Wednesday, June 28, 2017

Incident Response

- candidates are expected to make "quick contributions"
- have the tools to monitor and detect information for any incidents
- write reports that will help anyone on the team walk through an incident
- system analysis skills
- be able to take a "deep dive" into a hard drive and perform forensic analysis on machines and write a report on findings
- make sure Malware does not provide a means for an attacker, for ex.

Official Job Description:

Candidate should have hands-on experience with incident response.  My goal is to find someone that can make immediate contributions to the team through responding to incidents, individually contributing to the development of internal incident response procedures based on their past experience and expertise. Ability to perform deep dive forensic analysis (memory and disk-based analysis

Job Description Summary
***'s Enterprise Information Security group is seeking to add more experts to our cyber security
operations and would like to talk to you if you have demonstrable experience in network forensics, disk and
memory forensics, malware analysis, incident handling, and/or threat intelligence. We are looking for
experienced professionals to work on a team of dedicated incident responders. You will be part of a growing
cyber security program, with an opportunity to put your skills to the test in defending a large enterprise network
and safeguarding information assets while supporting the needs of our patients, physicians, colleagues and

1. Knows, understands, incorporates and demonstrates the *** Mission, Vision, and Values in
behaviors, practices and decisions.
2. Provides advanced system management, monitoring, support, troubleshooting, and resolution of all network
security issues within the enterprise network. Provides advanced technical support and manages technology
implementations of network security systems in the system office and enterprise LAN/WAN environments.
3. Provides in-depth knowledge and techniques for second level support to all service groups with network
security dependencies, such as DMZ and Internet services, VPN services and firewall services.
4. Performs root cause analysis for all related network security device outage and performance issues.
5. Assists in the development of a technology architecture plan with a network security focus, in order to ensure
integration and support of overall business requirements and strategic business objectives.
6. Supports all new project planning initiatives and project time-line development. Provides assistance in
technology design and deployment. Develops and coordinates project implementation tasks and plans.
7. Keeps abreast of current industry best practices; develops knowledge through self-study in order to increase
expertise as subject matter expert for understanding, designing, and implementing network security solutions.
8. Educates and mentors network security analysts.
9. Performs other duties as assigned.
10. Maintains a working knowledge of applicable Federal, State and local laws/regulations; the ***
Integrity and Compliance Program and Code of Conduct; as well as other policies and procedures in order to
ensure adherence in a manner that reflects honest, ethical and professional behavior.

Additional Job Description
1. Bachelor’s degree with five (5) to seven (7) years of related experience in infrastructure environments
performing enterprise level network security management and administration using hardware and software
security solutions for LANs and WANs with latest technology or equivalent combination of education and
applicable experience.
2. Must be committed to continual personal and profession growth, possess a pro-active approach with a
willingness to “go the extra mile”, every time for the customer.
3. Must possess advanced administrative experience with Advanced Threat Prevention tools (e.g, FireEye, Palo
Alto Wildfire, etc.), computer forensics tools (e.g., FTK or EnCase) and end point detection and response (EDR)
tools (e.g., Carbon Black, Crowd Strike, etc.).
4. Must have experience with available management & troubleshooting tools such as WireShark, TCPDump and
5. Experience with Linux operating systems is preferred
6. Related experience with intrusion prevention systems and monitoring, including event correlation through
Security Information Event Management system (SIEM) is preferred.
7. Must possess experience in creating technical documentation, network diagrams, and job-aids with Microsoft
applications Visio, Word, Excel and PowerPoint.
8. Demonstrated leadership ability and detailed project management skills.
9. Ability to work independently, manage multiple priorities and to effectively adapt to rapidly changing
technology and business needs with demonstrated ability to prioritize projects & work load.
10. Must be able to set and organize own work priorities, and adapt to them as they change frequently.
11. Certification designation is a plus. (GIAC Certified Forensic Examiner (GCFE) or CISSP with a security
engineering focus).
12. Must be team oriented, supportive, and committed to excellence and possess high level of initiative and
with demonstrated work ethic.
13. Must be committed to continual personal and profession growth, possess a pro-active approach with a
willingness to “go the extra mile”, every time for the customer.
14. Must be comfortable operating in a collaborative, shared leadership environment.
15. Must possess a personal presence that is characterized by a sense of honesty, integrity, and caring with the
ability to inspire and motivate others to promote the philosophy, mission, vision, goals, and values of ***

1. This position operates in a typical office environment. The area is well lit, temperature-controlled and free from
2. Incumbent communicates frequently, in person and over the telephone, with people in a number of different
locations on technical issues.

3. Manual dexterity is needed in order to operate a keyboard. Hearing is needed for extensive telephone and in
person communications.
4. The environment in which the incumbent will work requires the ability to concentrate, meet deadlines, work on
several projects at the same period and adapt to interruptions.
5. The incumbent must be capable of traveling in the course of completing project assignments.
6. Must be available for on-call rotations to support 24x7x365 service availability.
7. Must be able to travel to the various *** sites (up to 20%) as needed (may or may not apply).
The above statements are intended to describe the general nature and level of work being performed by people
assigned to this classification. They are not to be constructed as an exhaustive list of duties so assigned. 

   Molly Celestini | Sr. Technical Recruiter
  Strategic Staffing Solutions
  645 Griswold, ste 2600 Detroit, MI 48226