We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
Henry Ford Health System jobs

Principal Forensic & Incident Response Architect | Full Time

Henry Ford Health System
United States, Michigan, Detroit
Apr 17, 2025

GENERAL SUMMARY:

Working within the Information Privacy and Security Office, the Principal Forensic and Incident Response Architect works closely with all IT departments to detect, analyze, contain, and mitigate computer security incidents. This position is expected to lead and participate in incident response activities including but not limited to computer forensic investigations, live response and triage, and electronic discovery. The Principal Forensic and Incident Response Architect will also perform proactive activities including, but not limited to threat hunting, detection engineering, and tabletop exercises. The Principal Analyst will serve as an escalation point for cyber security incidents and provide oversight of cyber security investigations. The Principal Forensic and Incident Response Architect will report to the Director of Incident Response. This position will work in a collaborative effort with IT and business units to ensure that cyber security incidents are handled appropriately to mitigate the impact of a cyber security incident.

EDUCATION/EXPERIENCE REQUIRED:



  • Bachelor's Degree (Security, Technology, or Forensics) or equivalent of five (5) years of relevant experience in lieu of degree is required.
  • Minimum of two (2) years leading hands-on enterprise security incident response investigations, required.
  • Minimum of two (2) years executing threat hunting in both on-premise and cloud environments using both automated tools and manual techniques, required.
  • Solid understanding of network and system intrusion and detection methods, examples of related technologies include SIEM, End Point Detection and Response, firewalls, hacking tools, techniques, and procedures.
  • Deep understanding of Windows and Unix\Linux operating systems including logging facilities.
  • Understanding of network protocol analysis, public key infrastructure, SSL, Active Directory. Understanding of basic malware analysis, endpoint lateral movement detection methodologies and host forensic tools.
  • Understanding of Indicators of Compromise (IOCs) and attacker TTPs.
  • Familiarity with MITRE ATT&CK.
  • Expert understanding of information systems security; network architecture; general database concepts; document management; hardware and software troubleshooting; electronic mail systems; Microsoft Office applications; intrusion tools; and computer forensic tools such as Axiom, EnCase, Access Data, and/or FTK.


CERTIFICATIONS/LICENSURES REQUIRED:



  • GCIH - GIAC Certified Incident Handler, preferred. GNFA - GIAC Network Forensic Analyst,
  • Preferred. GCFA - GIAC Certified Forensic Analyst
  • Preferred. GCFE -GIAC Certified Forensic Examiner
  • preferred. CFCE - Certified Forensic Computer Examiner, preferred.

Additional Information


  • Organization: Corporate Services
  • Department: Ascension Cybersecurity IR
  • Shift: Day Job
  • Union Code: Not Applicable

Applied = 0
MORE JOBS LIKE THIS

(web-77f7f6d758-rjjks)