Address
Form of work All the benefits and perks you need for you and your family:
- Benefits from Day One
- Paid Days Off from Day One
- Student Loan Repayment Program
- Career Development
- Whole Person Wellbeing Resources
- Mental Health Resources and Support
Our promise to you:
Joining AdventHealth is about being part of something bigger. It's about belonging to a community that believes in the wholeness of each person, and serves to uplift others in body, mind and spirit. AdventHealth is a place where you can thrive professionally, and grow spiritually, by Extending the Healing Ministry of Christ. Where you will be valued for who you are and the unique experiences you bring to our purpose-minded team. All while understanding that together we are even better.
Schedule: Full Time
The role you'll contribute:
The Threat Management Associate Analyst is part of the Information Security Threat Management Team (ISTMT) that will assist in the definition, maintenance, and execution the Computer Security Incident Response Plan. (CSIRP). The CSIRP defines the policies, processes, methodologies, resources, roles, and responsibilities required to investigate and remedy any computer or network security events or incidents within the networks, as well as any networks or entities that interface with the network. The ISTMT analyst will execute the appropriate coordination required to apprise the applicable stakeholders, technical, managerial, and administrative decision makers of incident mitigation requirements in a timely manner. The ISTMT analyst will provide governance and guidance, oversight of, and recommendations concerning, all aspects of the CSIRP. This includes best practices, investments, incident management systems, policies, procedures, definitions of roles and responsibilities, and coordination needed for the effective and efficient mitigation of computer security incidents that impact the organization.
The value you'll bring to the team:
• Basic analysis of network activity and flow data, monitors and evaluates network flow data for possible malware activity via anomalies
• Accumulate IOC's from intel sources and monitoring tools, responding to detected events with moderate supervision
• Participates in the analysis of cyber threats, vulnerabilities, and exploits; participating in remediation action plans
• Document, communicate, collaborate and transition incident details to other members and other support groups
• Participates in the Advanced Persistent Threat correlation between multiple security event sources such as firewall logs, threat intelligence feeds, AV, Endpoint Analysis, IDSIPS, and other sources with moderate supervision
• Communicate and provide manager with incident updates, work and project statuses that include concerns and risks in a timely manner
• Works closely with Team Lead or Manager when researching, planning, building, and implementing approved projects. Partners with Team Lead or Manager to oversee the delivery of solutions and appropriately manages and escalates risks and issues.
• Performs other duties as assigned.
Qualifications
The expertise and experiences you'll need to succeed :
KNOWLEDGE AND SKILLS REQUIRED:
• MUST HAVE 3+ YEARS OF OPERATIONAL SECURITY EXPERIENCE
• Enterprise Domain experience is a must.
• Displays strong customer service skills
• Basic knowledge of infrastructure assets, including classical routing, switching, firewalls, IDS\IPS, web proxies, and load-balancer technologies
• Basic knowledge of Enterprise log management and SIEM solutions.
• Basic understanding of security vulnerability assessment and exploit toolsets, i.e. Nessus, Nexpose, Qualys, and Metasploit frameworks
• Analytical and problem-solving skills and the ability to "think-out-of-the-box."
• Moderate troubleshooting skills, including protocol analysis and decoding via Wireshark, TcpDump, WinDump, and similar PCAP capturing and protocol decoding technologies
• Understanding of information technology methodologies in multiple disciplines; comfortable with complex undocumented requirements and independent task research
• Ability to parse and analyze Firewall, IDS\IPS, web proxy, system and security logs
• Understanding of network protocols.
• Moderate knowledge of Active Directory, Windows and Linux client and server operating systems; including an understanding of process interactions, inter-process communications and system configuration files (i.e. registry, config files, etc.)
• Basic understanding of Encryption, both Asymmetric and Symmetric technologies
• Interpersonal skills with a positive and enthusiastic attitude
• Advanced oral and written communication skills
• Ability to receive calls and text messages 24 hours a day, seven days per week
• Basic Malware Analysis skills
KNOWLEDGE AND SKILLS PREFERRED:
• Knowledge of SEP, Cisco Security Technologies: Sourcefire IDS\IPS, AMP for Endpoints, IronPort Suites, and ASA Firewalls.
• Understanding of obfuscation techniques.
• Knowledge of Checkpoint Firewalls and DLP
• Understanding of HIPAA, HITRUST, NIST, FISMA, FedRAMP, 27001, PCI, SOC audit
• Basic knowledge of scripting languages (i.e. JavaScript, PowerShell, Perl, Python, PHP)
• Basic understanding of SQL queries, parsing, and correlating data from databases
• Basic understanding of forensics analysis such as Encase, FTK, SIFT and\or open source equivalent toolsets
• Working knowledge of healthcare or clinical physician clinical practice
EDUCATION AND EXPERIENCE REQUIRED:
• Associate degree OR substitute 5+ years of Information Technology experience
• 3 years of Information Security experience
EDUCATION AND EXPERIENCE PREFERRED:
• 3+ years of Information Security experience
• 5+ years of Information Technology experience
LICENSURE, CERTIFICATION OR REGISTRATION REQUIRED:
• CISSP or equivalent knowledge
LICENSURE, CERTIFICATION OR REGISTRATION PREFERRED:
Security certifications (i.e. EnCE; SANS-GIAC: GCIA, GREM, GPEN, GCFA\E, or GNFA, GPPA, GXPN or related, OSCP; CEH, IINS, CCNP-Security)
- Benefits from Day One
- Paid Days Off from Day One
- Student Loan Repayment Program
- Career Development
- Whole Person Wellbeing Resources
- Mental Health Resources and Support
Our promise to you:
Joining AdventHealth is about being part of something bigger. It's about belonging to a community that believes in the wholeness of each person, and serves to uplift others in body, mind and spirit. AdventHealth is a place where you can thrive professionally, and grow spiritually, by Extending the Healing Ministry of Christ. Where you will be valued for who you are and the unique experiences you bring to our purpose-minded team. All while understanding that together we are even better.
