Cybersecurity Analyst

Cybersecurity Analyst, is responsible for using one or more security tools and technologies to detect, analyze, test, validate, curate, provide actionable guidance to IT System and Service Owners to enforce Cybersecurity policies, controls, standards for M Health Fairview. Successful candidate would have general understanding of cybersecurity principles, frameworks, policies, risk and compliance needs for M Health Fairview. May have engineering or support expertise in one or more Cybersecurity tools. Operational support duties include collaborating with peer engineers/analysts, analysis, prioritization and coordinating efforts to mitigate identified gaps in security. Cybersecurity Analysts will have deep expertise in one or more domains of security – Identity, Network, Data, Applications, Cloud, Devices & End points. Candidate will have broad understanding vulnerabilities, risks or exposure and exploitability, tools and techniques to test/validate security threats and methods to mitigate them. Successful candidate will contribute actions to detect, enumerate risk and collaborate with IT and Business teams to come up with remediation steps and help minimize security risk.

Responsibilities

• Understanding of vulnerability classes (OWASP) and how they can be exploited
• Understanding of different domains of security and interactions including authentication, authorization, coding principles, development methodologies, web/mobile applications, use of public and private networks, devices and applications hosted in public/private/hybrid cloud environments
• Experience analyzing risk and prioritization of vulnerability remediation using MITRE ATT&CK within the greater context of assets and the control stack
• Understanding of security policies, standards, risk enumeration techniques, cybersecurity frameworks
• Work with vendors, health and business partners to ensure security remediation milestones are being met
• Be part of technical and risk management teams to identify and remediate gaps including tool/technology deficiencies
• Perform analyses to validate established security requirements and to recommend additional security requirements and safeguards.
• Document processes and enhance existing processes in partnership with business and IT teams.
• Serve as security subject matter resource in assisting triage, investigation and remediation of assumed/potential/actual security incidents. Participate in Red/Blue/Purple teams as needed to help improve security posture of M Health Fairview.
• Assist in design, implement, maintain and support current and future complex information security technologies, processes and procedures. Lead the design and development of security controls that ensure the safety of information assets and protect from unauthorized access or intentional destruction.
• Lead or contribute to complex projects related to information security regulatory compliance and the implementation and maintenance of all cybersecurity programs, processes and technologies. Assure the implementation of appropriate security configurations or re-configurations and work with appropriate teams to execute them as required.
• Foster a culture of improvement, efficiency gains and innovative thinking. Adapt and embrace change and demonstrate flexibility in taking up and fulfilling other duties as assigned.

Required Qualifications

• Bachelor of Science in any discipline or relevant experience/education
• 8 years of cumulative experience in engineering, development and/or support of IT Systems
• 3 years experience in either customization, deployment or support of Cybersecurity tools and technologies
• Ability to author and/or edit scripts such as PowerShell, Python and exposure to or knowledge of REST API and JSON batching and workflow automation
• Ability to thrive in a sense-of-urgency environment and leverage best practices
• Language & Communication Skills Ability to effectively communicate both verbally and written with all levels within the organization Ability to explain technical concepts and adjust messaging based on the audience, including non-technical groups Ability to influence through outstanding interpersonal skills, collaboration, and negotiation skills Ability to work well within a team environment, as well as independently

Preferred Qualifications

• Bachelor of Science in Computer Science, Computer Engineering, Technology Information Systems, Engineering or related technical discipline
• Technical area specific or industry specific certifications – Security+, CASP, CEH, Pentest+ or equivalents
• Technical engineering or analyst level certifications