Cyber Security Analyst I : Corporate Information Security

Primary Duties and Responsibilities

The Cyber Security Analyst participates in establishing and maintaining the corporate-wide Cyber Security program to ensure information assets are adequately protected. Responsible for ensuring the confidentiality, integrity, and availability of Hoag enterprise-wide security devices. With oversight from the Cyber Security Operations Manager, the Cyber Security Analyst will actively support system security assessments to identify vulnerabilities, remediation strategies, and assist system owners in implementing effective safeguards. Supports incident response activities from detection, analysis, remediation, and mitigation, to lessons-learned documentation. Understands and adheres to Hoag Cyber Security policies, procedures, and guidance. Works across organizational lines with multiple stakeholders (internal and/or external) to ensure deliverables are accurate, complete, and on time. Analyzes security events and incidents utilizing existing tool sets.

Participates with team members and takes direction from leads for Cyber Security Incident Response activities. Takes direction in assessing security controls (technical, operational, procedural) for alignment with regulatory requirements (e.g., NIST CSF, HIPAA, HITRUST, PCI). Assist with documentation for remediation and participates in developing corrective action plans based on findings and identified vulnerabilities.

Conducts log data analysis for Cyber technologies to secure Hoag’s information and systems.

This includes but is not limited to:

• Security Information and Event Management (SIEM) tools;
• Access Control;
• Network Security;
• Intrusion Detection / Prevention Systems;
• Malware Protection;
• Email Security;
• Data Loss Prevention;
• Cloud Security solutions.

This position entails work in a 24/7 department which may require work outside of normal business hours. Performs other duties as assigned.

• Associate degree in Cyber Security, Computer Science, Computer Information Systems, Engineering, Business, or related technical field. Additional equivalent work experience may be substituted for the degree requirement
• A minimum of two to four (2-4) years of business/industry experience. Knowledge of cyber security tools, process, methodologies and frameworks
• Experience working incident response and cyber operations. Ability to set priorities and meed obligations in a timely manner.

• Bachelor’s degree in Computer Science, Computer Information Systems, Cyber Security, Cyber Forensics, Engineering, Business, or related technical field.
• One to three (1-3) years translating business requirements and priorities into cyber security standards, policies and procedures.
• Experience in a hospital or health care related organization of similar size and complexity.
• Incident response experience, reverse malware engineering experience, vulnerability assessment experience, red Team, blue Team, or purple team experience, threat modeling, data analytics, and use case development and digital Forensics experience preferred.

N/A

N/A

• A minimum of one of the following:
• Comptia A+
• Security+
• Network+
• GIAC Security Essentials (GSEC)
• Certified Ethical Hacker (C|EH)

• GIAC Certified Incident Handler (GCIH)
• Certified Information Systems Security Professional (CISSP)