Cyber Defense Operations Center Analyst III

Job Category: Information Technology

Department: Information Security

Location:

Los Angeles, CA, US, 90017

Position Type: Full Time

Requisition ID: 12865

Salary Range: $121,056.00 (Min.) - $160,400.00 (Mid.) - $199,742.00 (Max.)

Established in 1997, L.A. Care Health Plan is an independent public agency created by the state of California to provide health coverage to low-income Los Angeles County residents. We are the nation’s largest publicly operated health plan. Serving more than 2 million members, we make sure our members get the right care at the right place at the right time.

Mission: L.A. Care’s mission is to provide access to quality health care for Los Angeles County's vulnerable and low-income communities and residents and to support the safety net required to achieve that purpose.

Job Summary

The Cyber Defense Operations Center (CDOC) Analyst III proactively monitors the organization for indicators of attack or compromise, suspicious network activity, and violations of regulatory compliance. This position is responsible for monitoring and triaging alerts and events from LAC applications and systems. The CDOC Analyst III also works closely with Analysts in LAC's Managed Security Service Provider (MSSP). Analysts in LAC's SOC team are expected to actively hunt for threats in the environment and configure toolsets to detect anomalies and indicators of compromise. Acts as a Subject Matter Expert, serves as a resource and mentor for other staff.

Duties

Evaluates events, detects threats and anomalies in the environment, and reacts to potential incidents utilizing incident response playbooks. Also performs incident analysis, investigation and response. Conducts penetration tests in support of risk assessment/analysis activities.

Performs daily defensive operational activities; develops and maintains CDOC documentation and runbooks; conducts enterprise-wide threat hunting.

Carries out CDOC efforts during incident and breach responses; facilitates cross-organizational collaboration in a dynamic team environment in response to security incidents.

Responds to alerts and notifications from the MSSP; processes tickets to and from the MSSP and ensures they are resolved in a timely manner.

Tunes CDOC toolsets and automation engines.

Collaborates with other InfoSec and IT teams to ensure that alerts and events are received and processed by the CDOC.

Participates in the InfoSec on-call schedule and escalation process.

Applies cybersecurity subject-matter expertise in evaluating business operations and processes. Identifies areas where technical security solutions would improve business performance. Consults across business operations, providing mentorship, and contributing specialized knowledge. Ensures that the facts and details are correct so that the project’s/program's deliverables meets the needs of the department, and organizational policies, standards, and best practices. Provides training, recommends process improvements, and mentors junior level staff, department interns, etc. as needed.

Performs other duties as assigned.

Duties Continued

Education Required

Bachelor's Degree

In lieu of degree, equivalent education and/or experience may be considered.

Education Preferred

Experience

Required:

At least 6 years of direct, operational experience in comparable information security or technology teams.

Operational experience configuring and managing a Security Information and Event Management (SIEM) platform.

Experience responding to crises, incidents, and investigations.

Demonstrated experience performing threat analysis and managing security-monitoring toolsets.

Operational experience working in a regulated environment (e.g., classified networks, healthcare, finance, banking, etc.).

Preferred:

Experience with Vulnerability Management toolsets.

Operational experience monitoring cloud computing (e.g., AWS, Azure, etc.) and SaaS environments.

Skills

Required:

Exceptional attention to detail executing and developing procedures in security operations center environments.

Strong understanding of networking and communication protocols (such as TCP/IP, UDP, SSL/TLS, IPSEC, HTTP/S, etc.).

Strong background in Windows Server and Linux administration.

Strong verbal and written communication skills.

Ability to collaborate with internal and external key stakeholders.

Preferred:

Understanding of governance, risk, and compliance (GRC) activities and providing documentation for audit investigations.

Licenses/Certifications Required

Licenses/Certifications Preferred

At least one of the following:

Systems Security Certified Practitioner (SSCP)

Certified Information Systems Security Professional (CISSP)

Certified Ethical Hacker (CEH)

Certified Hacking Forensic Investigator (CHFI)

GIAC Certified Detection Analyst (GCDA)

Offensive Security Certified Professional (OSCP)

Required Training

Physical Requirements

Light

Additional Information

Vulnerability Management:

Positions assigned are responsible for the full continuous analysis of vulnerability throughout the enterprise. This includes detecting, monitoring, reporting, and assessing exposure/impact of critical data compromise from internal and external sources. This position develops and drives remediation strategies to address vulnerabilities and reduce the organization’s attack surface. This position monitors, supports and recommends compliance as well as risk management activities, and recommends security controls and corrective actions to mitigate risks from vulnerabilities.

Salary Range Disclaimer: The expected pay range is based on many factors such as geography, experience, education, and the market. The range is subject to change.

L.A. Care offers a wide range of benefits including

Paid Time Off (PTO)
Tuition Reimbursement
Retirement Plans
Medical, Dental and Vision
Wellness Program
Volunteer Time Off (VTO)