People who do great work deserve great support. That's why we care about building a culture of flexibility, learning, and belonging. Our goal is to help you be the best 'you' that you can be, both inside and outside of work. That isn't just good for you -- it's good for the people you love, too. Your best work starts here. We're excited about where it may take you!
Job Summary
This position is responsible for leading shifts for the Security Operations Center (SOC). Our SOC provides 24x7x365 managed security services for healthcare customers. Members of the SOC team are responsible for monitoring and alerting on key security technologies within each customer environment, identifying security events, performing analysis, creating new and tuning existing detection rules, and integrating with client’s incident response activities. In this role, the Team Lead I will monitor, detect, analyze, and report on security alerts discovered within Fortified Health Security’s customer infrastructures. They will monitor various security technologies within these environments and report all investigated and validated findings to the proper customer in accordance with the approved communication plan. Furthermore, the SOC Shift Lead helps coordinate 24x7 shift staffing to support mission-critical operations, including incident response, and managing surge support.
Essential Job Functions
The following duties are normal for this position. The omission of specific statements of duties does not exclude them from being expected of this position if the work is similar, related, or a logical assignment for this position. Other duties may be required.
- Partner with clients on service delivery execution of all LOBs including but not limited to: Managed SIEM, EDR,& IoMT.
- Create, maintain, and mature Standard Operating Procedures (SOPs) and training documentation.
- Perform and lead advanced incident investigation & research
- Present alerts, metrics, and remediation tasks to customers via approved communication plans
- Work with team members and manager to continually improve security services
- Supervise and manage a shift of Cyber Security Analysts within the SOC.
- Provide guidance and mentorship to improve analyst skill sets and ensure delivery of high quality analysis and work products
- Ensure accountability and punctuality of security analysts
- Capture Cybersecurity metrics in direct-support to executive-level briefings (daily, weekly, monthly)
- Establish trust and business relationships with customer and other relevant stakeholders
- Perform analysis and quality assurance for Team work product
- All other duties and responsibilities as assigned
Education & Experience
- 2+ years leading shifts/teams towards stated objectives.
- 4+ years’ hands-on experience with security tools such as scanners, monitoring and detection, malware protection, security analysis tools and compliance tools (both network and host-based solutions).
- 4+ years' technical experience in the security aspects of multiple computer platforms, operating systems, products, network protocols and system architecture or equivalent training and knowledge through education.
- Significant experience managing cases with enterprise SIEM and EDR systems.
- 4+ years of direct InfoSec experience and/or a bachelor’s degree in CS / MIS preferred.
Special Skills & Knowledge
- Intermediate understanding of the following subject matters/skills:
- Incident response, compliance frameworks (NIST, HIPAA, HITRUST, PCI), analytical intelligence, playbook management, relationship management, technical presentation, detection & suppression rule management, scripting (python, bash, powershell)
- Intrusion detection/prevention systems, firewalls, endpoint detection & response systems, anti-virus systems, DLP, VTM, and cloud infrastructure
- Network security concepts and defense in depth
- Advanced understanding of the following subject matters/skills:
- Attack frameworks, written and verbal communication, security platform health management, security platform log analysis, healthcare operational knowledge, endpoint security knowledge, user security knowledge, network security knowledge, cloud security knowledge, data security knowledge, advanced documentation
- Demonstrated ability to analyze, triage, and remediate security incidents
Licenses, Certifications, etc.
- Security Certifications such as CompTIA Security +, SANS, ISC2, GIAC or Cisco are a PLUS XX
Supervisory Responsibility
- Ensuring the specific shifts have full coverage.
- Coaching, training, & quality assurance
Working Conditions & Travel Requirements
- Hybrid in our Brentwood, TN office (1-2 days a week)