Sr. Cybersecurity Incident Response Analyst - Technology Specialist II - Digital and Technology Partners, Remote

Sr. Cybersecurity Incident Response Analyst - Technology Specialist II - Digital and Technology Partners, Remote, Req#3024370

The Mount Sinai Cybersecurity Operations team is looking for a highly motivated Sr. Cybersecurity Incident Response Analyst.  The Sr. Cybersecurity Incident Response Analyst will be a key member of the Cybersecurity operations team at Mount Sinai Health System and participates in incident response, threat investigations, threat campaigns, creating new detection methodologies and providing expert support to the security monitoring team. The focus of the Sr. Cybersecurity Incident Response Analyst is to detect, analyze and respond to cybersecurity incidents to minimize the impact of an cyber incident. To execute this mission, the Sr. Cybersecurity Incident Response Analyst will use data analysis, threat intelligence, and cutting-edge security technologies.

• Respond and Triage Cybersecurity incidents from 3rd party MDDR providers
• Hunt for and identify threats and threat actor groups and their techniques, tools and processes
• Lead and participate in "hunt campaigns" using threat intelligence, analysis of anomalous log data and results of brainstorming sessions to detect and eradicate threat actors on the network.
• Provide expert analytic investigative support of large scale and complex security incidents
• Perform analysis of security incidents for further enhancement of use case and alert catalog
• Continuously improve processes for use across multiple detection sets for more efficient operations
• Provide forensic analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security, and application logs, as well as logs from various types of security sensor
• Perform analysis of security incidents & threat actors for further enhancement of Detection Catalog and Hunt missions by leveraging the MITRE ATT&CK framework
• Validate suspicious events and incidents by using open-source and proprietary intelligence sources
• Work with partner teams to transform attacker TTPs into viable, low false-positive behavioral and signature detections using a variety of techniques including supervised, semi-supervised, and unsupervised ML, with an emphasis on sequential classification and pattern-matching 
• Interface with internal teams, as necessary, to resolve issues, provide additional information, and answer questions related to incidents and monitoring
• Become proficient with third-party threat intelligence tools as required
   

• Bachelors degree in a technical discipline; Masters degree preferred
• Prefer degree in one of the following: Computer Science, Engineering, Mathematics, Business Intelligence, Statistics or Cyber Security
• Ten years of related experience, In -depth knowledge of associated technology areas that could impact area of responsibility; healthcare technology experience preferred.

Strongly preferred:

• Experience using one or more SIEM and SOAR platforms
• Deep experience and understanding of network/host-based intrusion analysis
• Experience working with industry-wide frameworks and standards like MITRE ATT&CK, STIX, TAXII, and Cyber kill chain.
• Experience with EDR technologies (e.g., CrowdStrike, Carbon Black-Response, Defender ATP, Sentinel One)
• Experience managing security in cloud environments such as Azure, GCP or AWS 
• Experience with reverse-engineering, C&C exploitation, and broader system/network forensics
   

In addition, strongly prefer the ideal candidate to have:

• One or more certifications, including but not limited to GCIH, GCIA, GCFE, GREM, GCFA, GSEC, CEH
• Experience normalizing and parsing large data sets
• Ability to independently perform statistical analysis and inference, data modeling, clustering and predictive analysis
• Ability to translate cyber and application security issues into analytical models. Capability to effectively multitask
• Excellent verbal and written communication skills
• Knowledge of security appliances and professional / open source tools that support threat hunting, including understanding the analysis of competing hypotheses
• Experience with either Red team or Blue team operations and ability to think both like an attacker and defender
• A passion for research, and uncovering the unknown about internet threats and threat actors
• The ability to successfully interface with both internal and external clients
• The ability to document and explain technical details in a concise, understandable manner
   

, 296 - DTP Security - MSH, Mount Sinai Hospital