Incident Response Analyst

Job Summary The Incident Response Analyst will execute and deliver Incident Response Services for Fortified Health Security. This role primarily focuses on delivering Fortified’s Incident Response Retainer and Maturity Program (IR Retainer) to healthcare clients, operating under close guidance during an initial 90-day onboarding period with limited client-facing exposure before transitioning to supervised client participation. The IR Retainer program encompasses proactive managed services designed to enhance and mature Fortified clients’ incident response capabilities across people, processes, and technology. When supporting a declared cybersecurity incident, the Incident Response Analyst will assist the IR Services team by performing tasks essential to the incident response cycle, which may include gathering and organizing assessment/event triage documentation for maturity engagements or supporting forensic evidence collection under direct supervision. In either context, chain-of-custody procedures and forensic integrity standards are expected to be followed. These tasks contribute to the analysis, containment, eradication, recovery, and lessons learned phases to help clients restore operational capabilities. The Incident Response Analyst requires a foundational understanding of incident response plans, policies, and stakeholder roles, as well as diligent documentation and reporting of areas for improvement. Effective communication and delivery of these observations are crucial. This role will also be expected to work extended hours, including nights, holidays, and weekends, as needed to support emergency situations. Essential Job Functions The following duties are normal for this position. The omission of specific statements of duties does not exclude them from being expected of this position if the work is similar, related, or a logical assignment for this position. Other duties may be required. ·       Work in a collaborative fashion with various Fortified team members and clients. ·       Supports proactive IR maturity services, including assessments, documentation, evidence collection, and tabletop exercises under close guidance from senior team members. ·       Delivers routine client status updates as assigned; all client communications are reviewed and validated by senior team members prior to delivery during the onboarding period. ·       Assists with evidence collection activities, which may include gathering and organizing assessment documentation for maturity engagements or supporting forensic evidence collection under direct supervision during active incidents; chain-of-custody procedures and forensic integrity standards are expected to be followed in either context. ·       Participates in client-facing engagements in a limited and supervised capacity during the initial 90-day onboarding period; transitions to observational and supporting participation on client calls under senior team member oversight following onboarding. ·       Maintain awareness of various technologies and domain industry knowledge. ·       Maintains currency of existing certifications and actively pursues relevant industry certifications; CompTIA Security+ or equivalent expected as a baseline, with GCIH or SC-200 as near-term targets within 18 months of hire. ·       Knowledge and familiarity with Incident Response plans, frameworks, and handling procedures including NIST and PICERL; develops foundational awareness of healthcare regulatory obligations including HIPAA incident reporting requirements as they relate to incident response activities. ·       Deliver consultative and advisory services as defined by Fortified’s Incident Response Retainer and Maturity Program service. ·       Assist in the detection, analysis, containment, eradication, and recovery of cyber security incident projects and contribute to the lessons learned/preparation processes. ·       Work effectively in a small team environment with the ability to communicate effectively and efficiently. ·       Accurately enters and submits time by required deadlines, supervise team members to do the same. ·       Books travel in adherence to the company/client travel policy. ·       Maintains documentation regarding customer interactions and detailed notes pertaining to actions taken during an assigned project. ·       Familiarity with Fortified Core Services and make appropriate recommendations to clients based on those offerings. ·       Attend and participate in team and departmental meetings as needed. Knowledge & Skills Education & Experience ·       Bachelor's Degree in Computer Science, Information System Management, or other relevant combination of training and experience. ·       0–2 years of work experience in an Incident Response, security, or IT-related field; academic or lab exposure to IR concepts acceptable at entry. ·       Healthcare IT experience is a plus; foundational awareness of HIPAA and healthcare incident reporting obligations is expected. ·       Understanding of digital forensics and eDiscovery. ·       Solid understanding of hardware and networking terminology and devices. Special Skills & Knowledge ·       Understanding and familiarity with EDR and Forensic Technologies: i.e. Cybereason, CrowdStrike, SentinelOne, FTK Imager, Velociraptor, etc. ·       Foundational familiarity with scripting and automation concepts via PowerShell, command line, bash, or equivalent; awareness of how automation supports IR workflows is expected at this level.  ·       Experience with network security and threat hunting. ·       Thorough understanding of the latest security principles, techniques, and protocols. ·       Familiarity with policy development, planning, and documentation. ·       Ability to work and communicate with clients, third-party system vendors, and other departments in an effective, positive, and professional manner. ·       Must possess the ability to engage with clients daily, conduct professional meetings, and present material with confidence.  ·       Excellent interpersonal skills that include the ability to effectively communicate verbally and in writing. ·       Resourcefulness and ability to take the initiative in development and completion of work projects. ·       Must possess and have proven problem resolution / critical thinking skills. ·       Must be flexible and work with a high level of initiative. ·       Ability to retain and protect confidential material. ·       Ability to demonstrate supportive relationships with peers, clients, partners, and corporate executives. Licenses, Certifications, etc. ·       Preferred entry-level certifications include CompTIA Security+ or equivalent; GCIH or SC-200 are identified near-term targets. All certifications will be considered; please list all certifications on the application. ·       Time allotted for the pursuit and maintenance of certifications coordinated at team level. Requirements Supervisory Responsibility ·       N/A Working Conditions & Travel Requirements ·       Evening and weekend hours should be anticipated. ·       Travel as needed, <= 10% should be anticipated.                                                                                                                                                                           Fortified Health Security is an Equal Opportunity Employer. In compliance with the Americans with Disabilities Act, Fortified Health Security will provide reasonable accommodations to qualified individuals with disabilities. If a reasonable accommodation is needed to perform this position, you need to inform Fortified Health Security People and Culture Team of such request. Signatures below indicate the receipt and review of this job description by the associate assigned to the position and the People and Culture Team.