Fortified Health Security
Senior Threat Defense Analyst
Fortified Health Security, Brentwood, Tennessee, United States, 37027
People who do great work deserve great support. That's why we care about building a culture of flexibility, learning, and belonging. Our goal is to help you be the best 'you' that you can be, both inside and outside of work. That isn't just good for youit's good for the people you love, too. Your best work starts here. We're excited about where it may take you!
Job SummaryThe Fortified Threat Defense Center provides 24x7x365 managed security services for healthcare customers. Members of the Threat Defense team are responsible for monitoring and alerting on key security technologies within each customer environment, identifying security events, performing analysis, creating new and fine-tuning existing detection rules, and integrating with client's incident response activities. In this role, the Senior Threat Defense Analyst will monitor, detect, analyze, and report on security alerts discovered within Fortified Health Security's customer infrastructures. They will monitor various security technologies within these environments and report all investigated and validated findings to the proper customer in accordance with the approved communication plan.
Essential Job FunctionsThe following duties are normal for this position. The omission of specific statements of duties does not exclude them from being expected of this position if the work is similar, related, or a logical assignment for this position. Other duties may be required.Partner with clients on service delivery execution of all LOBs including but not limited to:
Managed SIEM, Phishing, EDR, IoMT, & DLP
Create, maintain, and mature Standard Operating Procedures (SOPs) and training documentation.Mentor, coach, and audit the activities of level I and II analysts.Perform advanced incident investigation.Ability to take lead on incident research when appropriate.Present alerts, metrics, and remediation tasks to customers via approved communication plans.Work with team members and manager to continually improve security services.Proactively and iteratively search through logs to detect advanced threats that are unknown to the current security solutions.Exercise multi-tasking skills by managing events in multiple systems, applications, and other priorities.Respond to incidents and client requests in a timely and professional manner.Generate end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty.Remain up to date on latest security threats and events.Create advanced rules based on latest security threats and events.Act as the SME for all technology used in service delivery.Improve skillset through training & certification acquisition.All other duties and responsibilities as assigned.Knowledge & SkillsEducation & Experience
4+ years' hands-on experience with security tools such as scanners, monitoring and detection, malware protection, security analysis tools and compliance tools (both network and host-based solutions).4+ years' technical experience in the security aspects of multiple computer platforms, operating systems, products, network protocols and system architecture or equivalent training and knowledge through education.Significant experience managing cases with enterprise SIEM and EDR systems.4+ years of direct InfoSec experience and/or a bachelor's degree in CS / MIS preferred.Special Skills & Knowledge
Intermediate understanding of the following subject matters/skills:
Incident Response, Team building, Motivating, Arbitration & Consensus, Compliance Frameworks (NIST, HIPAA, HITRUST, PCI)
Proficient understanding of the following subject matters/skills:
Incident response, relationship management, technical presentation, detection & suppression rule management, scripting (Python, Bash, PowerShell), attack frameworks, documentation, written and verbal communication, security platform health management, security platform log analysis, Linux OS & events, Windows OS & events, & healthcare operational knowledge
Common detection tools & attack techniques in the following areas:
Endpoint securityUser securityNetwork securityCloud securityData security
Proficient understanding of network security concepts and defense in depth.Proficient understanding of security incident and event management (SIEM), log analysis, network traffic analysis, malware investigation/remediation, SIEM correlation logic and alert generation.Advanced understanding of the following subject matters/skills:
Attack frameworks, written and verbal communication, security platform health management, security platform log analysis, healthcare operational knowledge, endpoint security knowledge, user security knowledge, network security knowledge, cloud security knowledge, data security knowledge, advanced documentation
Demonstrated ability to analyze, triage and remediate security incidents.Advanced knowledge of current threat landscape (threat actors, APT, cyber-crime, etc.).Advanced understanding of OSI model, network protocols and information security concepts.Licenses, Certifications, etc.
