Technical Director – Cyber Security at Healthfirst


Technical Director Cyber Security


Healthfirst is seeking an experienced Information Security Leader with experience leading complex projects, programs, demonstrated leadership experience, and people development experience. The successful candidate will lead and manage teams providing IT governance risk and compliance, security operations, and security architecture. The candidate will also coordinate across the organization to include close interaction with the privacy office and other risk and compliance functions. Candidate will have a strong background in many of the following disciplines: Leadership, Management, SOC Operations, People Development, Security Engineering, Digital forensics, IT security, Cyber incident handling, Network Engineering, Networks, and Database. Our ideal candidate must have “boots on the ground” experience in managing and responding to live incidents.

The candidate will have experience leading information security teams and managing complex projects and programs have intimate knowledge of the Information Security environment. Information security efforts led to include Policy and Guidance, Information Security Compliance; Cyber Security Assessments; Application Penetration Testing; Malware Reverse Engineering; Security Engineering; Incident Response; SIM/SOC Support; Secure Wireless, Design and Implementation; 3rd Party Software Testing/Evaluation; training development; Penetration Testing, Vulnerability Assessment, Information Security Architecture; and Enterprise Architecture.

Duties/Responsibilities :

  • Work with the CISO, Cyber Security and I/O leadership to develop, implement, and mature cyber security strategy, programs, and capabilities across healthFirst. This includes leading teams, coordinating with key corporate stakeholders to include the IT, privacy, and business teams, and managing enterprise security risk.
  • Collaborate with the Lead Security Architect and IT leaders to identify solutions and define security requirements that drive the Information Security Office priorities and define appropriate solutions. Field ad hoc security requests and requirements from the business units and coordinate with key stakeholders to identify and implement solutions.
  • Lead direct support of the Incident Response team to include addressing/managing the life-cycle of security attacks and system compromises. Provides technical leadership to ensure the situation is handled in a way that limits damage and reduces recovery time / cost to the enterprise.
  • Lead and develop technical capability of network penetration, web and mobile application testing, source code reviews, threat analysis, wireless network assessments, and social engineering projects. Effectively communicate proactive findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel. Build scripts, tools, or methodologies to enhance healthfirst’s vulnerability assessment and penetration testing processes.
  • Provide Technical Leadership for the monitoring, of healthfirst’s technical and non-technical continuous monitoring capabilities.
  • Recognize and safely utilize attacker tactics and procedures in proactive engagement to assess the internal and external security posture of healthfirst networks.
  • Provide cross team to support application development teams to help incorporate findings into coding and maintenance of applications.
  • Provide Senior Leadership the Cyber Incident Response capability, team, and related stakeholders and to be able to address/manage the life-cycle of a security breach or attack. Ensures the situation is handled in a way that limits damage and reduces recovery time / cost to the enterprise while coordinating across the organization to include legal, HR, Privacy, and the Business.
  • Lead the planning, design and implementation security solutions, tools, and monitoring systems. Review new systems designs and major modifications for security implications prior to implementation. Document, analyze, and report on IS business processes to recommend security enhancement and improvements. Provide leadership and mentoring advisory services stakeholders.
  • Lead advanced computer and network forensic investigations relating to various forms of malware, computer intrusion, theft of information, denial of service, data breaches, and identify and remediate gaps as identified throughout the investigation.
  • Lead the maturing and development of the incident response program to include identifying and implementing tools, technologies and processes that maintain and enhance healthfirst’s ability to respond to evolving threats.
  • Develop responses to emerging threats, and known tactics, techniques and procedures (TTP’s). Responses will inform security operations, architecture, policies and procedures, Security Architecture, and Business Information Security Engineering.
  • Collaborate and coordinate with healthfirst with leadership and stakeholders, including IT and incident response organizations, as well as other forensic and intrusion analysts. This included documentation of findings, creation of recommendations, and providing reporting and status.
  • Additional duties as assigned.

Minimum Qualifications :

  • Information security experience in most the following areas: IT security, incident handling and response, exploit analysis, network intelligence gathering, IT Networking, Database Engineering/Administration, Systems Engineering and Operations.
  • IT engineering or Security Engineering experience
  • Strong knowledge of information security, client/server architectures, and networking
  • Experience leading a Cyber Operations Teams and running Enterprise wide incident response
  • People leadership competency

Preferred Qualifications:

  • BS in Computer Science, Engineering, or related field preferred.

Certified Ethical Hacker (CEH) or related certification

  • Strong knowledge of host and network forensic tools and techniques
  • Strong knowledge of information security, client/server architectures, and networking
  • Strong knowledge of current and evolving cyber threat landscape
  • Familiarity with threat intelligence and applied use within incident response and forensic investigations
  • Experience with malware analysis and understanding attack techniques
  • Experience interpreting, searching, and manipulating data within enterprise logging solutions
  • Experience working with network, host, and user activity data, and identifying anomalies
  • Malware analysis, sandboxing, and software reverse engineering
  • File system forensics (FAT12/16/32, exFAT, NTFS, HFS, HFS+, EXT2/3/4, RAID)
  • Network forensics, including protocol and traffic analysis
  • Database exploitation/forensics
  • Advanced Registry and Internet history analysis
  • Metadata extraction and analysis
  • Network and security log analysis and correlation, including Microsoft Windows and Exchange servers, firewalls, IDS and IDP systems, SEIMs (Qradar), proxy servers
  • Working knowledge of computer/server hardware and storage configurations (i.e., file and database servers, SANs, RAID, hypervisors and VMs)
  • Knowledge of basic programming using Python, Perl, or Shell scripting
  • Strong oral and written communication skills
  • Proven experience in managing the incident response lifecycle.
  • Experience communicating and documenting details of the incident and creating status reports.
  • WE ARE AN EQUAL OPPORTUNITY EMPLOYER. Applicants and employees are considered for positions and are evaluated without regard to mental or physical disability, race, color, religion, gender, national origin, age, genetic information, military or veteran status, sexual orientation, marital status or any other protected Federal, State/Province or Local status unrelated to the performance of the work involved.

GIAC Certified Forensic Analyst or related certification

Full time


See all IT Jobs >

Sign up for Daily Remote Job Alerts!

Want Access to 30,000+ More Remote and Flexible Jobs?

More Jobs

More Jobs

Part-time to full-time,
freelance to employee

More Career Fields

More Career Fields

50+ flexible
job categories

More Resources

More Resources

Q&A's, webinars,
career coaching & more

Learn More About Our Premium Service