Staff Cyber Incident Responder

At CVS Health, we're building a world of health around every consumer and surrounding ourselves with dedicated colleagues who are passionate about transforming health care.As the nation's leading health solutions company, we reach millions of Americans through our local presence, digital channels and more than 300,000 purpose-driven colleagues - caring for people where, when and how they choose in a way that is uniquely more connected, more convenient and more compassionate. And we do it all with heart, each and every day.Position SummaryTo combat cybersecurity threats, CVS has established a robust Security Operations Center (SOC) and a professional Cyber Security Incident Response Team (CSIRT) that utilize advanced SIEM security appliances, and technologies to monitor the environment for compromise and response accordingly. The CVS CSIRT works to effectively manage incidents according to NIST 800-61 standards recommendations.CVS CSIRT is responsible for assessing, managing, monitoring, and correlating a wide range of data, and producing actionable information to be used by the business to enable decisions and define actions relating in keeping CVS assets, Intellectual Property, business information, and customer and employee PII and PHI secure.CVS CSIRT leads advanced threat incident management and response across the enterprise. The CVS CSIRT communicates and works with Executive Leadership and Senior Management, System and Network Administrators, Application owners and developers, CVS Business Units, Subject matter and technical experts, CVS loss prevention, Security officers, Human resources, Privacy Office and Office of General Counsel.CVS CSIRT is seeking an experienced security professional with a passion for leading incidents throughout the entirety of the Incident Response lifecycle. The role requires leading and managing resources to contain, remediate, eradicate, and recover from Cybersecurity incidents. The role also requires a deep understanding of security technologies and problem-solving capabilities. Additional responsibilities and requirements associated within this role include bigger picture thinking, leading with empathy and kindness, joining forces with cross-functional collaboration, and having a mindset geared toward improving operations, efficiencies, and ultimately reducing our mean time to resolve cybersecurity incidents.Responsibilities:

• Cybersecurity incident response leadership.
• Lead Major Cybersecurity Incident Bridges.
• Preparation of incident status and reports.
• Interface with Senior Management, CVS Business Units, CVS IT leads, third parties supporting CVS IT Operations, CVS Security Operations, and law enforcement.
• Subject Matter Expert of Standard Operating Procedures.
• Maintenance and continuous improvement of Cybersecurity Incident Response Plans and Standard Operating Procedures.
• Conduct Lessons Learned discussions.
• Document and report all engagements with the utmost detail and accuracy to drive identification of incident trends, key metrics, and efficacy of response efforts through regular reporting and analysis.
• Participate in a 24/7 Revolving On-Call Rotation.

• 7+ years relevant work experience in information security roles ideally within the health services or financial industries.
• 3+ years of Cybersecurity incident response.
• 3+ years of experience with one or more of the following Firewalls, Proxy, Malware sandboxing and reverse engineering, EDR, AV, DLP, EuBA, or Cloud Incident Response.

• IT crisis management experience.
• Exceptional communication and interpersonal skills (oral, auditory, and written).
• Experience in Root Cause Analysis and data collection.
• Experience in information security technologies and techniques from architecture to planning and implementation.
• Experience in organizing resources, establishing priorities, and leading information security incidents.
• Knowledge of various industry and government strategies and standards in privacy and security including ITIL, COBIT, ISO 27001, and NIST standards.
• Knowledge of current and evolving Information security technologies that cover all levels of IT architecture including those that affect business processes, data, applications, and network and systems infrastructure.
• Conflict management skills.
• Solid understanding of security best practices, business continuity, and enterprise disaster responsibilities and capable of engaging additional peers.
• Ability to tailor communications to all audience types from technical engineers to business partners, and executive leaders as needed, with clear concise language, from incident declaration to conclusion and through problem management with careful focus on response activities and lessons learned.
• Experience with log analysis, digital forensics, threat modeling, kill chain analysis is highly desired.

• Bachelor's degree or equivalent experience (High School Diploma and 4 years relevant experience).

• Affordable medical plan options, a 401(k) plan (including matching company contributions), and an employee stock purchase plan.
• No-cost programs for all colleagues including wellness screenings, tobacco cessation and weight management programs, confidential counseling and financial coaching.
• Benefit solutions that address the different needs and preferences of our colleagues including paid time off, flexible work schedules, family leave, dependent care resources, colleague assistance programs, tuition assistance, retiree medical access and many other benefits depending on eligibility.