Cybersecurity Incident Response Analyst I

Banner Health

Healthcare is constantly changing, and at Banner Health, we are at the front of that change. As Banner continues to leverage technology to deliver the highest quality of possible care cybersecurity is a top priority. The Cyber Security Operations Center (CSOC) is responsible for monitoring and responding to cyber security threats targeting Banner Health and their patients. In this role you will help detect and secure Banner’s computing environment against both insider and outsider threats. As a Cybersecurity Incident Response Analyst I, you will be on the frontlines of this effort. Response Analysts respond to threats in real-time through effective analysis, triage and handling of cybersecurity alerts and events, help investigate and remediate cybersecurity incidents, escalate cybersecurity incident as defined by procedure, and help liaise closely other teams to ensure the correct response and remediation of cybersecurity incidents.

This position helps secure Banner’s computing environment against both insider and outsider threats. The incumbent will utilize Banner’s various security tools and processes to complete real-time monitoring & alert triage, log correlation analysis, incident analysis & response, intrusion detection, cloud security, trade craft analysis, traffic analysis, malware analysis, forensic artifact handling & analysis, and blue teaming. The incumbent will work collaboratively to develop new procedures and runbooks.

1. Respond to threats in real-time through effective analysis, triage and handling of cybersecurity alerts and events

2. Perform cyber security investigations and recommend remediation actions

3. Escalate cybersecurity incidents as defined in security procedures

4. Assist in updating/developing, implementing and operating requisite processes and procedures.

5. Participate in the evaluation and development of appropriate Key Performance Indicators, or Key Risk Indicators

6. Identify gaps in incident handling use cases and assist in developing processes and alerting rules within SIEM technologies.

7. This position is responsible for Cybersecurity across multiple departments system-wide and requires interaction at all levels of staff and management.


Must possess strong knowledge of business, cybersecurity and/or computer science as normally obtained through the completion of a bachelor’s degree.

Must possess two years of experience as cybersecurity operations center analyst or IT help desk analyst. Must be able to participate in 24/7 incident response. Strong understanding of system, network, and/or application security experience. Strong understanding of Linux, virtualization, and networking concepts. Familiarity with SIEM (Security information and event management) tools, such as Splunk. Familiarity with Endpoint Protection and Response tools. Demonstrable understanding of the principles and practicalities of effectively triaging security events. Understanding of cybersecurity incident response processes. Experience with Antivirus and encryption tools. Strong communication skills to work with both collaborative cross-functional team of peers and departments within the company (product development, operations, networking, etc.). Must possess strong critical thinking, analytical, troubleshooting and problem-solving skills. Team player with ability to work autonomously. Ability to prioritize and reprioritize work as required. Experience with Vulnerability Assessment tools and processes. Ability to work calmly under pressure in the face of adversity and threat activity. Ability to establish positive working relationships and garner influence with other teams and team members. Strong desire and aptitude for continuous learning and keeping abreast of new and emerging technology. A collaborative attitude and strong desire to succeed as part of the team. Self-motivated and a strong passion for learning. Knowledge of MITRE ATT&CK Framework and Lockheed Martin Cyber Kill Chain. Knowledge of security threat and attack countermeasures.

EC-Council – Certified SOC Analyst (CSA). EC-Council – Incident Handler.

Additional related education and/or experience preferred.

To apply for this job please visit