Sr. Security Analyst (DLP)

Memorial Hermann Health System•Salt Lake City, UT

21h•Onsite

About The Position

Position is responsible for in-depth security administration which includes research, design, installation, testing, configuration, implementation, troubleshooting, and maintenance of security systems and services. A Senior Security Analyst collaborates with application owners, project managers, vendors, and end-users to provide design and administrative services. The Senior Security Analyst is a hands-on cybersecurity role responsible for protecting sensitive data with a strong focus on Data Loss Prevention (DLP), incident response, and security program development in a large, regulated environment. This position involves identifying and classifying sensitive data, monitoring and preventing data loss, responding to security incidents, and tuning tools to improve detection accuracy while reducing false positives. The role requires a solid foundation in cybersecurity tools and networking, as well as the ability to conduct risk assessments, implement security controls, and support compliance with regulations such as HIPAA. The ideal candidate is both technical and strategic, capable of building and improving security processes, working cross-functionally, and contributing to the overall maturity of the organization’s security program.

Requirements

Bachelors degree preferred or equivalent experience
Four (4) years experience in information security and/or IT auditing
One (1) years of recent work experience in providing security solutions to large network environment (15,000+ node network)
Strong knowledge of security tools including firewalls, IPS, IDS, encryption, SEIM, vulnerability scanners and other security tools
Three (3) years of at least one security tool(s) technology at an in-depth level (firewalls, IPS, IDS, encryption, SEIM, vulnerability scanners, content filtering)
Strong understanding of the conceptual basics of all topologies and protocols in the OSI model
Strong understanding of Active Directory, networking and database systems
Strong understanding of risk assessment processes and procedures
Record of participating in designing, configuring, troubleshooting and maintaining new security processes and security technologies. (firewall, IPS, IDS, content filtering deployments, Snort, eEye Retina, Nessus, nMap, zixMail or McAfee Endpoint Encryption suite)
Record of participating in information system risk assessments either technical or procedural
Record of developing and implementing information security policies and procedures
Intermediate knowledge of hubs, switches, and routers
Basic knowledge and work experience with Cisco network devices (L2 and L3), large scale ACL management, Microsoft Windows, Unix/Linux, intrusion prevention systems (IPS), application and packet inspection firewalls and denial of service (DoS) technologies
Experience with analyzing and troubleshooting network sessions using sniffer tools such as tcpdump, snoop and WireShark
Demonstrated pattern of growth in ability to lead others
Knowledge of Federal and State security regulation – HIPAA/PCI/HITECH/etc.
Current knowledge of security threats, attack methodologies, security principles, best practices, and evasion techniques
Excellent planning, documentation and organizational skills
Excellent problem solving skills
Possess good communication and interpersonal skills to work successfully in a team environment
Strong customer service skills

Nice To Haves

At least one (1) active security certification (example: CISSP, GIAC, CISA, CISM) – PREFERRED

Responsibilities

Leads in the research, installation, configuration, implementation, troubleshooting and maintenance of security systems and services.
Leads in performing risk assessment of information assets including: information systems, biomedical systems and data centers.
Develops new and improves upon existing information security risk assessment methodologies.
Perform policy reviews and updates information security policies and identifies new policy requirements.
Leads in implementing controls and procedures to protect information systems from unauthorized or accidental modification, disclosure, or destruction, under the guidance of Senior/Lead Security Analysts or Management.
Provides unassisted support to application owners, project manager, vendors, and end-users.
Works on teams and provide task completion for all levels of projects.
Accountable for meeting and setting project timelines.
Recommends technical and documentation standards.
Responsible for designing and planning of advanced security systems or services.
Provides guidance and mentoring to Security Analyst(s)
Provide status updates to Information Security management on the results of risk assessments.
Researches and makes recommendations regarding the acquisition of new security tools and technology.
Responsible for covering a 7x24 shift of on call support rotating which is rotated weekly among the Information Security Risk Management team.
Ensures safe care to patients, staff and visitors; adheres to all Memorial Hermann policies, procedures, and standards within budgetary specifications including time management, supply management, productivity and quality of service.
Promotes individual professional growth and development by meeting requirements for mandatory/continuing education, skills competency, supports department-based goals which contribute to the success of the organization; serves as preceptor, mentor, and resource to less experienced staff.
Demonstrates commitment to caring for every member of our community by creating compassionate and personalized experiences.
Models Memorial Hermann’s service standards by providing safe, caring, personalized and efficient experiences to patients and colleagues.
Other duties as assigned.