The Cybersecurity Analyst provides cybersecurity expertise required to monitor and maintain security controls and technical solutions following standard procedures. Develops, implements and maintains procedures to improve Geisinger Health System (GHS) Cybersecurity Program’s ability to prevent, detect and respond to cyber threats. Monitors security events and vulnerabilities and conducts first-level analysis of identified incidents. Participates in incident response including but not limited to identifying compromised devices, analyzing event data, and developing containment strategies. Performs risk assessment and management activities in regards to technology, process, and applications. Follows required escalation, communication and reporting procedures. In addition, participates in threat intelligence gathering and first level analysis. Expected to continue building cybersecurity expertise including but not limited to technical capabilities and cybersecurity field advancements.
COMPETENCIES AND SKILLS:
Demonstrates a growing capability by successfully performing increasingly complex assignments without supervision.
Demonstrates strong interest and expertise in security data analysis and ability to identify events of interest.
Demonstrates curiosity and a propensity to understand the current security threat landscape and to advance in this subject area.
Technical skills that include a conceptual understanding with hands-on configuration and troubleshooting experience with one or more of the following: Operating Systems, Wireless Technologies, Encryption technologies, Intrusion Detection, Firewalls, Active Directory, Routers/Switches, Anti-Virus, Mobile devices, Web Applications, HTTP(s), Identity and Access Management (IAM), provisioning, role management, access management.
Demonstrates understanding of technical vulnerability assessment and penetration testing concepts and techniques.
Demonstrates understanding of digital forensics and investigation process standards, concepts and techniques.
Conceptually understands and can apply technology standards methodologies and frameworks such as NIST, ITIL, ISO.
Conceptually understanding of risk management and the application of risk management frameworks.
Demonstrates ability to conduct risk assessments.
Demonstrates ability for critical thinking and creative problem solving.
Demonstrates passion for continuous learning and application of new technologies and/or self-initiative for acquiring security skills such as ethical hacking, penetration testing, threats, vulnerabilities, risk assessments.
Effective verbal and written communication skills including the ability to communicate with technical, managerial and business audiences.
Demonstrates strong writing, verbal and presentation skills to present thoughts, ideas, project plans, status updates.
Demonstrates strong teamwork skills with ability to negotiate and to resolve conflicts in a productive and professional manner.
General project management skills, including but not limited to, building and maintaining implementation plans, plan execution and project tracking and reporting
Knowledgeable of HIPAA, PCI, and other regulations and how to integrate into secure architecture design.
EDUCATION AND EXPERIENCE:
Bachelor’s Degree in Information Security, Information Technology, or related field required.
Two or more years of cybersecurity related experience required with more in-depth experience in one or more of the following concentrations is preferred:
·Secure architecture design, including network, servers, endpoints, and application technologies.
·Incident response and preparedness.
·Threat hunting and security data analytics.
·Vulnerability analysis and program management.
·Penetration testing and program management.
·Threat and intelligence gathering and application.
·Digital forensics to include hardware, network and malware analysis.
·Security Information and Event Monitoring design, implementation, and maintenance.
·Regulatory compliance (PCI, HIPAA, etc.).
·Risk assessment and/or risk management.
·Security culture and resilience.
OR Associate's Degree in Information Security, Information Technology, or related field required. Minimum of five years of experience in the Information Security field required.
In lieu of degree, may consider a minimum of eight or more years of experience in the Information Security field.
WORKING CONDITIONS/PHYSICAL DEMANDS:
Work is typically performed in an office environment with occasional travel to different buildings. Mostly sedentary work interacting with computers and people. Requires ability to perform visual inspection and lifting less than 10 pounds.
OUR PURPOSE & VALUES: Everything we do is about caring for our patients, our members, our students, our Geisinger family and our communities. KINDNESS: We strive to treat everyone as we would hope to be treated ourselves. EXCELLENCE: We treasure colleagues who humbly strive for excellence. LEARNING: We share our knowledge with the best and brightest to better prepare the caregivers for tomorrow. INNOVATION: We constantly seek new and better ways to care for our patients, our members, our community, and the nation.
ABOUT GEISINGER: Geisinger is a physician-led health system comprised of approximately 30,000 employees, including nearly 1,600 employed physicians, 13 hospital campuses, two research centers, and a 583,000-member health plan Geisinger is nationally recognized for innovative practices and quality care. Geisinger serves more than 3 million people in central, south-central and northeast Pennsylvania and also in southern New Jersey with the addition of National Malcolm Baldridge Award recipient AtlantiCare, A member of Geisinger. In 2017, the Geisinger Commonwealth School of Medicine became the newest member of the Geisinger Family.
We offer healthcare benefits for full time and part time positions from day one, including vision, dental and domestic partners. * Perhaps just as important, from senior management on down, we encourage an atmosphere of collaboration, cooperation and collegiality. For more information, visit www.geisinger.org, or connect with us on Facebook, Instagram, LinkedIn and Twitter.
** Does not qualify for J-1 waiver. We are an Affirmative Action, Equal Opportunity Employer Women and Minorities are Encouraged to Apply. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of disability or their protected veteran status.
*Domestic partner benefits not applicable at Geisinger Holy Spirit.
At Geisinger, our innovative ideas are inspired by the communities we serve – like our Fresh Food
Farmacy, a program that delivers life-saving healthy alternatives to patients with diabetes. With additional tools like our MyCode Community Health Initiative, one of the first health system genome sequencing
programs, and our new asthma app suite that we developed in partnership with AstraZeneca, it’s no wonder we’re ranked one of the Top 5 Most Innovative Healthcare Systems by Becker's Hospital Review. We continually work towards continuous improvement in a culture where everyone has a voice and firmly believe that better begins with all of us.
Founded more than 100 years ago, Geisinger serves more than three million residents throughout central, south-central and northeastern Pennsylvania and southern New Jersey. Our physician-led system is comprised of 30,000 employees, including 1,600 employed physicians, and consists of 13 hospital campuses, the Geisinger Health Plan, Geisinger Commonwealth School of Medicine and two research centers.
What you do at Geisinger shapes the future of health and improves lives – for our patients, communities, and you.