Cyber Security Analyst - Incident Response Management

The Security Specialist will lead efforts to improve the IT security program including any security assigned engineering, threat and vulnerability tasks, identity management, information security management and application security programs.  

Please note this is a hybrid opportunity (3 days in the office and 2 days work from home).   

• Respond to security events covering all phases including identification, containment and eradication to threats that are escalated from external customers, Internal security teams, and other teams.
• Lead complex investigations that will include, triage, containment/mitigation, scoping, analysis, remediations, and after-action reporting and documentation.
• Work closely with security engineering teams to improve monitoring, detection, and tooling.
• Act as engagement point for wider technology teams within Major Incident Management framework.
  support and maintain response strategy to severe incidents and key attack scenarios.
• Maintain coordination and communication streams horizontally and vertically as part of major cyber related incident handling.
• Develop and maintain Incident Response Plans.
• Perform technical analysis and triaging as part of incident investigation and enhance technical controls to improve security posture.
• Actively collaborate with Cyber Intelligence teams to ensure response capabilities are adequate to the threat.
• Experience working on Windows, Mac, and Linux operating systems.

Education: 

• 3+ years’ experience with the implementation and support of an IT Security program including aspects of threat and vulnerability management, security management, and cyber security incident management, projects, procedures, and processes.   
• Ability to manage and lead assigned resources including contractors and company employees. 
• Experience in developing, documenting, and maintaining security policies, processes, procedures, and standards.  

Knowledge:

In-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls. Familiar with management frameworks: International Organization for Standardization (ISO) 2700x , ITIL, COBIT and National Institute of Standards and Technology (NIST) Understanding of risk assessment methods and technologies. Technical knowledge of mainstream operating systems (MS Office programs, anti malware solutions, automated policy compliance). Network infrastructure – routers, switches, firewalls, etc.  

Skills:

• Strong multitasking capability and critical thinking skills are essential.
• Work independently
• Lead IT security projects, judgement and decision making, performing risk, business impact.
• Ability to work under pressure, strong analytical skills.
• Communication – Strong written and verbal
• Strong customer/client focus 

While we appreciate and value our staffing partners, we do not accept unsolicited resumes from agencies. Quest will not be responsible for paying agency fees for any individual as to whom an agency has sent an unsolicited resume. 

Quest Diagnostics is an equal employment opportunity employer. Our policy is to recruit, hire and promote qualified individuals without regard to race, color, religion, sex, age, national origin, disability, veteran status, sexual orientation, gender identity, or any other status protected by state or local law. Quest Diagnostics observes minimum age requirements established by federal, state and/or local laws, and will ask an applicant for verification when deemed necessary.