Senior Security Analyst

Benefits

• $10,000 Tuition Reimbursement per year ($5,700 part-time)
• $10,000 Student Loan Repayment ($5,000 part-time)
• $1,000 Professional Development per year ($500 part-time)
• $250 Wellbeing Fund per year($125 for part-time)
• Matching 401(k)
• Excellent medical, dental and vision coverage
• Life insurance
• Annual Employee Salary Increase and Incentive Bonus
• Paid time off and Holiday pay

Pay Starting at: $53.34+ per hour based on experience

Northwestern Medicine is powered by a community of colleagues who are purpose-driven and committed to our mission to deliver world-class care. Here, you'll work alongside some of the best clinical talent in the nation leading the way in medical innovation and breakthrough research with Northwestern University Feinberg School of Medicine.

We recognize where you've been, and we support where you're headed. We celebrate diverse perspectives and experiences, which fuel our commitment to equity and culture of service.

Grow your career with comprehensive training and development opportunities, mentorship programs, educational support and student loan repayment.

• Create the life you envision for yourself with flexible work options, a Reimbursable Well-Being Fund and a Total Rewards package that support your physical, mental, emotional and financial well-being.
• Make a difference through volunteer opportunities we offer in local communities and drive inclusive change through our workforce-led resource groups.

From discovery to delivery, come help us shape the future of medicine.

Description

The Senior Security Analyst reflects the mission, vision, and values of NM, adheres to the organization's Code of Ethics and Corporate Compliance Program, and complies with all relevant policies, procedures, guidelines and all other regulatory and accreditation standards.

The security analyst will be extensively involved with security event monitoring, activities identifying, evaluating and reporting on information security that supports risk posture.

Responsibilities:

• Investigate alerts generated by security controls. Implement/provide recommendations to improve detection capability accuracy.
• Develop/optimize incident response standards and procedure to increase the organizations cyber resiliency. Coach and mentor junior resources.
• Analyze the enterprise information security environment and recommend security measures to safeguard valuable information assets.
• Identify, evaluate, and report on information security risks.
• Collaborate with vendors and internal departments to develop and implement procedures.
• Collaborate with senior staff on strategic and tactical security guidance for all IS projects, including the evaluation and recommendation of technical controls.
• Monitor and maintain the wide security infrastructure and frameworks while analyzing, planning and making recommendations for changes to ensure consistency.
• Regularly evaluate and assess information security vulnerabilities, solutions, and organizational posture.
• Assist in developing cyber security standards and procedures related to logging, monitoring and response.
• Analyze requirements and make recommendations to optimize performance of security controls.
• Collaborate with network and technology support team to enhance and improve security processes and documentation.
• Stays current with security technologies and threats and make recommendations on business value.
• On a daily basis, assess new risks and mitigate as they surface.
• Respond to IT security incidents, providing initial assessment of impact severity and types of incidents being addressed.
• Investigates any fraud and other computer issues.

AA/EOE.

Qualifications

Required:

• Bachelor's degree or equivalent work experience
• 6+ years of professional IT experience, including Cyber Security
• Must have solid knowledge of Security Operation Center (SOC), Computer Incident Response Teams (CIRTs), Risk Management in the cyber security context.
• Demonstrated success leading and/or conducting security analysis, investigations and incident response.
• Demonstrated timely task completion involving solid organizational skills, task tracking, follow-up, and productive peer interaction.
• Working knowledge of the following subjects:
  • Network (protocols, topologies)
  • Security controls (proxies, IPS, IDS, Firewall and packet analyzers)
  • Systems (Windows, Linux/UNIX)
  • Software development (development / scripting langages)
  • Incident Response
  • Threat and Vulnerability Management
• Working knowledge of Security Standards/Controls specified under various IT governance and compliance models (NIST, HIPAA, PCI, ISO 27001&27002, ITIL). This includes:
  • Applications and Systems Development Security
  • Security Management Practices
  • Access Control
  • Security Architecture and Modeling
  • Telecommunications
  • Network Security
  • Operations Security
  • Physical Security Controls
• Experience and knowledge of one of the major SIEM technologies (Logrhythm/IBM Qradar/Splunk).
• Excellent problem solving skills
• Experience in delivering formal presentations
• Excellent verbal and written communication skills

Preferred:

• Certification or courses: GIAC certifications, OSCP, Associate of (ISC)/CISSP, GSEC, GCWN, GCED or Certified Ethical Hacker a plus

Equal Opportunity

Northwestern Medicine is an affirmative action/equal opportunity employer and does not discriminate in hiring or employment on the basis of age, sex, race, color, religion, national origin, gender identity, veteran status, disability, sexual orientation or any other protected status.