Engineer, Cyber Security Operations (IR)
Company: Cardinal Health
Location: Augusta
Posted on: May 8, 2024
|
|
Job Description:
Headquartered in Dublin, Ohio, Cardinal Health, Inc. (NYSE: CAH)
is a global, integrated healthcare services and products company
connecting patients, providers, payers, pharmacists and
manufacturers for integrated care coordination and better patient
management. Backed by nearly 100 years of experience, with more
than 50,000 employees in nearly 60 countries, Cardinal Health ranks
among the top 20 on the Fortune 500.
Cardinal Health's Information Security team is on a tremendous
growth journey adding a number of new team members in our Cyber
Threat Operations Center (CTOC). We aim to be a world-class
cybersecurity organization that enables Cardinal Health to be
healthcare's most trusted partner.
We boast tremendous opportunities to grow and apply technical
skills to meet organizational needs, empowering talented team
members who mentor and uplift others, led by leaders with a
maniacal focus on employee development and well-being, dedicated
training programs, and a fun and collaborative atmosphere.
Cyber Threat Operations Center (CTOC) Overview
The is a pivotal role on the Security Incident Response Team within
the Cyber Threat Operation Center (CTOC) at Cardinal Health. This
person is responsible for the CTOC's visibility into Cardinal's
network, infrastructure, endpoints and applications and ensuring
our operations team can quickly identify and respond to threats.
The ideal candidate's unique blend of platform engineering and data
science skills will help influence cybersecurity strategy and
future roadmap initiatives.
We exist to ensure availability, integrity and confidentiality of
healthcare infrastructure that safeguards the patient
We promote a culture that protects information assets, manages risk
and embeds security in people, process and technology
Defines solutions that balance information security requirements
against business needs.
Investigates and resolves security incidents and recommends
enhancements to improve security.
Typical work of the Engineer, Cyber Security Operations:
Perform initial, forensically sound collection of images and
inspect to discern possible mitigation/remediation on enterprise
systems.
Coordinate and provide expert technical support to enterprise-wide
cyber defense technicians to perform initial, forensically sound
collection on endpoints of security incident related artifacts.
Coordinate and provide expert technical support to enterprise-wide
cyber defense technicians to effectively use Enterprise Detection
and Response solutions (FireEye HX, CrowdStrike, CarbonBlack) to
respond, investigate, and remediate security incidents involving
enterprise assets.
Collect intrusion artifacts (e.g., source code, malware, Trojans)
and use discovered data to enable mitigation of potential cyber
defense incidents within the enterprise.
Coordinate and provide expert technical support to enterprise-wide
cyber defense technicians to resolve cyber defense incidents.
Correlate incident data to identify specific vulnerabilities and
make recommendations that enable expeditious remediation.
Perform analysis of log files from a variety of sources (e.g.,
individual host logs, network traffic logs, firewall logs, and
intrusion detection system [IDS] logs) to identify possible threats
to network security.
Perform cyber defense incident triage, to include determining
scope, urgency, and potential impact, identifying the specific
vulnerability, and making recommendations that enable expeditious
remediation.
Perform cyber defense trend analysis and reporting.
Receive and analyze network alerts from various sources within the
enterprise and determine possible causes of such alerts.
Coordinate with intelligence analysts to correlate threat
assessment data.
Write and publish after action reviews.
Qualifications
Required:
Ability to apply techniques for detecting host and network-based
intrusions using intrusion detection technologies.
Ability to apply techniques for responding to host and
network-based intrusions using incident response technologies and
techniques.
A well qualified applicant will have a mix of the following
knowledge and skills:
3+ years of experience in a related field preferred
Bachelor's or above in related field or equivalent work
experience
Strong analytical, collaborative, problem solving, organizational
and planning skills.
Strong written and oral interpersonal skills.
Proficient PC skills; including working knowledge of Microsoft
Office products.
Skill of identifying, capturing, containing, and reporting
malware.
Skill in preserving evidence integrity according to standard
operating procedures or national standards.
Skill in securing network communications.
Skill in recognizing and categorizing types of vulnerabilities and
associated attacks.
Skill in protecting a network against malware. (e.g., NIPS,
anti-malware, restrict/prevent external devices, spam filters).
Skill in performing damage assessments.
Skill in using security event correlation tools.
Skill to design incident response for cloud service models.
Knowledge of Endpoints (laptop/desktop/server) related to cyber
security incident response
Knowledge of Incident response case management and automation
(SOAR)
Knowledge of Incident Response toolsets and specifically phishing
group mailbox support
Knowledge of SIEM technologies and utilization within a cyber
security environment
Knowledge of Logging/monitoring solutions and implementations
Ability to apply comprehensive knowledge and a thorough
understanding of concepts, principles, and technical capabilities
to perform varied tasks and projects related to incident
response
Anticipated salary range: $92,100 - $131,600
Bonus eligible: No
Benefits: Cardinal Health offers a wide variety of benefits and
programs to support health and well-being.
Medical, dental and vision coverage
Paid time off plan
Health savings account (HSA)
401k savings plan
Access to wages before pay day with myFlexPay
Flexible spending accounts (FSAs)
Short- and long-term disability coverage
Work-Life resources
Paid parental leave
Healthy lifestyle programs
Application window anticipated to close: 3/21/2024 *if interested
in opportunity, please submit application as soon as possible.
Candidates who are back-to-work, people with disabilities, without
a college degree, and Veterans are encouraged to apply.
Cardinal Health supports an inclusive workplace that values
diversity of thought, experience and background. We celebrate the
power of our differences to create better solutions for our
customers by ensuring employees can be their authentic selves each
day. Cardinal Health is an Equal Opportunity/Affirmative Action
employer. All qualified applicants will receive consideration for
employment without regard to race, religion, color, national
origin, ancestry, age, physical or mental disability, sex, sexual
orientation, gender identity/expression, pregnancy, veteran status,
marital status, creed, status with regard to public assistance,
genetic status or any other status protected by federal, state or
local law.
To read and review this privacy notice click here
(https://www.cardinalhealth.com/content/dam/corp/email/documents/corp/cardinal-health-online-application-privacy-policy.pdf)
Keywords: Cardinal Health, New England , Engineer, Cyber Security Operations (IR), Engineering , Augusta, Northeast
Click
here to apply!
|