Information Security Analyst

Ardent Health Services - Brentwood, TN

posted 5 months ago

Full-time - Entry Level
Brentwood, TN
10,001+ employees
Hospitals

About the position

The Information Security Analyst at Ardent Health Services plays a crucial role in safeguarding the organization's information systems and data. This position is responsible for identifying, scheduling, administering, and performing various technical Information Security analyses functions to ensure compliance with applicable security requirements. The analyst will collaborate with other members of the Information Security Operations team and key corporate, partner, and business units to support the company's mission and strategic initiatives. In this role, the analyst will assist in building and managing the attack simulation program, which is essential for enhancing the organization's security posture. They will assess security configurations across personal computers, mid-range systems, and enterprise networks, while also monitoring and analyzing system and network activity to ensure compliance with laws and industry standards such as SOC 2, GDPR, HIPAA, PCI-DSS, and NIST. The analyst will participate in red/blue team activities and routinely test information systems to perform risk assessments and threat analyses. Additionally, the Information Security Analyst will work closely with various departments, vendors, and partners to maintain secure data management practices. They will assist in designing secure internal trust domains, web access zones, and remote access technologies, as well as implementing threat detection solutions. The role also involves assessing vulnerability detection solutions, performing physical security reviews, and responding to internal security incidents as needed, including interfacing with law enforcement when necessary.

Responsibilities

  • Assist building the attack simulation program.
  • Manage attack simulation software and work with other teams to enhance security posture.
  • Assess security configurations on personal computers, mid-range systems and enterprise networks.
  • Monitor/analyze system and network activity, transactions and anomalies to ensure compliance with applicable laws, regulations, and industry standards, such as SOC 2, GDPR, HIPAA, PCI-DSS, and NIST.
  • Review user access levels to ensure compliance and access justification.
  • Participate in red/blue team activities.
  • Routinely and proactively test information systems to perform risk or threat assessment and analysis.
  • Assist with interface interactions with departments, vendors, and extranet partners.
  • Work with other business units, partners and customers to maintain secure methods of data management.
  • Assist in designing secure internal trust domains, web access zones, B2B, B2C, third-party connections and remote access technology.
  • Assist technology group in implementing threat detection solutions to include intrusion detection systems, malicious code and program monitoring, unauthorized technology identification, and log activity monitoring.
  • Assess vulnerability detection solutions to include compliance testing, vulnerability scanning (including attack and penetration studies), and business and disaster recovery solutions.
  • Perform physical security reviews and providing observation/recommendation reports.
  • Respond to internal security incidents, as needed, and interface with law enforcement when necessary.

Requirements

  • Associates degree or equivalent technical training/experience.
  • Reputable security certifications (Security +, GSEC, CAP, OWASP, HCISSP or CISA) are a plus.
  • Advanced certifications (CISSP, CISSP w/specialization, SSCP, GIAC, CISM) are a plus.
  • Experience with Attack Simulation tools and working knowledge of Penetration testing.
  • Experienced in assessing and/or administering intrusion detection/prevention.
  • ITIL familiarization or experience - managing incidents, requests, and changes.

Nice-to-haves

  • Working knowledge of general computing concepts (OSI reference model, multi-tiered application architecture, operating systems, etc.).
  • Understanding of the technical components of a network infrastructure/architecture and their interactions (routing, switching, WLAN, LDAP, etc.).
  • General knowledge of related third-party software products (firewalls, intrusion detection systems, filtering routers, VPNs, security scanners).
  • Knowledge of network authentication services.
  • Knowledge of static and dynamic routing protocols.
  • Knowledge of LAN and WAN packet analyzers.
  • Knowledge of DNS, DHCP, WINS and HSRP.
  • Knowledge of Ethernet and virtual local area networks.
  • Knowledge of secure virtual private networking.
  • Knowledge of common networking protocols and services and their relevant security issues (TCP/IP, DNS, SNMP, SMTP, etc.).
  • Good communication skills: both oral and written.
  • Ability to be a team player and work cohesively with Ardent employees throughout all organizational levels.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service