Ardent Health
Information Security Analyst, Incident Response
Ardent Health, Brentwood, Tennessee, United States, 37027
Overview
Ardent Health Services
(AHS) is a national health care services company headquartered in Nashville, TN. Through its subsidiaries, Ardent owns and operates nearly 200 sites of care. Our subsidiaries own and operate hospitals and multispecialty physician practices in six states. Ardent includes 30 hospitals, 4,423 patient beds, 23,000 employees, and 1,700 employed physicians. Within the industry, we are noted for recognizing that every hospital is as unique as the community it serves. This in-depth understanding of how health care works at the local level is one of our great strengths.
POSITION SUMMARY
The goal of an
Information Security Analyst, Incident Response
is to respond to cyber-attacks, network intrusions, and computer crimes. Incident response analyst contributes to all aspects of the incident response from initiation to conclusion. Additionally, the IR analyst performs all activities occurring during the incident following policy, procedures, and established methodologies. Participates in root cause analysis for each event and helps to define follow-up action items including recommendations. A successful candidate in this role strives to enforce Information security best practices, policies, standards, and guidance to ensure the safeguard of proprietary data, physical infrastructure and resources from internal and external threats.
Responsibilities
Monitor and act on security incidents.Follow incident response processes, procedures, and playbooks.Participates in tabletop exercises / training.Contribute to incident reports and maintain incident logs.Build / Maintain an incident response toolkit.Research and recommend solutions that meet security standards while ensuring functionality for business continuity.Assist in development of disaster recovery and contingency plans.Work closely with Threat and Vulnerability team using purple team process, procedures and exercises.Qualifications
Education & Experience:
Associates degree or equivalent cybersecurity training/experience. Preferably as SOC, IR, threat hunt or sysadmin.Knowledge of: Windows/Linux forensics, regular expressions, Powershell, Bash, Javascript, Python, SQL, Active Directory, networking protocols/flow, authentication and authorization protocolsFamiliarity of: cyber kill chain, MITRE ATT&CK/D3FEND, NIST SP 800-61, NIST SP 800-53 ISO 27001.Previous security platform experience (SIEM, EDR, email security gateway, etc.)Knowledge of common and emerging attack vectors, penetration methods, countermeasures, and remediation methods.Prioritize tasks effectively to meet project deadlines and deliverables.Passion for cybersecurity, problem solving and learning.Excellent written and oral communication skillsCTF and/or training tools (HTB) participation is a
plus .DoD 8570 IAT II or higher compliant certifications or reputable security certifications are a
plus . Examples include: GCIH, GCIA, CEH, GSEC, GCFA, GCFE, Sec+, CySA+, CCNA Sec, CCNA Cyber, blue team certifications, Microsoft certifications and other equivalents.Experienced in assessing and/or administering intrusion detection/prevention.ITIL familiarization or experience - managing incidents, requests, and changes.Knowledge, Skills & Abilities:
Federal and state laws regarding security and privacy of electronic information assets, within the context of the healthcare industry is highly preferred (e.g., HIPAA, Sarbanes-Oxley, etc.);Industry security frameworks (e.g., NIST).Solving complex problems with information technology.Ability to handle stressful situations.Ability to collaborate with IT and business departments to identify, contain, eradicate, and recover.Ability to balance the seriousness of protecting electronic information assets with the need to enable users to effectively and efficiently use systems to perform job responsibilities, while continuing to emphasize quality patient care.Strong customer service focus and ability to manage client (e.g., facility) expectations.Excellent oral and written communication skills with the ability to present and discuss technical information in a manner suitable for the audience.Must be willing to travel occasionally.Must be willing to respond to security issues 24x7 (on call).
Ardent Health Services
(AHS) is a national health care services company headquartered in Nashville, TN. Through its subsidiaries, Ardent owns and operates nearly 200 sites of care. Our subsidiaries own and operate hospitals and multispecialty physician practices in six states. Ardent includes 30 hospitals, 4,423 patient beds, 23,000 employees, and 1,700 employed physicians. Within the industry, we are noted for recognizing that every hospital is as unique as the community it serves. This in-depth understanding of how health care works at the local level is one of our great strengths.
POSITION SUMMARY
The goal of an
Information Security Analyst, Incident Response
is to respond to cyber-attacks, network intrusions, and computer crimes. Incident response analyst contributes to all aspects of the incident response from initiation to conclusion. Additionally, the IR analyst performs all activities occurring during the incident following policy, procedures, and established methodologies. Participates in root cause analysis for each event and helps to define follow-up action items including recommendations. A successful candidate in this role strives to enforce Information security best practices, policies, standards, and guidance to ensure the safeguard of proprietary data, physical infrastructure and resources from internal and external threats.
Responsibilities
Monitor and act on security incidents.Follow incident response processes, procedures, and playbooks.Participates in tabletop exercises / training.Contribute to incident reports and maintain incident logs.Build / Maintain an incident response toolkit.Research and recommend solutions that meet security standards while ensuring functionality for business continuity.Assist in development of disaster recovery and contingency plans.Work closely with Threat and Vulnerability team using purple team process, procedures and exercises.Qualifications
Education & Experience:
Associates degree or equivalent cybersecurity training/experience. Preferably as SOC, IR, threat hunt or sysadmin.Knowledge of: Windows/Linux forensics, regular expressions, Powershell, Bash, Javascript, Python, SQL, Active Directory, networking protocols/flow, authentication and authorization protocolsFamiliarity of: cyber kill chain, MITRE ATT&CK/D3FEND, NIST SP 800-61, NIST SP 800-53 ISO 27001.Previous security platform experience (SIEM, EDR, email security gateway, etc.)Knowledge of common and emerging attack vectors, penetration methods, countermeasures, and remediation methods.Prioritize tasks effectively to meet project deadlines and deliverables.Passion for cybersecurity, problem solving and learning.Excellent written and oral communication skillsCTF and/or training tools (HTB) participation is a
plus .DoD 8570 IAT II or higher compliant certifications or reputable security certifications are a
plus . Examples include: GCIH, GCIA, CEH, GSEC, GCFA, GCFE, Sec+, CySA+, CCNA Sec, CCNA Cyber, blue team certifications, Microsoft certifications and other equivalents.Experienced in assessing and/or administering intrusion detection/prevention.ITIL familiarization or experience - managing incidents, requests, and changes.Knowledge, Skills & Abilities:
Federal and state laws regarding security and privacy of electronic information assets, within the context of the healthcare industry is highly preferred (e.g., HIPAA, Sarbanes-Oxley, etc.);Industry security frameworks (e.g., NIST).Solving complex problems with information technology.Ability to handle stressful situations.Ability to collaborate with IT and business departments to identify, contain, eradicate, and recover.Ability to balance the seriousness of protecting electronic information assets with the need to enable users to effectively and efficiently use systems to perform job responsibilities, while continuing to emphasize quality patient care.Strong customer service focus and ability to manage client (e.g., facility) expectations.Excellent oral and written communication skills with the ability to present and discuss technical information in a manner suitable for the audience.Must be willing to travel occasionally.Must be willing to respond to security issues 24x7 (on call).