Job Summary
The Fortified Threat Defense Center provides 24x7x365 managed security services for healthcare customers. Members of the Threat Defense team are responsible for monitoring and alerting on key security technologies within each customer environment, identifying security events, performing analysis, creating new and tuning existing detection rules, and integrating with client’s incident response activities. In this role, the Threat Analyst 2 will monitor, detect, analyze, and report on security alerts discovered within Fortified Health Security’s customer infrastructures. The Threat Analyst 2 will monitor various security technologies within these environments and report all investigated and validated findings to the proper customer in accordance with the approved communication plan.
Essential Job Functions
The following duties are normal for this position. The omission of specific statements of duties does not exclude them from being expected of this position if the work is similar, related, or a logical assignment for this position. Other duties may be required.
Partner with clients on service deliveryexecution of all LOBs including but not limitedto:
Managed SIEM,Phishing, EDR, IoMT, & DLP
Perform and document initialincident investigations.
Present alerts,metrics, and remediation tasks to customers via approved communication plans.
Work with associates to continually improvesecurity services throughproduct tuning and maturity.
Proactively and iteratively searchthrough logs to detect advancedthreats that are unknownto the current security solutions.
Exercise high-level multi-tasking skills by managingevents in multiplesystems, applications, and other priorities.
Respond to incidents and client inquirestimely and professionally.
Generate end-of-shift reports for documentation and knowledge transferto subsequent analystson duty.
Remain up to date on latestsecurity threats and events.
Monitor the “health” of key technologies during their shift.
Intermediate/Advanced level understanding of the following subject matters:
Incident Response,Analytical Intelligence, PlaybookManagement, Relationship Management, Technical Presentation, Detection& Suppression Rule Management, Scripting (Python, Bash, PowerShell), Compliance Frameworks (NIST,HIPAA, HITRUST, PCI)
Advanced level understanding of the following subject matters:
Attack Frameworks, Troubleshooting & Root Cause Analysis, Advanced Documentation, Emotional Intelligence, Written and Verbal Communication, SecurityPlatform Health Management, Security Platform Log Analysis, Linux OS & Events, WindowsOS & Events,Healthcare Operational Knowledge, Endpoint Security Knowledge, Tools, & Best Practices, User Security Knowledge, Tools, & Best Practices, Network Security Knowledge, Tools, & Best Practices, Cloud Security Knowledge, Tools, & Best Practices, Data Security Knowledge, Tools,& Best Practices
Fluent with intrusion detection/prevention systems,firewalls, endpoint detection & response systems,anti-virus systems, DLP, vulnerability management, creating and managing phishing campaigns, and cloud infrastructure.
Solid understanding of network securityconcepts and defensein depth.
Knowledge of security incidentand event management (SIEM), log analysis,network traffic analysis,malware investigation/remediation, SIEM correlation logic and alert generation.
Demonstrated abilityto analyze, triageand remediate securityincidents.
Advanced knowledge of current threatlandscape (threat actors,APT, cyber-crime, etc.).
Solid understanding of OSI model, network protocolsand information securityconcepts.
Knowledge & Skills
Education & Experience
2+ years of directInfoSec experience and/oran Associate’s degree in CS / MIS preferred.
2+ years hands on experience with security tools such as scanners, monitoring and detection, malware protection, securityanalysis tools and compliance tools (both networkand host-based solutions).
2+ years' technical experience in the security aspects of multiple computer platforms, operating systems, products, networkprotocols and systemarchitecture or equivalent training and knowledge through education.
Special Skills & Knowledge
Ability to understand SIEM correlation rules and corresponding alerts.
Understanding of configuration and development of processes, procedures and practices for enterprise security systems,
Prior experience and ability to demonstrate configuring SIEM applications / devices (ie. QRadar, Splunk, LogRhythm, McAfee, AlienVault).
Capable of communication with clients via conference calls and/or emails to review and discuss alert data and securityreport findings.
Familiarity with MS Office.
Strong understanding of TCP/IP, including IPv4 subnetting.
Intermediate understanding of firewalls, IDS/IPS,antivirus, syslog, VPN, RDP, SSH and Telnet.
Proficient abilityto run and troubleshoot PowerShell / BASH / Python scripts.
Security Certifications such as CompTIASecurity +, SANS,or CISCO are a PLUS.
Ability to document and communicate in a clear,concise, and effectivemanner.
Intermediate/Advanced understanding of compliance frameworks (i.e., NIST, HIPAA, HITRUST,PCI).
Licenses, Certifications, etc.
N/A
Requirements
Supervisory Responsibility
N/A
Working Conditions & Travel Requirements
Hybrid schedule in our Brentwood, TN office (2-3 days)
Fortified Health Security is an Equal Opportunity Employer. In compliance with the Americans with Disabilities Act, Fortified Health Security will provide reasonable accommodations to qualified individuals with disabilities. If a reasonable accommodation is needed to perform this position, you need to inform Fortified Health Security People and Culture Team of such request. Signatures below indicate the receipt and review of this job description by the associate assigned to the position and the People and Culture Team.

Threat Defense Analyst L2

Similar Analytics Jobs

Experienced Analyst, QC

Concept and Edit Analyst, Data Mining

QA Analyst

Analyst, Capital Governance & Data Management

Senior Actuarial Analyst, TD Insurance Analytics and Model Risk Oversight

Actuarial Analyst I