Address
Form of workAll the benefits and perks you need for you and your family:
- Benefits from Day One
- Paid Days Off from Day One
- Student Loan Repayment Program
- Career Development
- Whole Person Wellbeing Resources
- Mental Health Resources and Support
Our promise to you:
Joining AdventHealth is about being part of something bigger. It's about belonging to a community that believes in the wholeness of each person, and serves to uplift others in body, mind and spirit. AdventHealth is a place where you can thrive professionally, and grow spiritually, by Extending the Healing Ministry of Christ. Where you will be valued for who you are and the unique experiences you bring to our purpose-minded team. All while understanding that together we are even better.
Schedule: Full Time
The role you'll contribute:
The Threat Management Associate Analyst is part of the Information Security Threat Management Team (ISTMT) that will assist in the definition, maintenance, and execution the Computer Security Incident Response Plan. (CSIRP). The CSIRP defines the policies, processes, methodologies, resources, roles, and responsibilities required to investigate and remedy any computer or network security events or incidents within the networks, as well as any networks or entities that interface with the network. The ISTMT analyst will execute the appropriate coordination required to apprise the applicable stakeholders, technical, managerial, and administrative decision makers of incident mitigation requirements in a timely manner. The ISTMT analyst will provide governance and guidance, oversight of, and recommendations concerning, all aspects of the CSIRP. This includes best practices, investments, incident management systems, policies, procedures, definitions of roles and responsibilities, and coordination needed for the effective and efficient mitigation of computer security incidents that impact the organization.
The value you'll bring to the team:
Basic analysis of network activity and flow data, monitors and evaluates network flow data for possible malware activity via anomalies
Accumulate IOC's from intel sources and monitoring tools, responding to detected events with moderate supervision
Participates in the analysis of cyber threats, vulnerabilities, and exploits; participating in remediation action plans
Document, communicate, collaborate and transition incident details to other members and other support groups
Participates in the Advanced Persistent Threat correlation between multiple security event sources such as firewall logs, threat intelligence feeds, AV, Endpoint Analysis, IDS\IPS, and other sources with moderate supervision
Communicate and provide manager with incident updates, work and project statuses that include concerns and risks in a timely manner
Works closely with Team Lead or Manager when researching, planning, building, and implementing approved projects. Partners with Team Lead or Manager to oversee the delivery of solutions and appropriately manages and escalates risks and issues.
Performs other duties as assigned.
The expertise and experiences you'll need to succeed:
KNOWLEDGE AND SKILLS REQUIRED:
MUST HAVE 3 YEARS OF OPERATIONAL SECURITY EXPERIENCE
Enterprise Domain experience is a must.
Displays strong customer service skills
Basic knowledge of infrastructure assets, including classical routing, switching, firewalls, IDS\IPS, web proxies, and load-balancer technologies
Basic knowledge of Enterprise log management and SIEM solutions.
Basic understanding of security vulnerability assessment and exploit toolsets, i.e. Nessus, Nexpose, Qualys, and Metasploit frameworks
Analytical and problem-solving skills and the ability to "think-out-of-the-box."
Moderate troubleshooting skills, including protocol analysis and decoding via Wireshark, TcpDump, WinDump, and similar PCAP capturing and protocol decoding technologies
Understanding of information technology methodologies in multiple disciplines; comfortable with complex undocumented requirements and independent task research
Ability to parse and analyze Firewall, IDS\IPS, web proxy, system and security logs
Understanding of network protocols.
Moderate knowledge of Active Directory, Windows and Linux client and server operating systems; including an understanding of process interactions, inter-process communications and system configuration files (i.e. registry, config files, etc.)
Basic understanding of Encryption, both Asymmetric and Symmetric technologies
Interpersonal skills with a positive and enthusiastic attitude
Advanced oral and written communication skills
Ability to receive calls and text messages 24 hours a day, seven days per week
Basic Malware Analysis skills
KNOWLEDGE AND SKILLS PREFERRED:
Knowledge of SEP, Cisco Security Technologies: Sourcefire IDS\IPS, AMP for Endpoints, IronPort Suites, and ASA Firewalls.
Understanding of obfuscation techniques.
Knowledge of Checkpoint Firewalls and DLP
Understanding of HIPAA, HITRUST, NIST, FISMA, FedRAMP, 27001, PCI, SOC audit
Basic knowledge of scripting languages (i.e. JavaScript, PowerShell, Perl, Python, PHP)
Basic understanding of SQL queries, parsing, and correlating data from databases
Basic understanding of forensics analysis such as Encase, FTK, SIFT and\or open source equivalent toolsets
Working knowledge of healthcare or clinical physician clinical practice
EDUCATION AND EXPERIENCE REQUIRED:
Associate degree OR substitute 5 years of Information Technology experience
3 years of Information Security experience
EDUCATION AND EXPERIENCE PREFERRED:
3 years of Information Security experience
5 years of Information Technology experience
LICENSURE, CERTIFICATION OR REGISTRATION REQUIRED:
CISSP or equivalent knowledge
LICENSURE, CERTIFICATION OR REGISTRATION PREFERRED:
Security certifications (i.e. EnCE; SANS-GIAC: GCIA, GREM, GPEN, GCFA\E, or GNFA, GPPA, GXPN or related, OSCP; CEH, IINS, CCNP-Security)
