ISRM Threat Analyst (Senior Consultant MIS Lvl A), EITS Security and Risk Management
Apply NowCompany: NYC Health + Hospitals
Location: New York, NY 10025
Description:
Empower Every New Yorker - Without Exception - to Live the Healthiest Life Possible
NYC Health + Hospitals is the largest public health care system in the United States. We provide essential outpatient, inpatient and home-based services to more than one million New Yorkers every year across the city's five boroughs. Our large health system consists of ambulatory centers, acute care centers, post-acute care/long-term care, rehabilitation programs, Home Care, and Correctional Health Services. Our diverse workforce is uniquely focused on empowering New Yorkers, without exception, to live the healthiest life possible.
At NYC Health + Hospitals, our mission is to deliver high quality care health services, without exception. Every employee takes a person-centered approach that exemplifies the ICARE values (Integrity, Compassion, Accountability, Respect, and Excellence) through empathic communication and partnerships between all persons.
Job Description
The EITS Threat Analyst will be responsible for identifying, investigating, and responding to security incidents, ensuring that threats are mitigated, and systems are restored to normal operations as quickly as possible. This position will perform malware analysis, collaborate and work closely with members of the ISRM team to develop innovative and effective procedures for incident response operations. The ideal candidate will work alongside other security experts to identify vulnerabilities, analyze security events, and provide recommendations for incident response improvement. Additionally, this individual should also be able to evaluate and lead implementation of complementary security tools, fine tune existing tools and develop use cases and generate detailed and summary reports, perform threat hunting on a regular basis, and assess risk and provide recommendations to improve security posture of the organization.
The EITS Threat Analyst is part of the Enterprise Information Technology Services, Information Security and Risk Management team and will work at an enterprise level to ensure a consistent delivery of information security and risk management services with focus on digital forensics and incident response (DFIR).
Duties & Responsibilities
Minimum Qualifications
1. A Baccalaureate Degree from an accredited college or university with a major in Computer Science, Systems Engineering, applied Mathematics, Business Administration, Economics/Statistics, Telecommunications, Data Communications, or a related field of study; and
2. Five (5) years of progressive, responsible experience in the field of data processing, computer systems and applications.
Operations Specialty requires supervisory experience (5 years).
Network Services requires a telecommunications background and experience.
3. Broad knowledge and expertise in the characteristics of computers, peripheral devices, communications systems and hardware capabilities, programming languages, E.D.P. applications, systems analysis methodology, data management and retrieval techniques; or
4. A satisfactory equivalent combination of training, education and experience
Department Preferences
Certification(S)/NYS Licenses/Education:
Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent work experience.
Knowledge, Skills, Abilities and other Requirements:
If you wish to apply for this position, please apply online by clicking the "Apply for Job" button.
If applying online, please include your cover letter in the same file attachment with your uploaded resume.
NYC Health and Hospitals offers a competitive benefits package that includes:
Note: Candidates selected for a position are required to come to NYC as part of their onboarding.
NYC Health + Hospitals is the largest public health care system in the United States. We provide essential outpatient, inpatient and home-based services to more than one million New Yorkers every year across the city's five boroughs. Our large health system consists of ambulatory centers, acute care centers, post-acute care/long-term care, rehabilitation programs, Home Care, and Correctional Health Services. Our diverse workforce is uniquely focused on empowering New Yorkers, without exception, to live the healthiest life possible.
At NYC Health + Hospitals, our mission is to deliver high quality care health services, without exception. Every employee takes a person-centered approach that exemplifies the ICARE values (Integrity, Compassion, Accountability, Respect, and Excellence) through empathic communication and partnerships between all persons.
Job Description
The EITS Threat Analyst will be responsible for identifying, investigating, and responding to security incidents, ensuring that threats are mitigated, and systems are restored to normal operations as quickly as possible. This position will perform malware analysis, collaborate and work closely with members of the ISRM team to develop innovative and effective procedures for incident response operations. The ideal candidate will work alongside other security experts to identify vulnerabilities, analyze security events, and provide recommendations for incident response improvement. Additionally, this individual should also be able to evaluate and lead implementation of complementary security tools, fine tune existing tools and develop use cases and generate detailed and summary reports, perform threat hunting on a regular basis, and assess risk and provide recommendations to improve security posture of the organization.
