Lead Specialist, IT Security
The Lead IT Security Specialist will be responsible for continuously monitoring and maintaining threat intelligence proactively as well as working across the enterprise to conduct frequent tabletop exercises. As part of driving the creation of the strategic plan and execution, this role will also vet threat intelligence from both public and private sectors, use probability/impact analysis, conduct threat hunting, and protect Quest Diagnostics.
The candidate should have proven track record of coordinating, leading, and implementing processes which enable teams to execute during cyber incidents. The role also requires the individual to be a highly technical and skilled communicator. Outcomes directed by this role have a significant impact on the organization's short- and long-term results.
- Collect, analyze, and deliver intelligence products utilizing multiple commercial, government and open-source threat intelligence sources.
- Keep track of current and emerging threats. Understand, identify, and prioritize potential threats to Quest systems, people and data and suggest measures to prevent and mitigate attacks.
- Review external reports, extract actionable intelligence, such as Indicators of Compromise (IOC), and assign to relevant teams for action.
- Master a wide range of security technologies, controls and tools and leverage them during investigations.
- Identify, action, process, and search for the presence of IOCs across the enterprise.
- Conduct analysis of potentially anomalous events, behavioral and technical indicators to detect evidence of Insider Threat activity.
- Partner with Global Security, Compliance, HR and other teams to investigate misconduct, policy violations, intellectual property theft, sabotage or fraud.
- Collaborate and build trust and relationships with cross-functional internal and vendor teams in pursuit of common objectives.
- Create, document, and follow detailed standard operating procedures and playbooks to appropriately analyze, escalate, and assist in remediation of information security incidents.
- Drive efforts towards the containment of threats and the remediation of the environment during and after a cyber incident.
- Upon detection of an incident, determine extent of compromise and impact; promptly recommend containment and mitigation measures.
- Conduct technical analysis against impacted systems to determine impact, scope, and recovery from active and potential cyber incidents.
- Collect, develop, and report key metrics for IT Security program areas to illustrate efforts, articulate threats, and inform policy decisions.
- Document findings and prepare detailed reports related to incident response efforts.
- Coordinate with the Security Operations Center (SOC) on investigations and integrating intelligence into security operations.
- Actively participate in the development, documentation, and implementation of new processes to expand and mature capabilities for the organization.
- Build an understanding of Quest’s key technologies, systems, and business practices.
- Monitor multiple mailboxes for emails suspected to contain Phishing or Malware payloads. Utilize broad range of subscription based and Open-Source tools, including Threat Intelligence Platform, Sandboxes, VirusTotal, etc., to analyze reported messages and identify malicious campaigns. Extract relevant IOCs and coordinate across IT teams to take necessary actions (i.e. Blocking). Respond back to staff members as appropriate and document all findings and actions taken.
- Design and implement an automated threat intelligence platform to harvest and rate various threats received both from subscribed private and public sector relationships.
- Other duties as assigned.
Required Work Experience:
Minimum of 5+ years of experience in Information Security, Cybersecurity, Incident Response, preferably in Healthcare Information Technology. With proficiency in strategy, operations, and change management.
Preferred Work Experience:
- Experience developing and implementing Penetration testing plans for both applications and infrastructure through Red teaming.
- Previous Law enforcement experience or equivalent in maintaining and managing Cybersecurity Incident Response Planning is preferable.
Physical and Mental Requirements:
Ability to multi-task, Ability to follow verbal or written instructions, Thinking analytically, Communication; effective verbal and written communication, Handling stress & emotions, Concentrating on tasks, Making decisions, Adjusting to change, Examining/observing details, Sitting for long periods at a time
In-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls. Familiar with management frameworks: International Organization for Standardization (ISO) 2700x , ITIL, COBIT and National Institute of Standards and Technology (NIST). In depth knowledge of risk assessment methods and technologies. Technical knowledge of mainstream operating systems (MS Office programs, Identity and access management (IAM), anti malware solutions, automated policy compliance. Network infrastructure – routers, switches, firewalls, etc.
- Foster teamwork by actively participating in and supporting an environment that cultivates professional growth and organizational effectiveness.
- Ability to see ahead clearly; can anticipate future consequences and trends accurately; has broad knowledge and perspective; is future oriented; can articulately paint credible pictures and visions of possibilities and likelihood; can create competitive and breakthrough strategies and plans.
- Able to think strategically and manage multiple projects, under pressure, in a fast-paced environment. Participates in the development of the strategic information technology plan, processes and solutions, recommending strategies and processes that support the direction of the company.
- Demonstrated ability to develop effective and ongoing relationships with Peer levels of the internal customer organizations.
- Must have proven ability to deliver and support IT projects and organizations in a rapidly changing business climate.
- Strong understanding of Infrastructure Services, Processes, and Technologies.
- Proven ability to analyze budgets and proposals to identify value opportunities and negotiate best outcomes.
- Excellent written and verbal communication skills. Ability to write proposals and whitepapers, act as a vendor liaison, deliver presentations to customer or client audiences or professional peers, and work closely with management across HTAS and the organization as necessary.
- Requires sound technological judgment and an enthusiasm for innovation tempered with a pragmatic assessment of the possible.
- Adapts to changes in the work environment; manages competing demands; changes approach or method to best fit the situation; Able to deal with frequent change, delays, or unexpected events. Must have proven ability to deliver and support IT projects and organizations in a rapidly changing business climate.
- Continually develops staff and self with a Digital mindset and keeping the HTAS capabilities in mind.
Bachelors Degree in computer science, computer engineering, business management, or equivalent experience.
While we appreciate and value our staffing partners, we do not accept unsolicited resumes from agencies.Quest will not be responsible for paying agency fees for any individual as to whom an agency has sent an unsolicited resume.
Quest Diagnostics is an equal employment opportunity employer. Our policy is to recruit, hire and promote qualified individuals without regard to race, color, religion, sex, age, national origin, disability, veteran status, sexual orientation, gender identity, or any other status protected by state or local law. Quest Diagnostics observes minimum age requirements established by federal, state and/or local laws, and will ask an applicant for verification when deemed necessary.