IT Security Analyst
Prestigious Enterprise Institution is currently seeking an IT Security Analyst. Candidate will assess security needs and capabilities of the organization. and prepare regular reports to IT management concerning the current state of security measures and makes recommendations for improvement as required. Candidate will work on overall security program and content, and work with existing policies and procedures to identify, recommend and develop revised policies and procedures relating to information security as appropriate to help maintain the overall IT security program.
- Works with IT management, risk managers, corporate compliance, and clinical teams. Ensures organization compliance with the security sections of Federal and State regulations including HIPAA, and JCAHO standards.
- Monitor, respond to, tune, analyze alerts from network and systems monitoring tools (SIEM, IDS/IPS, AV, Firewalls etc.); administer rules and policies for same
- Function as web/application security subject matter expert and liaison to internal Edelman teams (both technical and non-technical) for relevant projects.
- Research, analyze, and recommend the implementation of software or hardware changes to rectify security deficiencies or to enhance security performance.
- Participate as a member of team providing pertinent security information and input to strategic and tactical planning; initiatives and projects planning.
- Develop technical security standards in support of information security policies and principles
- Train other Security Engineers on processes, procedures, and technologies
- Works with internal and external auditors to response to needed requests, suggestions and security related findings.
- Provides support in the development and implementation of security controls for clinical and finance applications.
- Works closely with Application Build Teams to understand the security architecture and coordinates the implementation of changes in security once approved through the Configuration Management.
- Requires bachelor's degree in computer science or related technology field. CISSP certification a plus.
- Requires 2+ years of relevant computer systems experience focusing on Information Security, preferably in a healthcare setting.
- Thorough understanding of risk analysis and audit tracking.
- Thorough knowledge of local area and wide area network architectures (LAN/WAN), and in-depth and current knowledge of data processing and programming concepts. Experience with network design, routing design and open system security issues.
- Command of office automation tools (Microsoft Professional Suite, Exchange e-mail, etc.)
- Familiarity with current common paradigms for violating system integrity.
- Must have excellent interpersonal skills to effectively communicate with all levels of hospital personnel, vendors and IT personnel.
- Must possess the ability to deliver clear, concise communications and presentations. Must be able to train others quickly and thoroughly on key IT concepts.
- Expert knowledge with security role based access for Epic and other enterprise clinical applications.
- Advanced knowledge of technical security solutions (ie IDS/IPS, secure remote access, authentication, traditional and next gen Firewalls, encryption, VPNs, SIEMs, application security, advanced malware detection, vulnerability management, and other relevant domains)
Trend Micro security suite (Office Scan, DLP, Mobile Security, Disk Encryption) Enterprise Windows OS, Active Directory, VBScript, WSUS patch management, Qualys, Desktop virtualization technologies, Anti-Virus software, SQL, IIS Web services, WINS, DNS, DHCP, Exchange Email, IDS/IPS.
TCP/IP, Ethernet, Fiber, VPN, Wireless networking,
HP, Dell, Wyse thin clients, Ergotron Mobile devices, Network Virus Wall hardware appliances
Certifications: Active professional certifications such as CISSP, OSCP/E, relevant GIAC or SANS certifications