Senior Information Security Analyst - Metropolitan Jewish Health System : Job Details

Our Corporate team may not provide direct care, but we still touch people's lives in a very real and substantial way. The services we provide contribute greatly to the overall patient and member experience, supporting our reputation for excellence.

The Senior Information Security Analyst will have strong technical experience and a risk evaluation mindset in all areas of security operations including, event triage, incident response, vulnerability management, penetration testing, and event management (SIEM) is a key part of our information security team. Additionally, the Senior IS Analyst will possess the capability to analyze malware, network traffic, and large sets of disparate data with a genuine curiosity and passion for Cybersecurity.

• Bachelor's Degree in IT related discipline or equivalent

• 5+ years of Information Technology experience.

  3+ years of full-time Information Security related experience

• Strong Windows, networking, malware, and data analysis background. PowerShell, Bash, or other scripting experience. Ability to prioritize and independently complete competing work assignments. Working knowledge of SOC/Security Operations, ITSM, incident handling, vulnerability and penetration testing, security frameworks and best practices. Working knowledge of application & infrastructure security solutions (Firewalls, Intrusion Detection/Prevention Systems, Network Security, Password Management, Data Encryption, and Access Controls). Strong interpersonal and communication skills.

  CEH, GIAC GCIA, GSEC, OSCP, CISSP, CISA, CISM, CySA+ or other relevant security certifications preferred.

  Understanding of relevant legal, compliance, and regulatory requirements, such as HIPAA, NYDFS cybersecurity, and other cybersecurity frameworks e.g., NIST CSF, MITRE.

  Project Management experience, Cloud Security Expertise, Risk Management skills

• Monitor, investigate, correlate, and interpret SIEM logs and MSSP alerts and other detections across multiple platforms for Information Security events
• Manage, configure, and troubleshoot security systems

• Identifies opportunities to improve processes and controls through automation.

• Improves methods to increase accuracy and detection rate.

• Perform vulnerability scans and interpret results.
• Perform audits of information systems and controls. Investigate and document findings and work with other teams on remediation.

• Create documentation for policies and procedures as needed.

• Document events and research performed during the investigations and artifacts collected.
• Participate in Incident Response activities. Coordinate and follow-up with other IS teams to timely mitigate threats to the organization.
• Analyze and interpret malware, exploits and threat activities.
• Maintain current knowledge of Cybersecurity Threat Intelligence landscape, industry trends, and situational awareness.
• Author and edit automation and orchestration scripts for research and tool deployment.
• Track and complete tasks for security enhancement projects.