Information Security Analyst III
The Information Security Analyst III completes tasks designed to protect against unauthorized access, modification or destruction of Hackensack Meridian Health's (HMH) information assets. Mid-level position, typically assigned larger, complex projects. A wide degree of creativity and latitude is expected. May lead/direct the work of others, mentoring junior team members. Relies on extensive experience and judgment to plan and accomplish goals.
- Help to manage computer security across the enterprise.
- Track and monitoring of software viruses.
- Evaluate, implement and manage security solutions.
- Execute incident response strategies.
- Lead security projects and cross functional project teams.
- Administers the various security tool systems. Communicates intrusions and compromises to team leaders. Ensures integrity and protection of networks. Functions as system and/or backup administrator for four or more security tools. Monitors IDS/IPS for potential, successful and unsuccessful intrusion attempts. Performs the day-to-day administration required to ensure the security tools are meeting the needs of Hackensack Meridian Health. Upgrades and/or applies patches to security tools as required. Monitors and investigates alerts, determining root cause and appropriate mitigations.
- Identifies both unsuccessful and successful intrusion attempts by reviewing and analyzing security events logs and event summary information. Makes recommendations to improve the functionality of the security tools to improve Hackensack Meridian Health’s security posture and/or customer experience.
- Performs customer support work and documents security incidents. Initiates service recovery when necessary. Responds to requests, adhering to established SLA’s. Provides detailed explanations in Help Desk tickets to allow co-workers to follow the tickets from origination to completion. Informs user of ticket status, explains the problem and resolution in simple terms, and sets appropriate expectations with the end user. Provides advance notification to appropriate teams to advise of scheduled/unscheduled downtimes and implementation of new systems.
- Reviews security violation reports and investigates possible security exceptions.
- Works with end users to determine needs of individual departments, implementing policies or procedures. Serves as a subject matter expert on security projects/initiatives.
- Monitor security and compliance trends, current events, best practices, etc.
- Through various consultative methods (PER process, meetings, service requests, etc.) work with our customers to review their requirements and access the overall security.
- A member of the HMH Incident Response Team, responding to and mitigating security incidents using established procedures and protocols. Rotating member of IT Info Security on-call team.
- Lifts, pushes or pulls up to 25 lbs. and may sit and/or stand for long periods of time.Adheres to the HMH’s Organizational Competencies and Standards of Behavior.
- Adheres to the HMH’s Organizational Competencies and Standards of Behavior.
- Bachelor’s degree in IT, Computer Science, Management Information Systems or equivalent degree. Work experience may be substituted.
- Six or more years of IT experience with 3 or more years of system/network security experience, including threat modeling, threat assessments, risk identification techniques, penetration testing.
- Proven experience and technical knowledge in endpoint security and protection; data loss prevention; authentication and security protocols; network security; server security and protection; deploying intrusion detection/prevention tools; security event correlation; web security gateways; vulnerabilities and remediation techniques; application and OS patch mgmt.
- In-depth experience with network devices including firewalls, routers, switches, etc.
- Experience in large network environments with data centers and remote locations.
- Experience with applying security policies and standards.
- Familiarity with security regulations and standards, HIPAA/HITECH and PCI-DSS preferred.
- Knowledge of network and web protocols (i.e. TCP/IP, UDP, IPSEC, HTTP, HTTPS, etc.)
- Knowledge of MS Windows, Active Directory, Linux (a plus), RADIUS, and TACACS+, SAML capabilities and best practice implementation methodologies.
- Proven experience implementing large-scale, enterprise-wide security solutions.
- Ability to discuss complex security issues in understandable business terms.
- Detailed knowledge of network and web-related protocols (i.e. TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols, etc.).
- Ability to seamlessly move between hacker/attacker and security engineer/defender mindsets.
- Excellent written and verbal communication skills.
- Strong problem-solving and analytical skills.
- Ability to travel to other HMH locations, as needed.
As a courtesy to assist you in your job search, we would like to send your resume to other areas of our Hackensack Meridian Health network who may have current openings that fit your skills and experience.