Incident Response and Forensics Consultant III
Kaiser Permanente, Pleasanton, CA, United States
Kaiser Permanente can only employ candidates who reside in, or have firm plans to relocate (without relocation assistance), to North Carolina, California, Colorado, District of Columbia, Georgia, Hawaii, Maryland, New York, Oregon, Virginia, or Washington.
Job Summary:
The Incident Handler supports the monitoring, investigation, and triage of cybersecurity events across the enterprise by applying established procedures and security practices. This role conducts analysis of security alerts and incidents within an assigned domain, helping to identify potential threats, determine scope and impact, and support appropriate containment and remediation activities. The position collaborates with cross-functional Cyber Risk Defense Center teams to communicate findings, support incident response processes, and contribute to ongoing security operations and escalation efforts. This role also assists in identifying opportunities to improve security posture and participates in follow-up remediation and documentation activities to strengthen overall cyber defense capabilities.
This individual contributor is primarily responsible for supporting the protection and maintenance of integrity and reliability of the security of data, systems and networks, while resolving problems with tools, systems and procedures.
Essential Responsibilities:
Completes work assignments by applying up-to-date knowledge in subject area to meet deadlines; following procedures and policies, and applying data and resources to support projects or initiatives; collaborating with others, often cross-functionally, to solve business problems; supporting the completion of priorities, deadlines, and expectations; communicating progress and information; identifying and recommending ways to address improvement opportunities when possible; and escalating issues or risks as appropriate.
Pursues self-development and effective relationships with others by sharing resources, information, and knowledge with coworkers and customers; listening, responding to, and seeking performance feedback; acknowledging strengths and weaknesses; assessing and responding to the needs of others; and adapting to and learning from change, difficulties, and feedback.
Provides proactive monitoring and/or response to known or emerging threats against the KP network.
Effectively communicates investigative findings to non-technical audiences.
Participates in regular operations meeting with Cyber Risk Defense Center (CRDC) teams.
Identifies opportunities for cyber security improvements within assigned cyber defense domain.
Works with the CRDC Policy Engineers and Remediation teams to contain identified issues and determine the best approach for improving security posture.
Participates in follow-up remediation design and review.
Conducts investigation and triage of security events within assigned domain.
Performs data analysis in support of security event management processes, including root cause analysis.
Provides on-call duties and after hours support of incident management as required.
Supports incident response plans which may include after-hours support and coordination among responsible teams.
Assists in the execution of incident handling processes which may include containment, protection, and remediation activities.
Job Summary:
The Incident Handler supports the monitoring, investigation, and triage of cybersecurity events across the enterprise by applying established procedures and security practices. This role conducts analysis of security alerts and incidents within an assigned domain, helping to identify potential threats, determine scope and impact, and support appropriate containment and remediation activities. The position collaborates with cross-functional Cyber Risk Defense Center teams to communicate findings, support incident response processes, and contribute to ongoing security operations and escalation efforts. This role also assists in identifying opportunities to improve security posture and participates in follow-up remediation and documentation activities to strengthen overall cyber defense capabilities.
This individual contributor is primarily responsible for supporting the protection and maintenance of integrity and reliability of the security of data, systems and networks, while resolving problems with tools, systems and procedures.
Essential Responsibilities:
Completes work assignments by applying up-to-date knowledge in subject area to meet deadlines; following procedures and policies, and applying data and resources to support projects or initiatives; collaborating with others, often cross-functionally, to solve business problems; supporting the completion of priorities, deadlines, and expectations; communicating progress and information; identifying and recommending ways to address improvement opportunities when possible; and escalating issues or risks as appropriate.
Pursues self-development and effective relationships with others by sharing resources, information, and knowledge with coworkers and customers; listening, responding to, and seeking performance feedback; acknowledging strengths and weaknesses; assessing and responding to the needs of others; and adapting to and learning from change, difficulties, and feedback.
Provides proactive monitoring and/or response to known or emerging threats against the KP network.
Effectively communicates investigative findings to non-technical audiences.
Participates in regular operations meeting with Cyber Risk Defense Center (CRDC) teams.
Identifies opportunities for cyber security improvements within assigned cyber defense domain.
Works with the CRDC Policy Engineers and Remediation teams to contain identified issues and determine the best approach for improving security posture.
Participates in follow-up remediation design and review.
Conducts investigation and triage of security events within assigned domain.
Performs data analysis in support of security event management processes, including root cause analysis.
Provides on-call duties and after hours support of incident management as required.
Supports incident response plans which may include after-hours support and coordination among responsible teams.
Assists in the execution of incident handling processes which may include containment, protection, and remediation activities.