Cyber Security Incident Response Specialist

Mosaic Health is a national care delivery platform focused on expanding access to comprehensive primary care
for consumers with coverage across Commercial, Individual Exchange, Medicare, and Medicaid health plans.
The Business Units which comprise Mosaic Health are multi-payer and serve nearly one million consumers
across 19 states, providing them with access to high quality primary care, integrated care teams, personalized
navigation, expanded digital access, and specialized services for higher-need populations. Through Mosaic
Health, health plans and employers have an even stronger care provider partner that delivers affordability and
superior experiences for their members and employees, including value-based primary care capacity
integrated with digital patient engagement and navigation. Each of the companies within Mosaic Health
provide unique offerings that together promise to improve individuals' health and wellbeing, while helping
care providers deliver higher quality care. For more information, please visit www.mosaichealth.com or
follow Mosaic Health on LinkedIn.

Formed in 2008 and headquartered in Fort Myers, Florida, with offices in Florida, North Carolina, and Texas,
Millennium Healthcare is the largest independent physician group in the state of Florida and one of the largest
in the United States. At Millennium Physician Group, our employees are the foundation of our success. Our
promise is to provide you with the tools to do your job successfully, as well as providing a team atmosphere
that empowers you to seek better ways to deliver care to our patients and their families. We also promise to
care for you as an individual and help you grow in your role.

Cyber Security Incident Response Specialist will support all business units within Mosaic Health and is responsible for
identifying, analyzing, and mitigating cyber security incidents within the organization. This role is responsible
for managing the day-to-day response to cyber threats, investigating incidents, performing digital forensics,
and ensuring that security incidents are addressed in compliance with established procedures. The Incident
Response Specialist is instrumental in ensuring that security breaches are contained, remediated, and
documented effectively while minimizing the impact on the organization's operations and data integrity.

This role requires expertise in cyber security operations, incident handling, and forensic analysis, and demands
the ability to work under pressure in high-stakes situations.

Responsibilities

1. Lead incident response efforts for detected cyber security events, ensuring timely identification,
   containment, remediation, and recovery from incidents.
2. Perform forensic collections, intrusion correlation and tracking, threat analysis, and direct system
   remediation as incidents evidence unfolds.
3. Collaborate to ensure that incident response protocols and procedures are followed, maintaining
   consistency across the organization.
4. Support the development and improvement of incident response playbooks, ensuring effective and
   efficient handling of different types of security incidents (e.g., ransomware, phishing, APTs).
5. Document and report all incidents thoroughly, capturing detailed information regarding the event,
   timeline, severity, and remediation actions taken.
6. Coordinate communication between technical teams, business units, legal, compliance, and
   stakeholders during and after an incident, ensuring clarity and alignment.
7. Perform post-incident analysis to identify lessons learned, suggesting improvements to security
   controls, processes, and response strategies to prevent recurrence.
8. Monitor and analyze security data from various sources (e.g., SIEM, IDS/IPS, firewalls) to proactively
   identify threats and anomalies that may indicate potential security incidents.
9. Support threat hunting activities, working to identify hidden threats and vulnerabilities across the
   organization's infrastructure before they result in active incidents.
10. Collaborate with internal teams (e.g., network security, IT, DevOps) to ensure the continuous
    improvement of defensive measures, including firewalls, endpoint protection, and security
    monitoring tools.
11. Assist in the development of security training and awareness programs for staff, ensuring they
    understand the importance of cyber hygiene, phishing prevention, and early incident detection.
12. Participate in tabletop exercises and simulations to test the organization's readiness for responding
    to major security incidents.
13. Stay up to date with the latest cyber threats, vulnerabilities, and incident trends to ensure that the
    organization's defenses are adapted to emerging risks.
14. Maintain documentation for regulatory compliance, ensuring that incident handling processes align
    with applicable legal and industry requirements (e.g., HIPAA, NIST).
15. Perform other related duties as assigned.
16. Demonstrate excellent guest service to internal team members and patients.

Qualifications

1. Bachelor's degree in cyber security, Information Technology, Computer Science, or a related field.
2. 2+ years of experience in cyber security operations, incident response, or a related field.
3. Hands-on experience with incident response tools, including SIEM platforms (e.g., Splunk, Sentinel),
   IDS/IPS systems, and endpoint protection tools.
4. Strong understanding of network protocols, system architecture, and common attack techniques
   (e.g., phishing, ransomware, DDoS, advanced persistent threats (APTs)).
5. Experience with digital forensics, including memory analysis, log correlation, and malware analysis to
   investigate and determine the impact of security incidents.
6. Knowledge of incident response frameworks (e.g., NIST, MITRE ATT&CK, SANS) and best practices for
   managing and mitigating cyber incidents.
7. Familiarity with cloud environments (e.g., AWS, Azure) and their security considerations in the
   context of incident response.
8. Ability to work under pressure, managing multiple incidents simultaneously while ensuring high-quality documentation and timely resolution.
9. Strong communication skills to articulate complex security concepts to both technical and nontechnical stakeholders.
10. Certifications preferred: Certified Incident Handler (GCIH), Certified Information Systems Security
    Professional (CISSP), Certified Ethical Hacker (CEH), Certified Forensic Computer Examiner (CFCE), or
    similar.
11. Ability to work independently in a fast-paced, cross-functional environment.
12. A commitment to providing excellent service to internal team members and patients.
13. High level of professionalism and integrity in all interactions.

Physical Demands

Sedentary work. Exerting up to 10 pounds of force occasionally and/or negligible amount of force
frequently or constantly to lift, carry, push, pull, or otherwise move objects. Repetitive motion.
Substantial movements (motions) of the wrists, hands, and/or fingers. The worker must have close
visual acuity to perform an activity such as: preparing and analyzing data and figures; transcribing;
viewing a computer terminal; extensive reading. Ability to lift to 15 lbs. independently not to exceed
50 lbs. without help.

Equal Employment Opportunity

Mosaic Health is an Equal Employment Opportunity employer and all qualified applicants will receive
consideration for employment without regard to age, citizenship status, color, creed, disability,
ethnicity, genetic information, gender (including gender identity and gender expression), marital
status, national origin, race, religion, sex, sexual orientation, veteran status or any other status or
condition protected by applicable federal, state, or local laws.
If you require an accommodation for the application or interview process, please let us know and we
will work with you to meet your needs. Please contact HRbenefits@mpgus.com for assistance.