Principal Forensic & Incident Response Architect - Full Time

Company: Henry Ford Health System
Location: Detroit
Posted on: May 9, 2025

Job Description:

Principal Forensic & Incident Response Architect - Full TimeWorking within the Information Privacy and Security Office, the Principal Forensic and Incident Response Architect collaborates with all IT departments to detect, analyze, contain, and mitigate computer security incidents. This role leads and participates in incident response activities, including forensic investigations, live response and triage, and electronic discovery. It also involves proactive tasks such as threat hunting, detection engineering, and tabletop exercises. The Principal Analyst serves as an escalation point for cybersecurity incidents and oversees investigations, reporting to the Director of Incident Response. The position requires working with IT and business units to ensure proper handling of cybersecurity incidents to minimize impact.EDUCATION/EXPERIENCE REQUIRED:

• Bachelor's Degree in Security, Technology, Forensics, or equivalent of five (5) years relevant experience.
• At least two (2) years leading hands-on enterprise security incident response investigations.
• At least two (2) years executing threat hunting in on-premise and cloud environments using automated tools and manual techniques.
• Strong understanding of network and system intrusion detection methods, including SIEM, EDR, firewalls, hacking tools, techniques, and procedures.
• Deep knowledge of Windows and Unix/Linux operating systems, including logging facilities.
• Understanding of network protocols, PKI, SSL, Active Directory, malware analysis, lateral movement detection, and host forensic tools.
• Knowledge of Indicators of Compromise (IOCs) and attacker TTPs.
• Familiarity with MITRE ATT&CK framework.
• Expertise in information systems security, network architecture, databases, document management, troubleshooting, email systems, and forensic tools such as Axiom, EnCase, Access Data, and FTK.CERTIFICATIONS/LICENSURES REQUIRED:
  • GCIH - GIAC Certified Incident Handler (preferred)
  • GNFA - GIAC Network Forensic Analyst (preferred)
  • GCFA - GIAC Certified Forensic Analyst (preferred)
  • GCFE - GIAC Certified Forensic Examiner (preferred)
  • CFCE - Certified Forensic Computer Examiner (preferred)Additional Information:
    • Organization: Corporate Services
    • Department: Ascension Cybersecurity IR
    • Shift: Day Job
    • Union Code: Not ApplicableThis posting describes major duties and responsibilities but is not exhaustive. Incumbents may be asked to perform additional job-related duties beyond those listed.OverviewHenry Ford Health partners with millions on their health journey across Michigan and globally, offering a wide range of services from primary care to specialized treatments, health insurance, and more. Based in Detroit, it is a leading academic medical center investing in the future of health. Learn more at henryford.com/careers.We prioritize the well-being of our team members, offering comprehensive support and benefits, including health plans, dental, eye care, tuition assistance, family benefits, and discounts. Contingent employees are not eligible for benefits.Henry Ford Health is an Equal Employment Opportunity / Affirmative Action Employer, committed to fair treatment regardless of race, color, creed, religion, age, sex, national origin, disability, veteran status, and other protected statuses.My ProfileCreate and manage profiles for future opportunities.
      #J-18808-Ljbffr

Keywords: Henry Ford Health System, Roseville , Principal Forensic & Incident Response Architect - Full Time, Professions , Detroit, Michigan