintains organizational and industry policies regarding confidentiality.
  • Communicate clearly and effectively to person(s) receiving services and their family members, guests and other members of the health care team.
  • Develops constructive and cooperative working relationships with others and maintains them over time.
  • Encourages and builds mutual trust, respect and cooperation among team members.

Qualifications

EDUCATION/EXPERIENCE/SKILL REQUIREMENTS:

  • Education: A bachelor’s degree or equivalent work experience.
  • Experience: Minimum of 5 years of cybersecurity experience, with a preference for at least 4 years in detection and response and forensics.
  • Expertise: Strong knowledge of cybersecurity principles, technologies, and best practices.  Proven experience in healthcare security and knowledge of industry regulations, such as HIPAA and HITECH.
  • Communication: Excellent communication and collaboration skills to work with diverse teams and vendors.
  • Compliance: Knowledge and understanding of relevant legal and regulatory requirements, such as: Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard (PCI).
  • Frameworks:  Proficiency in common information security management frameworks, such as ITIL, Center for Internet Security (CIS) Critical Security Controls (CSC), and NIST, including 800-53, Cyber Kill Chain and MITRE ATT&CK Framework.
  • Problem-Solving: Strong problem-solving and analytical abilities.
  • Technology Proficiency: Proficient in using SIEM platforms (e.g. ReliaQuest Greymatter Suite, Microsoft Defender, Intune, Azure Intra ID) and other security monitoring tools. Advanced knowledge of incident response methodologies, including NIST, SANS, or similar frameworks
  • Self-Motivation: Self-motivated with strong organizational skills and exceptional attention to detail.
  • Multitasking: Ability to manage multiple tasks/projects simultaneously within strict time frames and adapt to frequent priority changes.
  • Adherence: Capability to work within established policies, procedures, and practices set by the organization.
  • Continuous Learning and Development: Commitment to continuous learning and professional development in cybersecurity.  Stay current with emerging threats, new technologies, and best practices through ongoing education and training.
  • Language Skills: Proficient in English to provide and receive instructions and directions effectively.

 

LICENSES/DESIGNATIONS/CERTIFICATIONS:

  • Certifications: Desired by not required, any one of these or a combination: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), CompTIA Security + or Network +, GIAC Certified Forensic Examiner (GCFE), GIAC Certified Incident Handler Certification (GCIH), GIAC Network Forensic Analyst (GNFA), GIAC Certified Intrusion Analyst Certification (GCIA), GIAC Certified Forensic Analyst (GCFA), Certified Forensic Computer Examiner (CFCE), Certified Intrusion Analyst (GCIA), Certified Information Security Incident Handler (CIHI), Certified Incident Handler (EC-Council ECIH), Certified Ethical Hacker (CEH), or other similar credentials.