The Manager, Cybersecurity Incident Response & Threat Management is responsible for overseeing a team of skilled Incident Response engineers and cybersecurity analysts to ensure early and accurate detection, response, containment and recover from cyber threats directed at M Health Fairview. This role reports into Director of Cybersecurity helping build strategy, roadmap and execute on targeted plans to accomplish digital transformation. As a security practitioner and lead technical subject matter resource, the ideal candidate possesses deep security knowledge/expertise in the areas of threat detection, threat hunting, vulnerability management, advanced analytical skills reviewing IOB/IOCs and preparing targeted remediation plans where necessary. Successful candidate in this role will lead analysis, investigation and response to potential breaches involving any technology used today: mobile devices, laptops and workstations, servers, networking switches, IoT devices, or cloud-based accounts and infrastructure. Manager will continually augment and strengthen Digital Forensics Incident Response skill set for self as well as helping develop the skills of the entire Incident Response team.
The Manager, Cybersecurity Incident Response & Threat Management has key responsibilities include the following:
Lead and serve as a mentor for internal Threat Hunting, Incident Response and Forensics team, actively improving our capabilities.
Partner with Cyber Security Operations Center and Engineering groups to improve operations, detection, response and recovery.
Drive end-to-end Cybersecurity incident response activities, serve as an escalation point for high priority or complex incidents.
Drive continuous refinement and improvement of incident response processes, playbooks, Standard Operating Processes (SOPs).
Grow and mature Threat Intelligence Program and applicability of detected threats to drive actionable intelligence.
Identify gaps in visibility and detection methodologies. Regularly evaluate current log quality and content development strategies, identify new data sources to enrich logs and new threat detection logic.
Provide incident metrics to other Cybersecurity and business leadership.
Build and maintain relationships with M Health Fairview IT and business stakeholders
Build and maintain relationships with local law enforcement and cyber defense authorities
Build and maintain relationships with key vendors.
Participate in internal and/or external audits as required.
Assist in developing and enhancing Cybersecurity strategy and roadmap
Collaborate with Cybersecurity and IT Risk Management peers to improve automated correlation, vulnerability scanning, code review/applications testing and other detection security tools
Manage security tools and associated professional service contracts and deliver capabilities
Partner with Infrastructure and Security leadership teams to develop use cases for security automation and response, logging, monitoring, threat defense
Contribute to the execution of Cyber Security operations, incident response, and investigations spanning across all functions of the Cybersecurity organization
Bachelors degree in Computer Science, Engineering or associated fields OR combination of relevant education/experience.
12+ years of experience in IT and associated fields with minimum of 8 years in Information Security area
3+ years of experience in leading Cybersecurity Operations, threat hunt, incident response, digital and/or network forensics, threat and vulnerability management functions
Deep experience with most common operating systems (Windows, macOS, Linux, iOS, Android) and their file systems (ext3/4, HFS+, APFS, NTFS, exFAT, etc.).
Demonstrated ability to lead technical teams and strategic projects.
Development of incident response and operations processes and playbooks
Understanding of common security tools, instrumentation, and detection methodologies EDR, SIEM, IDS/IPS, proxies, etc.
Understanding of core networking concepts (TCP/IP, etc.) and common protocols (HTTP, SMB, etc.).
Understanding of tools, techniques used by hackers to breach networks, server systems, cloud workloads or applications
Exposure to Zero Trust Security approach and methods
Demonstrated understanding of security related technologies and practices, including: authentication and authorization systems, endpoint protection, encryption, segmentation strategies, vulnerability management, network and Host Incident Detection and Prevention, Data Loss Prevention, Data Security, risk based and strong authentication, cloud access security, secure remote access, firewalls, Application Security etc.
Diverse technical background and exposure to enterprise networking, firewall, storage options, server infrastructure, operating systems, application development, database technologies, and desktop operating systems and cybersecurity.
Excellent abilities to effectively communicate both verbally and written with all levels within the organization
Ability to influence through outstanding interpersonal skills, collaboration, and negotiation skills both in-person and remote work environments
Deliver on SLA/OLA commitments under tight deadlines and/or budgetary and other resource constraints
Bachelors or higher degree in Computer Science, Cybersecurity, Engineering or associated field
15 years of experience in Cybersecurity and infrastructure management areas
5 years of experience in managing people and delivering large information security programs
Experience working in the healthcare services industry or other highly regulated and/or compliance oriented environments.
Experience in leading RED/BLUE/PURPLE teams
Managing delivery of Security programs using strategic and global teams
Industry certifications such as CISSP, CISM, GCFE, GCIH, CCE, EnCE or equivalent digital forensics / incident response certification.
Together with the University of Minnesota and University of Minnesota Physicians we have created M Health Fairview. M Health Fairview is the newly expanded collaboration among the University of Minnesota, University of Minnesota Physicians, and Fairview Health Services. The healthcare system combines the best of academic and community medicine — expanding access to world-class, breakthrough care through our 10 hospitals and 60 clinics.
Fairview Health Services (fairview.org) is an award-winning, nonprofit health system providing exceptional care across the full spectrum of health care services. Fairview is one of the most comprehensive and geographically accessible systems in the state, with 10 hospitals—including an academic medical center and long-term care hospital—serving the greater Twin Cities metro area.
Its broad continuum also includes 60 primary care clinics, specialty clinics, senior living communities, retail and specialty pharmacies, pharmacy benefit management services, rehabilitation centers, counseling and home health care services, medical transportation, an integrated provider network and health insurer PreferredOne. In partnership ...with the University of Minnesota, Fairview’s 32,000 employees and 2,400 affiliated providers embrace innovation to drive a healthier future through healing, discovery and education.