Security Certifications such as SANS, ISC2, GIAC or Cisco are a PLUS.Security Certifications such as CompTIA Security +, SANS, ISC2, GIAC or Cisco are a PLUSWorking Conditions & Travel Requirements
Hybrid Position. Needed in our Brentwood, TN office up to 3 days a week.
Job SummaryThe Fortified Threat Defense Center provides 24x7x365 managed security services for healthcare customers. Members of the Threat Defense team are responsible for monitoring and alerting on key security technologies within each customer environment, identifying security events, performing analysis, creating new and fine-tuning existing detection rules, and integrating with client's incident response activities. In this role, the Senior Threat Defense Analyst will monitor, detect, analyze, and report on security alerts discovered within Fortified Health Security's customer infrastructures. They will monitor various security technologies within these environments and report all investigated and validated findings to the proper customer in accordance with the approved communication plan.
Essential Job FunctionsThe following duties are normal for this position. The omission of specific statements of duties does not exclude them from being expected of this position if the work is similar, related, or a logical assignment for this position. Other duties may be required.Partner with clients on service delivery execution of all LOBs including but not limited to:
Managed SIEM, Phishing, EDR, IoMT, & DLP
Create, maintain, and mature Standard Operating Procedures (SOPs) and training documentation.Mentor, coach, and audit the activities of level I and II analysts.Perform advanced incident investigation.Ability to take lead on incident research when appropriate.Present alerts, metrics, and remediation tasks to customers via approved communication plans.Work with team members and manager to continually improve security services.Proactively and iteratively search through logs to detect advanced threats that are unknown to the current security solutions.Exercise multi-tasking skills by managing events in multiple systems, applications, and other priorities.Respond to incidents and client requests in a timely and professional manner.Generate end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty.Remain up to date on latest security threats and events.Create advanced rules based on latest security threats and events.Act as the SME for all technology used in service delivery.Improve skillset through training & certification acquisition.All other duties and responsibilities as assigned.Knowledge & SkillsEducation & Experience
4+ years' hands-on experience with security tools such as scanners, monitoring and detection, malware protection, security analysis tools and compliance tools (both network and host-based solutions).4+ years' technical experience in the security aspects of multiple computer platforms, operating systems, products, network protocols and system architecture or equivalent training and knowledge through education.Significant experience managing cases with enterprise SIEM and EDR systems.4+ years of direct InfoSec experience and/or a bachelor's degree in CS / MIS preferred.Special Skills & Knowledge
Intermediate understanding of the following subject matters/skills:
Incident Response, Team building, Motivating, Arbitration & Consensus, Compliance Frameworks (NIST, HIPAA, HITRUST, PCI)
Proficient understanding of the following subject matters/skills:
Incident response, relationship management, technical presentation, detection & suppression rule management, scripting (Python, Bash, PowerShell), attack frameworks, documentation, written and verbal communication, security platform health management, security platform log analysis, Linux OS & events, Windows OS & events, & healthcare operational knowledge
Common detection tools & attack techniques in the following areas:
Endpoint securityUser securityNetwork securityCloud securityData security
Proficient understanding of network security concepts and defense in depth.Proficient understanding of security incident and event management (SIEM), log analysis, network traffic analysis, malware investigation/remediation, SIEM correlation logic and alert generation.Advanced understanding of the following subject matters/skills:
Attack frameworks, written and verbal communication, security platform health management, security platform log analysis, healthcare operational knowledge, endpoint security knowledge, user security knowledge, network security knowledge, cloud security knowledge, data security knowledge, advanced documentation
Demonstrated ability to analyze, triage and remediate security incidents.Advanced knowledge of current threat landscape (threat actors, APT, cyber-crime, etc.).Advanced understanding of OSI model, network protocols and information security concepts.Licenses, Certifications, etc.
Security Certifications such as SANS, ISC2, GIAC or Cisco are a PLUS.Security Certifications such as CompTIA Security +, SANS, ISC2, GIAC or Cisco are a PLUSWorking Conditions & Travel Requirements
Hybrid Position. Needed in our Brentwood, TN office up to 3 days a week.