IT Cyber Incident Response Analyst 3

Salary range : $88,420.80 - $132,641.60 depending on experience. This is a full-time remote hybrid position. Eligible for full benefits.

ST. CHARLES HEALTH SYSTEM

JOB DESCRIPTION

TITLE : Incident Response Analyst 3

REPORTS TO POSITION : Manager, Security Operations

DEPARTMENT : Information Technology

DATE LAST REVIEWED : November 2024

OUR VISION : Creating America's healthiest community, together

OUR MISSION : In the spirit of love and compassion, better health, better care, better value

OUR VALUES : Accountability, Caring and Teamwork

DEPARTMENTAL SUMMARY : The Information Technology department helps improve the work of our caregivers by providing efficient and reliable platforms, comprehensive training, and stellar customer service. We do this by taking pride in the integrity of our workflows, data security, and training delivery. We partner with our customers to leverage various technologies to achieve the best patient outcomes possible by implementing new hardware and software solutions, upgrading existing environments, protecting the data we store, and integrating different solutions to achieve a seamless experience.

POSITION OVERVIEW : The Incident Response Analyst 3 plays a critical role in detecting, investigating, and responding to cybersecurity incidents within the organization. As a senior-level analyst, this position requires advanced technical expertise, strong analytical skills, and the ability to handle complex incident investigations. The role leads incident response efforts, provides mentorship to junior analysts, and contributes to the continuous improvement of the incident response program.

This position does not directly manage caregivers, however may be asked to review and provide feedback upon the work of others.

ESSENTIAL FUNCTIONS AND DUTIES :

Serve as a senior-level analyst for the Security Operations Center (SOC), leading complex cybersecurity investigations and response efforts.

Perform advanced analysis of security alerts and logs from SIEM, EDR, IDS / IPS, and other security tools to identify potential threats.

Coordinate incident response activities, including containment, eradication, and recovery, to minimize the impact of cybersecurity incidents.

Conduct forensic analysis of systems and networks to determine the root cause and scope of incidents.

Develop and maintain detailed incident response playbooks to standardize and enhance response processes.

Collaborate with internal teams and external partners to address vulnerabilities and prevent future incidents.

Act as a mentor to junior analysts, providing guidance and fostering skill development.

Maintain awareness of the latest threats, vulnerabilities, and attack vectors to improve detection and response capabilities.

Assist in preparing post-incident reports with actionable recommendations for risk reduction and process improvement.

Support threat hunting activities by proactively searching for signs of compromise within the environment.

Participate in tabletop exercises and simulations to test and refine incident response processes.

Ensure compliance with relevant regulatory requirements and industry best practices during investigations.

Supports the vision, mission, and values of the organization in all respects.

Supports the Lean principles of continuous improvement with energy and enthusiasm, functioning as a champion of change.

Provides and maintains a safe environment for caregivers, patients, and guests.

Conducts all activities with the highest standards of professionalism and confidentiality. Complies with all applicable laws, regulations, policies, and procedures, supporting the organization's corporate integrity efforts by acting in an ethical and appropriate manner, reporting known or suspected violation of applicable rules, and cooperating fully with all organizational investigations and proceedings.

May perform additional duties of similar complexity within the organization, as required or assigned.

EDUCATION :

Required : Bachelor's degree in information technology, Cybersecurity, Business, or other technology discipline, or a combination of education and experience that will enable performance of the full scope of the position.

Preferred : Bachelor's degree in Computer Science or higher.

LICENSURE / CERTIFICATION / REGISTRATION :

Required : At least one relevant certification within one (1) year of hire (e.g., GCIA, GCIH, CISM, CISSP, or CEH).

Preferred : Certifications such as CHFI, OSCP, or GNFA

EXPERIENCE :

Required : At least five (5) years of experience in information security, including at least three (3) years in incident response or SOC roles. Proficient in forensic analysis, malware analysis, and use of SIEM and EDR tools.

Preferred : Experience in regulated industries such as healthcare or finance. Knowledge of cloud security principles and threat hunting techniques.

PERSONAL PROTECTIVE EQUIPMENT :

Must be able to wear appropriate Personal Protective Equipment (PPE) required to perform the job safely.

PHYSICAL REQUIREMENTS :

Continually (75% or more) : Use of clear and audible speaking voice and the ability to hear normal speech level.

Frequently (50%) : Sitting, standing, walking, lifting 1-10 pounds, keyboard operation.

Occasionally (25%) : Bending, climbing stairs, reaching overhead, carrying / pushing or pulling 1-10 pounds, grasping / squeezing.

Rarely (10%) : Stooping / kneeling / crouching, lifting, carrying, pushing or pulling 11-15 pounds, operation of a motor vehicle.

Never (0%) : Climbing ladder / stepstool, lifting / carrying / pushing or pulling 25-50 pounds, ability to hear whispered speech level.

Exposure to Elemental Factors

Never (0%) : Heat, cold, wet / slippery area, noise, dust, vibration, chemical solution, uneven surface.

Blood-Borne Pathogen (BBP) Exposure Category

No Risk for Exposure to BBP

Schedule Weekly Hours :

40

Caregiver Type : Regular

Shift : Is Exempt Position?

Yes

Job Family :

ANALYST INFORMATION TECHNOLOGY

Scheduled Days of the Week :

Monday-Friday

Shift Start & End Time :

8-5, with exceptions based on project and on-call work.