PURPOSE OF THE JOB: The primary purpose of this position is to improve the security posture of BBAHC through network monitoring, incident response, vulnerability management, security awareness, and compliance-related work. The IT Security Analyst functions as a key member of the IT security team responsible for safeguarding BBAHC’s information systems, networks, and data from cyber threats, attacks, and breaches.
This role focuses on reducing risks posed by cyber threats and actors by using the holistic approach prescribed in the NIST CSF (Cyber Security Framework). As part of the IT security team this position will help: Identify and analyze vulnerabilities, threats in current technology stack, Protect by recommending, installing, operating and maintaining, countermeasures, policies, procedures, and controls, Detect exploited vulnerabilities, by monitoring, analyzing, reporting and using utilities and applications (i.e. AV) in a proactive manner, Respond to security events, incidents, and breaches as directed by the CIO and governing policy and procedures, and Recover from service outages resulting from security related exploits.
Qualifications
- Bachelor's degree in Computer Science, Information Security, or a related field.
- Professional certifications such as CompTIA Security+, CISSP, or CISM are advantageous.
- At least three years of experience in IT security roles, with progressive responsibilities and hands-on experience in security operations. Experience in a health care setting highly desired.
- Familiarity with security frameworks (e.g., NIST CSF and others, ISO 27001) and regulatory compliance requirements (e.g., GDPR, HIPAA).
- Proficiency in using SIEM tools, vulnerability scanners, and other security technologies. Stellar Cyber, SecPOD, AutoElevate, Varonis, Duo Security, Proofpoint, KnowBe4, Cylance, MS Azure/ATP, Cisco Meraki firewall experience are advantageous.
- Strong analytical and problem-solving skills, with the ability to investigate and resolve complex security incidents.
- Excellent communication and interpersonal skills for collaborating with cross-functional teams and stakeholders.
- Applied knowledge of networking protocols, systems administration, and application security best practices.
- Demonstrated understanding of cloud security concepts and practices is a plus.