Information Security Forensic Lead

The Information Security Forensic Lead position is a valued member of the IPSO department and will work closely with other members of the SOC, IPSO (Risk, Privacy, etc.) and IT programs to develop and implement a comprehensive approach to the management of security risks and forensics. The role involves conducting thorough investigations into the nature of attacks, assisting in investigating cyber incidents, and conducting high-level security investigations, computer forensic investigations, data recovery, and electronic discovery.

The candidate must have a solid foundation of technical experience and expertise and possess strong communication skills. The lead will evaluate incidents identified by SOC Analyst analysts and use threat intelligence to pinpoint affected systems and assess the attack's extent. Responsibilities include analyzing running processes and configurations, performing forensic imaging, and using approved legal forensic software (e.g., EnCase, FTK). The role also involves carrying out in-depth threat intelligence analysis to find the perpetrator, the type of attack, and the data or systems impacted, and creating and implementing strategies for containment and recovery.

Education/Experience

• Bachelor's degree in Computer Science, Cybersecurity, Information Security, Management Information Systems, Information Technology, Engineering, or related field required.
• Five (5) years of experience in Information Technology/Cybersecurity, System Analysis, and Forensic Tools (e.g., FTK, EnCase).
• Log Management and SIEM experience (e.g., Splunk, IBM QRadar, HP ArcSight).
• Experience in Endpoint Security (e.g., Carbon Black, Symantec, McAfee, Forefront).
• Experience in various areas of IT system/network administration.
• Experience conducting security assessments, penetration testing, and ethical hacking preferred.
• Knowledge and experience with Windows, Macintosh, Linux or UNIX operating systems.
• Understanding of information systems security; network architecture; general database concepts; document management; hardware and software troubleshooting; intrusion tools; and computer forensic tools.
• Inquisitive, problem-solving orientation with strong analytical, critical observation skills.
• Excellent written and oral communication skills.

Certifications/Licensures

• Certified Forensic Computer Examiner (CFCE) certification.
• Certified Information Systems Security Professional (CISSP) certification; required to obtain if not already held.

Benefits

The health and overall well-being of our team members is our priority. The Total Rewards program includes competitive health plan options, dental and eye care coverage, tuition assistance, family forming benefits, and discounts to various businesses. Employees classified as contingent status are not eligible for benefits.

Equal Employment Opportunity/Affirmative Action Employer

Henry Ford Health is committed to the hiring, advancement, and fair treatment of all individuals without regard to race, color, creed, religion, age, sex, national origin, disability, veteran status, size, height, weight, marital status, family status, gender identity, sexual orientation, and genetic information, or any other protected status in accordance with applicable federal and state laws.