Principal Forensic & Incident Response Architect - Full Time

Company: Henry Ford Health System
Location: Detroit
Posted on: January 28, 2025

Job Description:

Principal Forensic & Incident Response Architect - Full TimeWorking within the Information Privacy and Security Office, the Principal Forensic and Incident Response Architect works closely with all IT departments to detect, analyze, contain, and mitigate computer security incidents. This position is expected to lead and participate in incident response activities including but not limited to computer forensic investigations, live response and triage, and electronic discovery. The Principal Forensic and Incident Response Architect will also perform proactive activities including, but not limited to threat hunting, detection engineering, and tabletop exercises. The Principal Analyst will serve as an escalation point for cyber security incidents and provide oversight of cyber security investigations. The Principal Forensic and Incident Response Architect will report to the Director of Incident Response. This position will work in a collaborative effort with IT and business units to ensure that cyber security incidents are handled appropriately to mitigate the impact of a cyber security incident.PRINCIPLE DUTIES AND RESPONSIBILITIES:

• This position responds to and investigates cybersecurity incidents using cutting edge incident response and digital forensic techniques and tools.
• Performs forensic analysis involving on-premise computer systems and cloud environments.
• Assists in the recovery of potentially lost or compromised data.
• Collects, preserves, and analyzes digital evidence during investigations.
• Documents and reports findings and recommends next steps.
• Evaluates the organization's digital forensics and threat detection tools to identify gaps in monitoring and procedures.
• Works on advanced, complex, technical projects or business issues requiring state of the art technical or industry knowledge.
• Provides a continuous feedback loop to both security architecture and Security Operations Center (SOC) staff to continuously improve incident detection and response capabilities.
• Works with Director of Incident Response in developing a formal enterprise threat hunting capability and executes threat hunting capabilities while tracking relevant metrics.
• Coordinates technical resources for quick response and resolution of critical incidents.
• Performs after-incident case reviews, lessons learned, and collects incident metrics.
• Maintains, manages, and updates the process for handling and responding to computer security incidents.
• Reviews computer security incident reports and documentation to ensure proper documentation in management and compliance systems.
• Maintains proficiency in incident response and digital forensics tools and industry best practices.
• Maintains forensic hardware and software for digital forensic lab practices and procedures and coordinates use of forensic field kits.
• Provides forensic and computer incident management subject matter expertise to leadership.
• Contributes to the development and maintenance of the Information Privacy and Security Office Service Catalog and Corporate Information Security policies and procedures.
• Provides project and status updates to the Director of Incident Response.
• Prioritizes workload based on input and priorities from leadership.
• Ensures technical documentation is current.
• Trains team members on forensic, incident response, threat hunting, and cyber operations.
• Identifies and leads capacity planning activities.
• Complies with auditing requests.EDUCATION/EXPERIENCE REQUIRED:
  • Bachelor's Degree (Security, Technology, or Forensics) or equivalent of 5 years of relevant experience in lieu of degree is required.
  • Minimum of 2 years leading hands-on enterprise security incident response investigations, required.
  • Minimum of 2 years executing threat hunting in both on-premise and cloud environments using both automated tools and manual techniques, required.
  • Solid understanding of network and system intrusion and detection methods.
  • Deep understanding of Windows and Unix/Linux operating systems including logging facilities.
  • Understanding of network protocol analysis, public key infrastructure, SSL, Active Directory.
  • Understanding of basic malware analysis, endpoint lateral movement detection methodologies and host forensic tools.
  • Understanding of Indicators of Compromise (IOCs) and attacker TTPs.
  • Familiarity with MITRE ATT&CK.
  • Expert understanding of information systems security; network architecture; general database concepts; document management; hardware and software troubleshooting; electronic mail systems; Microsoft Office applications; intrusion tools; and computer forensic tools such as Axiom, EnCase, Access Data, and/or FTK.CERTIFICATIONS/LICENSURES PREFERRED:
    • GNFA - GIAC Network Forensic Analyst, preferred.
    • GCFA - GIAC Certified Forensic Analyst, preferred.
    • GCFE - GIAC Certified Forensic Examiner, preferred.
    • CFCE - Certified Forensic Computer Examiner, preferred.Additional Information:
      • Organization: Corporate Services
      • Department: Ascension Cybersecurity IR
      • Shift: Day Job
      • Union Code: Not ApplicableThis posting represents the major duties, responsibilities, and authorities of this job, and is not intended to be a complete list of all tasks and functions. It should be understood, therefore, that incumbents may be asked to perform job-related duties beyond those explicitly described above.
        #J-18808-Ljbffr

Keywords: Henry Ford Health System, Detroit , Principal Forensic & Incident Response Architect - Full Time, Professions , Detroit, Michigan