Cerner Cloud Threat Federal Incident Response Analyst in Charleston, South Carolina
Cloud Threat Federal Incident Response Analyst
As a Cloud Threat Federal Incident Response Analyst you will assess required Defensive Cyber Operations (DCO) capabilities in multiple cloud environments (O365, Azure, AWS, Oracle) and develop appropriate detection measures in a mixed Elastic and Splunk environment. You will perform analysis of available cloud environment data feeds, network monitoring and filtering systems (inc. IDS/IPS), and endpoint protection platforms in order to develop unified detection measures. You will ensure the rigorous application of information security/information assurance policies, principles, and practices. You will defend federal information systems against cyber security threats using a variety of tools, data and events and execute cyber incident responses processes. You will execute indicated response for reported or detected cyber incidents, gathering information and data from various sources to contain, analyze and trace the threat. You will recover, secure and preserve physical or logical evidence related to cyber incidents. You will document cyber incidents in the corporate incident management solution to meet audit, compliance and legal requirements. You will identify exposed system vulnerabilities by analyzing forensic evidence and attempting to reverse-engineer or recreate the attack. You will collaborate with engineering teams to resolve threats and minimize vulnerabilities through advanced security architectures. You will continuously monitor system performance and activity, analyzing and reporting any irregularities or suspicious events in accordance with established polices and procedures. You will notify internal and external stakeholders of potential cyber threats and provide guidance on risk avoidance and recovery measures.
Auto req ID:
Applicants for U.S.-based positions with Cerner must be legally authorized to work in the United States. Verification of employment eligibility will be required at the time of hire.
Due to specific client contract requirements, this position requires that the successful candidate be a U.S. citizen. The client contract also requires receipt of the appropriate government security clearance card applicable for the position.
Some Cerner positions may be obligated to comply with client-facing requirements and occupational health requests, including but not limited to, an immunization set, an annual flu shot, an annual TB screen, an updated background check, and/or an updated drug screen.
Cerner is a place where people are encouraged to innovate with confidence and focus on what is important – people’s health and the care they receive. We are transforming health care by developing tools and technologies that make it more efficient for care providers and patients to navigate the complexity of our health. From single offices to entire countries, Cerner solutions are licensed at more than 25,000 facilities in over 35 countries.
Cerner’s policy is to provide equal opportunity to all people without regard to race, color, religion, national origin, ancestry, marital status, veteran status, age, disability, pregnancy, genetic information, citizenship status, sex, sexual orientation, gender identity or any other legally protected category. Cerner is proud to be a drug-free workplace.
EEO is the Law (English) (https://www.cerner.com/-/media/FF88D3155CB245EB98BA1DB8F934E3E5.ashx)
E-Verify Participation (English)
Right to Work (English) (https://www.cerner.com/-/media/E1CD6BEF8082430E882E5CD9D5165A86.ashx)
EEO is the Law (Spanish)
E-Verify Participation (Spanish) (https://www.cerner.com/-/media/88648CD9668E49FBA6EB9C11FAA1634F.ashx)
Right to Work (Spanish)
Receipt of the appropriate government security clearance card applicable for your position
Due to the client contract you will be assigned, this position requires you to be a U.S. citizen
Bachelor of Science in Information Security, Information Systems, Computer Science, Computer Engineering, Software Engineering, Mathematics, or equivalent work experience
At least two years of information technology security work experience
Must possess and maintain DoD 8570 IATII compliant certifications
At least one year of Federal information technology security work experience
At least one year of experience with Cloud monitoring tools preferred (AWS, Azure)
At least one year of Linux administration experience preferred (Redhat)
At least one year of experience with Network traffic analysis and host based log analysis
At least one year of enterprise Windows security (Active Directory)
At least one year Static and Dynamic malware analysis
At least one year of experience using a scripting or development language (e.g. PowerShell or Python)
At least one year of experience with Splunk, Elastic, Carbon Black Response, or Fidelis Network