Cybersecurity Engineer II

Make a difference. Be happy. Grow your career.

The Role

The SOC Level II Engineer responsibilities include monitoring, detecting, investigating, and responding to security incidents within our organization. The ideal candidate will also possess an Intermediate/working level of knowledge and skills in incident detection, analysis, response, and threat hunting as well as a solid understanding of cybersecurity principles and technologies. Provide support and guidance to IT for all customers and affiliate entities. Document work in the form of incident reports, policies, standards, network security diagrams, playbooks, and knowledge base articles in support of Payment Card Industry Compliance Data Security Standard (PCI-DSS), Health Information Trust Alliance (HITRUST), Health Insurance Portability and Accountability Act (HIPAA), and cybersecurity defense and protection due-diligence and due care.

Nordic, Best in KLAS IT Services Firm and solely serving the healthcare industry, strives to empower healthcare providers to leverage technology and to realize digital transformation. All Nordic staff embrace Nordic’s maxims and mission to serve our customers who care so well for us.

Key Responsibilities

Monitoring and Detection* Monitor security alerts and events from various sources, including but not limited to SIEM (Security Information and Event Management), antivirus software, intrusion detection systems, and log analysis tools, and cloud environments to identify potential security incidents.

• Conduct analysis of security events to determine their nature, scope, and potential impact on the organization's systems and data.
  
• Stay abreast of the latest cybersecurity threats, vulnerabilities, and trends to enhance the SOC's capabilities in threat detection and response by monitoring government, healthcare, and industry collaboration groups.
  

Incident Response* Conduct analysis of security incidents escalated from junior level analyst to determine the root cause, impact, and extent of the incident.

• Execute containment and mitigation strategies for confirmed security incidents, coordinating with relevant stakeholders and teams.
  
• Help coordinate incident response efforts, providing guidance and support to junior level analysts during incident investigations.
  
• Liaise with internal stakeholders, management, and external parties (if required) to ensure timely and effective resolution of security incidents.
  
• Prepare detailed incident reports, documenting the analysis, findings, actions taken, and recommendations for improvement.
  
• Contribute to the development and enhancement of incident response playbooks and standard operating procedures (SOPs) to enhance the efficiency and accuracy of incident response.
  

Threat Hunting and Intelligence Analysis* Participate in proactively threat hunting for potential security threats within the network and systems, using advanced tools and techniques.

• Analyze and interpret threat intelligence data to identify emerging threats and vulnerabilities, contributing to proactive defense measures.
  

Support and Collaboration* Collaborate with junior and senior SOC analysts and other IT security and operational teams to support incident response efforts.

• Assist in security awareness efforts and work with non-IT staff and leaders on cybersecurity-related issues.
  
• Provide assistance in implementing security measures or controls based on identified threats.
  

Skills and Experience* Intermediate/working knowledge of incident response and handling methodologies.

• Intermediate/working knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code, etc.).
  
• Intermediate/working knowledge of adversarial tactics, techniques, and procedures.
  
• Intermediate/working understanding of threat hunting.
  
• Intermediate/working knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
  
• Intermediate/working knowledge of cyber threats and vulnerabilities.
  
• Knowledge of network analysis tools to identify vulnerabilities. (e.g., fuzzing, Nmap, Nessus, etc.).
  
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  
• Knowledge of infrastructure and cloud technologies, including networking, virtualization, and containerization, to facilitate log collection.
  
• Knowledge of cloud platforms (AWS, Azure, or GCP) security features, configurations, and native security tools (e.g., AWS Security Hub, Azure Security Center).
  
• Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions.
  
• Intermediate/working knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
  
• Intermediate/working knowledge of system administration, network, and operating system hardening techniques.
  
• Intermediate/working knowledge of Windows/Unix ports and services.
  
• Intermediate/working knowledge of operating system command-line shells, scripting, and tools (e.g., bash, Pearl, PowerShell, etc.).
  
• Knowledge of computer networking concepts and protocols, OSI model and network security methodologies.
  
• Knowledge of different types of network communication (e.g., LAN, WAN, MAN, WLAN).
  
• Intermediate/working knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
  
• Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications.
  
• Knowledge of authentication, authorization, and access control methods.
  
• Basic/fundamental knowledge of applicable laws, statutes (HIPAA, Privacy Act, PCI/DSS, GDPR, etc.), executive guidelines/standards (DISA STIG, CIS controls, etc.), and/or administrative/criminal legal guidelines and procedures.
  

Education and Experience Requirements

Generally, requires a Bachelor's degree and 5 years of related experience, a Master's degree and 3 years of related experience, or 8 years of related experience and no degree.

CertificationS Required

Licensure/Certifications Preferred: CompTIA Security+, CompTIA Network+, CISSP, CEH, SANS GPEN, SANS GCIH, Tenable

Nordic is an equal opportunity employer. We are committed to creating an inclusive environment for all employees and applicants. We do not discriminate on the basis of race, color, religion, sex, national origin, age, disability, genetic information, marital or veteran status, or any other protected status under applicable federal, state, or local laws. We encourage individuals of all backgrounds to apply, including women, minorities, individuals with disabilities, and veterans.