Principal Forensic & Incident Response Architect | Full Time

Principal Forensic & Incident Response Architect | Full Time

Working within the Information Privacy and Security Office, the Principal Forensic and Incident Response Architect works closely with all IT departments to detect, analyze, contain, and mitigate computer security incidents. This position is expected to lead and participate in incident response activities including but not limited to computer forensic investigations, live response and triage, and electronic discovery. The Principal Forensic and Incident Response Architect will also perform proactive activities including, but not limited to threat hunting, detection engineering, and tabletop exercises. The Principal Analyst will serve as an escalation point for cyber security incidents and provide oversight of cyber security investigations. The Principal Forensic and Incident Response Architect will report to the Director of Incident Response. This position will work in a collaborative effort with IT and business units to ensure that cyber security incidents are handled appropriately to mitigate the impact of a cyber security incident.

EDUCATION/EXPERIENCE REQUIRED:

• Bachelor's Degree (Security, Technology, or Forensics) or equivalent of five (5) years of relevant experience in lieu of degree is required.
• Minimum of two (2) years leading hands-on enterprise security incident response investigations, required.
• Minimum of two (2) years executing threat hunting in both on-premise and cloud environments using both automated tools and manual techniques, required.
• Solid understanding of network and system intrusion and detection methods, examples of related technologies include SIEM, End Point Detection and Response, firewalls, hacking tools, techniques, and procedures.
• Deep understanding of Windows and Unix\Linux operating systems including logging facilities.
• Understanding of network protocol analysis, public key infrastructure, SSL, Active Directory. Understanding of basic malware analysis, endpoint lateral movement detection methodologies and host forensic tools.
• Understanding of Indicators of Compromise (IOCs) and attacker TTPs.
• Familiarity with MITRE ATT&CK.
• Expert understanding of information systems security; network architecture; general database concepts; document management; hardware and software troubleshooting; electronic mail systems; Microsoft Office applications; intrusion tools; and computer forensic tools such as Axiom, EnCase, Access Data, and/or FTK.

CERTIFICATIONS/LICENSURES REQUIRED:

• GCIH - GIAC Certified Incident Handler, preferred. GNFA - GIAC Network Forensic Analyst,
• Preferred. GCFA - GIAC Certified Forensic Analyst
• Preferred. GCFE -GIAC Certified Forensic Examiner
• preferred. CFCE - Certified Forensic Computer Examiner, preferred.

• Organization: Corporate Services
• Department: Ascension Cybersecurity IR
• Shift: Day Job
• Union Code: Not Applicable

This posting represents the major duties, responsibilities, and authorities of this job, and is not intended to be a complete list of all tasks and functions. It should be understood, therefore, that incumbents may be asked to perform job-related duties beyond those explicitly described above.

Overview

Henry Ford Health partners with millions of people on their health journey, across Michigan and around the world. We offer a full continuum of services – from primary and preventative care to complex and specialty care, health insurance, a full suite of home health offerings, virtual care, pharmacy, eye care and other health care retail. With former Ascension southeast Michigan and Flint region locations now part of our team, Henry Ford’s care is available in 13 hospitals and hundreds of ambulatory care locations. Based in Detroit, Henry Ford is one of the nation’s most respected academic medical centers and is leading the Future of Health: Detroit, a $3 billion investment anchored by a reimagined Henry Ford academic healthcare campus. Learn more at henryford.com/careers .

The health and overall well-being of our team members is our priority. That’s why we offer support in the various components of our team’s well-being: physical, emotional, social, financial and spiritual. Our Total Rewards program includes competitive health plan options, with three consumer-driven health plans (CDHPs), a PPO plan and an HMO plan. Our team members enjoy a number of additional benefits, ranging from dental and eye care coverage to tuition assistance, family forming benefits, discounts to dozens of businesses and more. Employees classified as contingent status are not eligible for benefits.

Equal Employment Opportunity / Affirmative Action Employer Henry Ford Health is

committed to the hiring, advancement and fair treatment of all individuals without regard to

race, color, creed, religion, age, sex, national origin, disability, veteran status, size, height,

weight, marital status, family status, gender identity, sexual orientation, and genetic information,

or any other protected status in accordance with applicable federal and state laws.

My Profile

Create and manage profiles for future opportunities.