This senior level employee is primarily responsible for overseeing the maintenance and protection of integrity and reliability of the security of data, systems and networks.
As a Cyber Forensics Investigator, you will participate in the use of state-of-the-art tools to investigate computer-facilitated crimes and corporate policy violations. Kaiser Permanente is seeking ethical, driven, and creative forensics investigators with a track record of successfully solving cases. Highly desirable attributes for this position include one or more of the following:
- Experience with remote forensic technologies such as EnCase Enterprise and FTK Enterprise
- Experience conducting digital investigations in a corporate or law enforcement setting
- Excellent written and verbal communication skills with an ability to explain digital forensics findings to non-technical audiences
- Possession of one of the following certifications: EnCE, CFCE, GCFA, CCE, DFCP, SCERS, ACE, EnCEP
- Prior testimony as an expert witness
- Conducts or oversees business-specific projects by applying deep expertise in subject area; promoting adherence to all procedures and policies; developing work plans to meet business priorities and deadlines; determining and carrying out processes and methodologies; coordinating and delegating resources to accomplish organizational goals; partnering internally and externally to make effective business decisions; solving complex problems; escalating issues or risks, as appropriate; monitoring progress and results; recognizing and capitalizing on improvement opportunities; evaluating recommendations made; and influencing the completion of project tasks by others.
- Practices self-leadership and promotes learning in others by building relationships with cross-functional stakeholders; communicating information and providing advice to drive projects forward; influencing team members within assigned unit; listening and responding to, seeking, and addressing performance feedback; adapting to competing demands and new responsibilities; providing feedback to others, including upward feedback to leadership and mentoring junior team members; creating and executing plans to capitalize on strengths and improve opportunity areas; and adapting to and learning from change, difficulties, and feedback.
- Leads team in the proactive monitoring and/or response to known or emerging threats against the KP network.
- Effectively communicates investigative findings to non-technical audiences.
- Plans and facilitates regular operations meeting with TDA, TRI, and/or TAG teams.
- Supports closed loop processes on security efforts by providing feedback to the TDA leads and/or leadership.
- Participates in information fusion procedures across operations and engineering, including activities such as Use Case planning/development, Use Case quality assurance validation, and response procedure documentation.
- Serves as a liaison between stage teams and upper management by identifying issues, improvement areas, or security/architectural gaps and suggesting appropriate improvements.
- Drives the development of the CDC intellectual capital by leading process or procedure improvements, consulting on 'brown bag' training sessions, and leading the development of new training documents.
- Partners with the CDC Policy Engineers and Remediation teams to contain identified issues and determine the best approach for improving security posture.
- Facilitates follow-up remediation design and review efforts.
- Leads the investigation and triage of security events across multiple domains.
- Leads complex data analyses in support of security event management processes, including root cause analysis.
- Coordinates the response and resolution of high impact or critical cyber security incidents.
- Leads the deployment of threat detection capabilities and/or incident response plans which may include after-hours support and coordination among responsible teams.
- Drives the execution of incident detection and/or handling processes which may include containment, protection, and remediation activities.
- Minimum two (2) years in an informal leadership role working with project or technical teams.
- Bachelor's degree in Business Administration, Computer Science, Social Science, Mathematics, or related field and Minimum eight (8) years experience in IT or a related field, including Minimum two (2) years in information security or network engineering. Additional equivalent work experience may be substituted for the degree requirement.
- Two (2) years of work experience in a role requiring interaction with senior leadership (e.g., Director level and above).
- Three (3) years work experience requiring the development of technical documents or presentations.
- Three (3) years experience in IT incident management, including the development and/or deployment of remediation plans.
- Security certification (Security+, CISSP, CISA).