IT SECURITY ANALYST II

Owensboro Health - 42303
September 9, 2020
IT SECURITY ANALYST II Information Technology Hours: 8AM-4:30PM Days - Full-time Paygrade/Wages/Salary Info: OH 2013-76 - 40325A
Job Summary Selects, deploys, and maintains security controls and technical solutions following standard procedures. Develops, implements, and maintains procedures to improve Owensboro Health (OH) IT Security Program#s ability to prevent, detect, and respond to threats. Monitors security events and vulnerabilities and conducts tier 2 analysis of identified incidents. Participates in incident response including but not limited to identifying compromised devices, analyzing event data, and developing containment strategies. Performs risk assessment and management activities in regards to technology, process, and applications. Participates in threat intelligence gathering and tier 2 analysis. # Job Responsibilities Analyzes event information and performs threat or target analysis duties. Provide operations for persistent monitoring on a 24/7 basis of all designated networks and systems. Interprets, analyzes, and reports all events and anomalies in accordance with Security practices, including initiating, responding, and reporting discovered events. Manages and executes tier 2 responses and addresses reported or detected incidents. Coordinates and distributes directives, vulnerability, and threat advisories to identified consumers. Serves as an escalation point, providing outstanding customer service through timely, high quality issue resolution. Responds rapidly to security incidents and attacks, identifies compromised machines, analyzes data, develops and reports on security measures taken to address threats, vulnerabilities, analyzes security risks and develops appropriate response procedures. Participates or leads the Information Technology Security Incident Response Team (IT-SIRT) to identify and remediate security incidents. Monitors external data sources (e.g., computer network defense vendor sites, computer emergence response teams, SANs Security Focus) to maintain currency of computer network defense threat condition and determine which security issues may have an impact on the enterprise. Performs analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection systems (IDS) logs) to identify possible threats. Performs initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems. Assists in the monitoring of the OH IT Security Tools (e.g. Security Incident and Event Management (SIEM) system, Anti-Virus # Malware analysis and protection, content filtering, logical access controls, identity and access management, data loss prevention, and encryption) in order to support security across company information assets. Writes IT Security Standards, Procedures and Policies providing guidance and best practice to support the organization and monitors compliance. Mentors and cross trains staff to ensure information security skill sets are being developed by all personnel; provides guidance and support to other members of the IT Security Team. Performs Security Risk Assessments (SRAs) by analyzing computing environments to determine vulnerabilities, recommend safeguards to mitigate risk, and perform compliance reviews to ensure applications and servers are operating in accordance with established policies and procedures. Participates in the change control process as an advocate to keep information security integrated and involved in all production environment changes. Participates in project planning, with the objective of calling out concerns, as well as the need to implement new controls (logical, procedural and/or physical). Estimates level of effort associated with implementing controls to mitigate risk, define control requirements and drive implementation efforts when approved by management. Participates and aide in design of the Disaster Recovery Planning. Works closely with other members of the IT Security Team to ensure the confidentiality, integrity and availability Information Systems and data. Works with other teams within and outside IT to serve as a SME in Information Security to provide recommendations and guidance. Assists and consults system configuration changes to address vulnerabilities and weaknesses in protocols and other technology (i.e. recommending specific registry entries be tested and deployed to disable support for SSL v2, v3, and TLS v1 on endpoints) Familiarity with industry standard regulations and guidance (e.g., NIST, HIPAA, PCI, etc.) and works to ensure and maintain IT compliance. Participates in rotating on call schedule for IT Security Team. Qualifications Associate#s degree or higher in Computer Information Systems required upon hire OR Associate#s degree or higher in related field required upon hire A combination of education, training and experience may be considered in lieu of degree. A minimum of 4 years# relevant experience required No licensure/certification/registration required Skills and Attributes Requires critical thinking skills and decisive judgment. Works under minimal supervision. Must be able to work in a stressful environment and take appropriate action. Excellent interpersonal, analytical, and problem solving skills. Physical Demands Standing: Occasionally Walking: Occasionally Sitting: Frequently Lifting 0-25 lbs: Rarely Lifting 25-75 lbs: Never Lifting over 75 lbs: Never Carrying 0-25 lbs: Rarely Carrying 25-75 lbs: Never Carrying over 75 lbs: Never Pushing/Pulling 0-25 lbs: Rarely Pushing/Pulling 25-75 lbs: Never Pushing/Pulling over 75 lbs: Never Climbing: Rarely Bending/Stooping: Rarely Kneeling: Rarely Crouching/Crawling: Rarely Reaching: Occasionally Talking: Frequently Hearing: Occasionally Repetitive Foot/Leg Movements: Never Repetitive Hand/Arm Movements: Frequently Keyboard Data Entry: Frequently Running: Never Vision: Depth Perception: Frequently Vision: Distinguish Color: Frequently Vision: Seeing Far: Frequently Vision: Seeing Near: Frequently Owensboro Health Core Commitments INTEGRITY - We conduct ourselves with a high level of responsibility, reliability and honesty because we take seriously the trust of our patients and coworkers. RESPECT - We value and accept the unique talents and contributions of every patient, customer and team member in the Owensboro Health community. TEAMWORK - We build a spirit of connectivity and fellowship by striving together to overcome obstacles, surpass goals, celebrate accomplishments and plan the future. INNOVATION - We foster original ideas and creative solutions that improve our daily work and promote the mission of Owensboro Health. SERVICE - We focus on service to patients, customers and team members by anticipating their needs, thoughtfully meeting those needs and continually improving the quality of everything we do. EXCELLENCE - We reach beyond basic expectations to expand our knowledge and awareness, produce exceptional work and provide outstanding service.