Schedule: Full Time
The role you'll contribute:
The Threat Management Associate Analyst is part of the Information Security Threat Management Team (ISTMT) that will assist in the definition, maintenance, and execution the Computer Security Incident Response Plan. (CSIRP). The CSIRP defines the policies, processes, methodologies, resources, roles, and responsibilities required to investigate and remedy any computer or network security events or incidents within the networks, as well as any networks or entities that interface with the network. The ISTMT analyst will execute the appropriate coordination required to apprise the applicable stakeholders, technical, managerial, and administrative decision makers of incident mitigation requirements in a timely manner. The ISTMT analyst will provide governance and guidance, oversight of, and recommendations concerning, all aspects of the CSIRP. This includes best practices, investments, incident management systems, policies, procedures, definitions of roles and responsibilities, and coordination needed for the effective and efficient mitigation of computer security incidents that impact the organization.
The value you'll bring to the team:
• Basic analysis of network activity and flow data, monitors and evaluates network flow data for possible malware activity via anomalies
• Accumulate IOC's from intel sources and monitoring tools, responding to detected events with moderate supervision
• Participates in the analysis of cyber threats, vulnerabilities, and exploits; participating in remediation action plans
• Document, communicate, collaborate and transition incident details to other members and other support groups
• Participates in the Advanced Persistent Threat correlation between multiple security event sources such as firewall logs, threat intelligence feeds, AV, Endpoint Analysis, IDSIPS, and other sources with moderate supervision
• Communicate and provide manager with incident updates, work and project statuses that include concerns and risks in a timely manner
• Works closely with Team Lead or Manager when researching, planning, building, and implementing approved projects. Partners with Team Lead or Manager to oversee the delivery of solutions and appropriately manages and escalates risks and issues.
• Performs other duties as assigned.
Qualifications
The expertise and experiences you'll need to succeed :
KNOWLEDGE AND SKILLS REQUIRED:
• MUST HAVE 3+ YEARS OF OPERATIONAL SECURITY EXPERIENCE
• Enterprise Domain experience is a must.
• Displays strong customer service skills
• Basic knowledge of infrastructure assets, including classical routing, switching, firewalls, IDS\IPS, web proxies, and load-balancer technologies
• Basic knowledge of Enterprise log management and SIEM solutions.
• Basic understanding of security vulnerability assessment and exploit toolsets, i.e. Nessus, Nexpose, Qualys, and Metasploit frameworks
• Analytical and problem-solving skills and the ability to "think-out-of-the-box."
• Moderate troubleshooting skills, including protocol analysis and decoding via Wireshark, TcpDump, WinDump, and similar PCAP capturing and protocol decoding technologies
• Understanding of information technology methodologies in multiple disciplines; comfortable with complex undocumented requirements and independent task research
• Ability to parse and analyze Firewall, IDS\IPS, web proxy, system and security logs
• Understanding of network protocols.
• Moderate knowledge of Active Directory, Windows and Linux client and server operating systems; including an understanding of process interactions, inter-process communications and system configuration files (i.e. registry, config files, etc.)
• Basic understanding of Encryption, both Asymmetric and Symmetric technologies
• Interpersonal skills with a positive and enthusiastic attitude
• Advanced oral and written communication skills
• Ability to receive calls and text messages 24 hours a day, seven days per week
• Basic Malware Analysis skills
KNOWLEDGE AND SKILLS PREFERRED:
• Knowledge of SEP, Cisco Security Technologies: Sourcefire IDS\IPS, AMP for Endpoints, IronPort Suites, and ASA Firewalls.
• Understanding of obfuscation techniques.
• Knowledge of Checkpoint Firewalls and DLP
• Understanding of HIPAA, HITRUST, NIST, FISMA, FedRAMP, 27001, PCI, SOC audit
• Basic knowledge of scripting languages (i.e. JavaScript, PowerShell, Perl, Python, PHP)
• Basic understanding of SQL queries, parsing, and correlating data from databases
• Basic understanding of forensics analysis such as Encase, FTK, SIFT and\or open source equivalent toolsets
• Working knowledge of healthcare or clinical physician clinical practice
EDUCATION AND EXPERIENCE REQUIRED:
• Associate degree OR substitute 5+ years of Information Technology experience
• 3 years of Information Security experience
EDUCATION AND EXPERIENCE PREFERRED:
• 3+ years of Information Security experience
• 5+ years of Information Technology experience
LICENSURE, CERTIFICATION OR REGISTRATION REQUIRED:
• CISSP or equivalent knowledge
LICENSURE, CERTIFICATION OR REGISTRATION PREFERRED:
Security certifications (i.e. EnCE; SANS-GIAC: GCIA, GREM, GPEN, GCFA\E, or GNFA, GPPA, GXPN or related, OSCP; CEH, IINS, CCNP-Security)
