Senior Information Security Analyst

Metropolitan Jewish Health System - New York, NY

posted 3 months ago

Full-time - Mid Level
New York, NY
Ambulatory Health Care Services

About the position

The Senior Information Security Analyst plays a crucial role in the Corporate team, contributing significantly to the overall patient and member experience through the provision of essential security services. This position requires a strong technical background and a risk evaluation mindset across various security operations, including event triage, incident response, vulnerability management, penetration testing, and event management using Security Information and Event Management (SIEM) systems. The analyst will be an integral part of the information security team, tasked with analyzing malware, network traffic, and large sets of disparate data, driven by a genuine curiosity and passion for Cybersecurity. In this role, the Senior Information Security Analyst will monitor, investigate, correlate, and interpret SIEM logs and alerts from Managed Security Service Providers (MSSP) across multiple platforms to identify Information Security events. The analyst will also manage, configure, and troubleshoot security systems, identifying opportunities to enhance processes and controls through automation. This includes performing vulnerability scans, interpreting results, and conducting audits of information systems and controls, documenting findings, and collaborating with other teams for remediation. The position requires the creation of documentation for policies and procedures, as well as detailed documentation of events and research conducted during investigations. The analyst will participate in Incident Response activities, coordinating with other Information Security teams to mitigate threats promptly. Staying current with the Cybersecurity Threat Intelligence landscape, industry trends, and situational awareness is essential, as is the ability to author and edit automation and orchestration scripts for research and tool deployment. The role also involves tracking and completing tasks related to security enhancement projects, ensuring the organization maintains a robust security posture.

Responsibilities

  • Monitor, investigate, correlate, and interpret SIEM logs and MSSP alerts for Information Security events.
  • Manage, configure, and troubleshoot security systems.
  • Identify opportunities to improve processes and controls through automation.
  • Perform vulnerability scans and interpret results.
  • Conduct audits of information systems and controls, documenting findings and collaborating on remediation.
  • Create documentation for policies and procedures as needed.
  • Document events and research performed during investigations and artifacts collected.
  • Participate in Incident Response activities, coordinating with other IS teams to mitigate threats.
  • Analyze and interpret malware, exploits, and threat activities.
  • Maintain current knowledge of Cybersecurity Threat Intelligence landscape and industry trends.
  • Author and edit automation and orchestration scripts for research and tool deployment.
  • Track and complete tasks for security enhancement projects.

Requirements

  • Bachelor's Degree in IT related discipline or equivalent.
  • 5+ years of Information Technology experience.
  • 3+ years of full-time Information Security related experience.
  • Strong background in Windows, networking, malware, and data analysis.
  • Experience with PowerShell, Bash, or other scripting languages.
  • Ability to prioritize and independently complete competing work assignments.
  • Working knowledge of SOC/Security Operations, ITSM, incident handling, vulnerability and penetration testing, security frameworks and best practices.
  • Familiarity with application & infrastructure security solutions (Firewalls, Intrusion Detection/Prevention Systems, Network Security, Password Management, Data Encryption, and Access Controls).
  • Strong interpersonal and communication skills.
  • Understanding of relevant legal, compliance, and regulatory requirements, such as HIPAA, NYDFS cybersecurity, and other cybersecurity frameworks (e.g., NIST CSF, MITRE).
  • Project Management experience, Cloud Security Expertise, and Risk Management skills.

Nice-to-haves

  • CEH, GIAC GCIA, GSEC, OSCP, CISSP, CISA, CISM, CySA+ or other relevant security certifications preferred.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service