The EITS Threat Analyst is part of the Enterprise Information Technology Services, Information Security and Risk Management team and will work at an enterprise level to ensure a consistent delivery of information security and risk management services with focus on digital forensics and incident response (DFIR).
Duties & Responsibilities
- Monitor, investigate, and respond to security incidents in real-time.
- Conduct detailed forensics analysis to understand the root cause and impact of security incidents.
- Analyze network traffic, system logs, and endpoint data to identify suspicious activities or potential security threats.
- Provide timely and accurate incident reports, documenting findings and actions taken.
- Develop and execute containment strategies to minimize impact on operations.
- Collaborate with cross-functional teams to manage incidents.
Work closely with ISRM teams to identify emerging threats and vulnerabilities. - Assist in the development and improvement of incident response playbooks and Standard Operating Procedures.
- Participate in tabletop exercises, drills, and post-incident reviews to enhance preparedness.
- Maintain up-to-date knowledge of the latest cybersecurity trends, techniques, and threat actor tactics.
- Identify, develop and build scripts, tools, security content to enhance the incident investigation processes, automate where applicable
- Stay current with vulnerability information across all the products in H+H environment, maintain knowledge of the threat landscape
- Keep informed on current threats and industry regulations
- Attend regular team, management, and project meetings and provide both verbal and written reports to the Leadership Team as required.
- Develop a strong working relationship within the ISRM team to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements
- Be able to justify blocking requests for IOCs or additional security controls to staff within the ISRM team and other Enterprise IT teams
- Perform other duties as required.
Minimum Qualifications
1. A Baccalaureate Degree from an accredited college or university with a major in Computer Science, Systems Engineering, applied Mathematics, Business Administration, Economics/Statistics, Telecommunications, Data Communications, or a related field of study; and
2. Five (5) years of progressive, responsible experience in the field of data processing, computer systems and applications.
Operations Specialty requires supervisory experience (5 years).
Network Services requires a telecommunications background and experience.
3. Broad knowledge and expertise in the characteristics of computers, peripheral devices, communications systems and hardware capabilities, programming languages, E.D.P. applications, systems analysis methodology, data management and retrieval techniques; or
4. A satisfactory equivalent combination of training, education and experience
Department Preferences
Certification(S)/NYS Licenses/Education:
Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent work experience.
Knowledge, Skills, Abilities and other Requirements:
- Cyber Threat and Intelligence analysis
- Forensic and Malware Analysis
- Security Incident & Event Management (SIEM) technologies; ArcSight preferred frameworks like OWASP (Open Web Application Security Project), MITRE ATT&CK
- Good understanding of Windows and Linux patching
- Excellent writing and communication skills
- Knowledge of network and operating system security
- Utilize/understand the use of open source tools such as Nmap, Shodan, and Metasploit to identify and confirm vulnerabilities and attack surface
- Must possess a high degree of integrity and trust along with the ability to work independently as well as work as part of a fast-moving team
- Knowledge of network security architecture concepts, including topology, protocols, components, traffic flows across the network (e.g. TCP/IP, OSI, etc.)
- Experience working with operating systems (Microsoft Windows, Linux, UNIX, etc)
If you wish to apply for this position, please apply online by clicking the "Apply for Job" button.
If applying online, please include your cover letter in the same file attachment with your uploaded resume.
NYC Health and Hospitals offers a competitive benefits package that includes:
- Comprehensive Health Benefits for employees hired to work 20+ hrs. per week
- Retirement Savings and Pension Plans
- Loan Forgiveness Programs for eligible employees
- Paid Holidays and Vacation in accordance with employees' Collectively bargained contracts
- College tuition discounts and professional development opportunities
- Multiple employee discounts programs
Note: Candidates selected for a position are required to come to NYC as part of their onboarding.