Senior Security Analyst, Incident Response

At the American Cancer Society, we're leading the fight for a world without cancer. Our employees and 1.5 million volunteers are raising the bar every single day. We actively seek candidates from diverse backgrounds including communities of color, the LGBTQ community, veterans, and people with disabilities. The greater the diversity of our people, the better we can serve our communities.

The people who work at the American Cancer Society focus their diverse talents on our lifesaving mission. It is a calling. And the people who answer it are fulfilled.

The Security Analyst, Incident Response works as part of the Cybersecurity Services team and, at times, in an individual capacity. This role requires coordination of incident response (IR) activities across the enterprise and working closely with stakeholders and Cybersecurity Services team members. Additionally, individuals engage in suspected and confirmed incidents, which may vary in impact. This analyst will investigate, validate, and communicate known details about the incident and work closely with leadership. Strong IR skills are required to excel in this role, given the complexity and evolution of internal and external threat actors. Technical and analytical skills are paramount, as well as the ability to communicate effectively with technical and nontechnical colleagues.

This is a fast-paced role and one that involves the ability to read the room and adapt communication. The Security Analyst, Incident Response will rely on factual and data-driven assessments and not lead with fear or assumptions. The ideal candidate is one who is highly technical but possesses some business acumen, having worked in security administration, incident response and security operations center (SOC) roles. Practical IR management, and hands-on technology experience in security principles is required in this role.

This is a remote position that can be home based anywhere within the United States.

MAJOR RESPONSIBILITIES Respond to and investigate internally and externally driven incidents. Response may need to occur off-hours and on a scheduled rotation. Coordinate incidents included, but not limited to, ransomware, host compromise, credential and account compromise, phishing, internal threats, third parties, and data leakage. Review events for anomalies and possible incidents. Work closely with information security leadership and business stakeholders and as part of a team of responders Regularly lead and participate in incident response tabletop exercises designed to identify gaps, improve skills, enhance communication, and engage with key stakeholders. Review technical reports from vulnerability and penetration testing assessments, as well as results from tabletop exercises to identify exposure to future incidents. Refine, recommend, and maintain playbooks, policies, procedures and guidelines, and align with industry best practices. Monitor performance of Incident Response services by defining and tracking key performance indicators and producing those reports regularly and as needed by leadership. Liaison with threat hunting, infrastructure, IT, vulnerability management, threat intelligence and software engineer team members. Document and communicate incident details from initial investigation through closure and post-mortem. Maintain chain of custody and verify evidence is preserved and has not been tampered with. Under management supervision and direction, communicate with legal and, when needed, external response firms and law enforcement. Uphold professional accountability to remain educated on incident response skills and abilities. Identify strengths and weaknesses in the program for team members to improve skills and knowledgebase. Openly support the organization, management, and executive leadership team, even during times of adversity .Perform other duties as assigned.

FORMAL KNOWLEDGE Preferably 5+ years' experience, or more, in security systems administration, and 3+ years in a security incident response or related role. Understanding of threats and vulnerabilities, in addition to principles of IR and chain of custody. Hands-on experience with forensic tools, log correlation and malware analysis solutions. SIEM, threat intelligence platform, directory services, vulnerability management and endpoint configuration experience.Knowledgeable about cloud services, third-party risk management and application security. Bachelor's or master's degree in Computer Science, Information Systems, or another related field. Or equivalent combination of education and work experience.5+ years of relevant Information Technology (IT) experience. IT Security technical hands-on experience including vulnerability scanning, log management systems, Active Directory and Unix system security, Application Security, Security Information and Event Management (SIEM) Systems, asset and patch management systems, virtualization platform security, and securing of cloud security solutions. Track record of acting with integrity, taking pride in work, seeking to excel, and being curious and flexible Experience with Cybersecurity Incident Response Process documentation. Experience with IT Forensics processes and procedures a plus.IT Security certifications a plus. Knowledge of frameworks, NIST CSF, PCI-DSS, CIS Controls v8, or similar a plus. Broad range of knowledge, including both technical and non-technical facets of IT internal controls and compliance, including logical and physical controls for applications, infrastructure, and e-Commerce. Knowledge of industry best practices and standards for IT Security and Risk Management.

COMPETENCIES/SKILLS Understanding of threats and vulnerabilities, in addition to principles of IR and chain of custody Business insight - Applies knowledge of business and the marketplace to advance the organization's goals. Decision quality - Makes good and timely decisions that keep the organization moving forward. Action oriented - Takes on new opportunities and tough challenges with a sense of urgency, high energy, and enthusiasm. Optimizes work processes - Knows the most effective and efficient processes to get things done, with a focus on continuous improvement. Ensures accountability - Holds self and others accountable to meet commitments Collaborates - Builds partnerships and working collaboratively with others to meet shared objectives. Communicates effectively - Develops and delivers multi-mode communications that convey a clear understanding of the unique needs of different audiences Instills trust - Gains the confidence and trust of others through honesty, integrity, and authenticity.

SPECIALIZED TRAINING OR KNOWLEDGE Security certification such as Security +, CISSP, CISM, CRISC, or CISA desired

SPECIAL MENTAL OR PHYSICAL DEMANDS Self-motivated and able to organize work for others. Able to work quickly with attention to detail including in high-pressure situations. Ability to communicate technical concepts to a broad range of technical and non-technical staff. Occasional evening and weekend work to meet deadlines Sitting for extended periods of time

The starting rate is $88000 to $115000 annual. The final candidate's relevant experience/skills will be considered before an offer is extended. Actual starting pay will vary based on non-discriminatory factors including, but not limited to, geographic location, experience, skills, specialty, and education.

The American Cancer Society has adopted a vaccination policy that requires all staff, regardless of position or work location, to be fully vaccinated against COVID-19 (except where prohibited by state law).

ACS provides staff a generous paid time off policy; medical, dental, retirement benefits, wellness programs, and professional development programs to enhance staff skills. Further details on our benefits can be found on our careers site at: jobs.cancer.org/benefits. We are a proud equal opportunity employer. #J-18808-Ljbffr