Principal Forensic & Incident Response Architect | ...

GENERAL SUMMARY:Working within the Information Privacy and Security Office, the Principal Forensic and Incident Response Architect works closely with all IT departments to detect, analyze, contain, and mitigate computer security incidents. This position is expected to lead and participate in incident response activities including but not limited to computer forensic investigations, live response and triage, and electronic discovery. The Principal Forensic and Incident Response Architect will also perform proactive activities including, but not limited to threat hunting, detection engineering, and tabletop exercises. The Principal Analyst will serve as an escalation point for cyber security incidents and provide oversight of cyber security investigations. The Principal Forensic and Incident Response Architect will report to the Director of Incident Response. This position will work in a collaborative effort with IT and business units to ensure that cyber security incidents are handled appropriately to mitigate the impact of a cyber security incident.EDUCATION/EXPERIENCE REQUIRED:Bachelor's Degree (Security, Technology, or Forensics) or equivalent of five (5) years of relevant experience in lieu of degree is required.Minimum of two (2) years leading hands-on enterprise security incident response investigations, required.Minimum of two (2) years executing threat hunting in both on-premise and cloud environments using both automated tools and manual techniques, required.Solid understanding of network and system intrusion and detection methods, examples of related technologies include SIEM, End Point Detection and Response, firewalls, hacking tools, techniques, and procedures.Deep understanding of Windows and Unix/Linux operating systems including logging facilities.Understanding of network protocol analysis, public key infrastructure, SSL, Active Directory. Understanding of basic malware analysis, endpoint lateral movement detection methodologies and host forensic tools.Understanding of Indicators of Compromise (IOCs) and attacker TTPs.Familiarity with MITRE ATT&CK.Expert understanding of information systems security; network architecture; general database concepts; document management; hardware and software troubleshooting; electronic mail systems; Microsoft Office applications; intrusion tools; and computer forensic tools such as Axiom, EnCase, Access Data, and/or FTK.CERTIFICATIONS/LICENSURES REQUIRED:GCIH - GIAC Certified Incident Handler, preferred. GNFA - GIAC Network Forensic Analyst,Preferred. GCFA - GIAC Certified Forensic AnalystPreferred. GCFE -GIAC Certified Forensic Examinerpreferred. CFCE - Certified Forensic Computer Examiner, preferred.Additional InformationOrganization: Corporate ServicesDepartment: Ascension Cybersecurity IRShift: Day JobUnion Code: Not Applicable #J-18808-Ljbffr

Created: 2025-09-17