Principal Forensic & Incident Response Architect - Full Time

Company: Henry Ford Health System
Location: Detroit
Posted on: May 29, 2025

Job Description:

Principal Forensic & Incident Response Architect - Full TimeWorking within the Information Privacy and Security Office, the Principal Forensic and Incident Response Architect collaborates with all IT departments to detect, analyze, contain, and mitigate computer security incidents. This role involves leading and participating in incident response activities such as forensic investigations, live response, triage, and electronic discovery. Additionally, proactive measures like threat hunting, detection engineering, and tabletop exercises are part of the responsibilities. The architect serves as an escalation point for cybersecurity incidents and oversees investigations, reporting to the Director of Incident Response. The position requires working closely with IT and business units to ensure effective handling of cybersecurity incidents to minimize impact.EDUCATION/EXPERIENCE REQUIRED:

• Bachelor's Degree in Security, Technology, Forensics, or equivalent of five (5) years relevant experience.
• At least two (2) years leading enterprise security incident response investigations.
• At least two (2) years performing threat hunting in on-premise and cloud environments using automated tools and manual techniques.
• Strong understanding of network and system intrusion detection methods, including SIEM, EDR, firewalls, hacking tools, techniques, and procedures.
• Deep knowledge of Windows and Unix/Linux operating systems, including logging facilities.
• Understanding of network protocols, PKI, SSL, Active Directory, malware analysis, lateral movement detection, and host forensic tools.
• Familiarity with Indicators of Compromise (IOCs), attacker TTPs, and MITRE ATT&CK framework.
• Proficiency with information systems security, network architecture, databases, document management, hardware/software troubleshooting, email systems, and forensic tools such as Axiom, EnCase, Access Data, FTK.CERTIFICATIONS/LICENSURES REQUIRED:
  • GCIH - GIAC Certified Incident Handler (preferred)
  • GNFA - GIAC Network Forensic Analyst (preferred)
  • GCFA - GIAC Certified Forensic Analyst (preferred)
  • GCFE - GIAC Certified Forensic Examiner (preferred)
  • CFCE - Certified Forensic Computer Examiner (preferred)Additional Information:
    • Organization: Corporate Services
    • Department: Ascension Cybersecurity IR
    • Shift: Day Job
    • Union Code: Not ApplicableThis posting outlines major duties and responsibilities and is not exhaustive. Incumbents may be asked to perform additional job-related duties beyond those described.OverviewHenry Ford Health partners with millions across Michigan and globally, offering comprehensive healthcare services, including primary, specialty, virtual, and retail care. Based in Detroit, it is a leading academic medical center investing in innovative healthcare initiatives. Learn more at henryford.com/careers.We prioritize the well-being of our team members, offering support across physical, emotional, social, financial, and spiritual domains. Our Total Rewards include competitive health plans, dental, vision, tuition assistance, family benefits, and discounts. Contingent employees are not eligible for benefits.Henry Ford Health is an Equal Employment Opportunity / Affirmative Action Employer, committed to fair treatment and non-discrimination based on race, color, creed, religion, age, sex, national origin, disability, veteran status, size, height, weight, marital status, family status, gender identity, sexual orientation, or genetic information, in accordance with applicable laws.My ProfileCreate and manage your profile for future opportunities.
      #J-18808-Ljbffr

Keywords: Henry Ford Health System, Livonia , Principal Forensic & Incident Response Architect - Full Time, Professions , Detroit, Michigan