Penn Medicine - Philadelphia, PA
posted about 2 months ago
The Lead Cybersecurity Incident Response Analyst at Penn Medicine plays a crucial role in ensuring the effectiveness of cybersecurity operations and incident response activities. This position is pivotal in providing technical direction and mentoring to junior and senior analysts within the Security Operations Center (SOC). The Lead Analyst will coordinate multiple 24x7 cybersecurity incident follow-up activities, conduct technical research and analysis of threats and vulnerabilities affecting information systems, and participate in various cybersecurity program activities, including risk assessment, risk management, and risk remediation. The role requires a strong on-site presence for the first six months, after which remote work may be possible. In this position, the Lead Analyst will be responsible for providing technical leadership and coaching to SOC analysts, ensuring the highest quality in the delivery of response services. This includes assisting management in developing processes, service level agreements (SLAs), metrics creation, and enhancing service maturity. The Lead Analyst will receive escalations from the SOC team, conduct investigations, and perform interviews as necessary. They will investigate suspicious network and endpoint activity, provide feedback on incident response playbooks and plans, and partner with information security engineers to implement and maintain security technologies. Additionally, the Lead Analyst will collaborate with information assurance advisors to address network and endpoint security risks, participate in vulnerability management, and manage the forensic chain of evidence as needed. Maintaining written documentation on investigations and performing duties in accordance with Penn Medicine's values, policies, and procedures is also essential. The role may involve other duties as assigned to support the unit, department, entity, and health system organization.