Cyber Security Engineer

The Intersect Group is seeking an experienced Cybersecurity Engineer for our direct healthcare client, where you will join a Cybersecurity team that delivers in-depth technical security services for the company’s most critical applications and infrastructure, ensuring they are highly resilient against existing and emerging cybersecurity threats.

6 month contract to hire

Location: Addison (Dallas North Tollway & Spring Valley)

Schedule: Hybrid (2-3 days onsite)

Interview process: 3 rounds (2 virtual and final is onsite)

Required:

• 4 years of Information Technology experience
• 3 years of Cybersecurity experience specializing in SIEM design and implementation
• BS in Computer Science or equivalent field preferred. Related job experience may substitute
• GIAC-GCED, GCDA, GDSA, GMON, or other equivalent industry-standard security certifications preferred

Other skills:

• Must be fluent in English.
• Expert investigating incidents, leveraging and managing an SIEM platform
• Working knowledge of MITRE ATT&CK and other common Tactics, Techniques, and Procedures
• Working knowledge of CIS Top 20, NIST, or other security frameworks
• Ability to interact and negotiate across various departments
• Excellent management and communication skills
• Experience with security incidents and forensic investigations
• Knowledge of and experience with risk management and mitigation

Duties:

The Cybersecurity Engineer provides engineering and operational support for the SIEM and SOAR technologies area within corporate Cybersecurity. This position ensures that all system components are maintained, updated, monitored, accessible, and available in accordance with cybersecurity standards while partnering with other engineers to evaluate, test, and implement diverse solutions. The Cybersecurity engineer will assist in cybersecurity investigations leveraging SIEM and SOAR. Other key responsibilities include:

• Serve as subject matter expert for the cybersecurity operations team and primary escalation point for SIEM platform issues, contributing to root-cause analysis, troubleshooting, and service restoration procedures.
• Contribute to the development of enterprise-wide cyber security strategy by contributing to efforts with other stakeholders and working directly with Company’s service providers.
• Reporting security gaps to leadership as applicable with appropriate recommendations
• Providing strategic direction for Corporate, Healthcare Facilities, and Company-related business lines regarding data security, incident response, emerging cyber security technologies, and industry best practices
• Intermediate Linux knowledge, including CLI and scripting (Python and/or PowerShell)
• Intermediate understanding of cloud environments and ingesting logs from these environments
• Willingness to support on an as-needed basis (including after-hours) active SIEM and investigation support during active incident response efforts
• Interface with cybersecurity engineers, governance, and IT teams to assist in obtaining data analytics or data protection reports and correlations
• Develop effective correlation rules and perform ongoing development for additional use cases
• Tune SIEM components to ensure maximum reliability and reduce false positives
• Integrate SIEM with a wide variety of data sources and industry-leading commercial security tools
• Assist and perform testing of implemented solutions, recommend improvements, and support the deployment of changes following Tenet's change and release management process.
• Perform maintenance and optimization of existing SIEM deployments
• Promptly respond to requests for assistance from SIEM users and others
• Adhere to relevant policies, procedures, standards, and security good/accepted practices
• Resolve problems independently and understand escalation procedure
• Respond promptly to all requests for access or other security exceptions requiring approval or involvement from the information security team
• Generate custom dashboards, metrics, and/or reports as directed by Cybersecurity leadership
• Assist with investigations and/or incidents as requested (including after hours on an as-needed basis)
• Represent Company on external & internal risk and information security groups, as necessary.
• Create formal documentation such as reports, training material, slide decks, and architecture diagrams