Threat Intelligence Analyst 1

Banner Health•Phoenix, AZ

1d•Onsite

About The Position

Banner Health was named to Fortune’s Most Innovative Companies in America 2025 list for the third consecutive year and named to Newsweek's list of Most Trustworthy Companies in America for the second year in a row. We’re proud to be recognized for our commitment to the latest health care advancements and excellent patient care. The Cybersecurity team at Banner Health plays a critical role in protecting our organization's vast network of healthcare facilities, patient data, and critical infrastructure across our system. As part of the Cyber Security division, the Cyber Threat Intelligence function serves as Banner Health's early warning system, proactively identifying, analyzing, and mitigating emerging cyber threats before they can impact our operations or compromise sensitive patient information. Our team works collaboratively with IT Security Operations, Incident Response, and Risk Management teams to ensure Banner Health maintains a robust security posture that safeguards both our clinical systems and the Protected Health Information (PHI) of the patients we serve. In this role, you'll be instrumental in supporting Banner Health's mission by ensuring our healthcare delivery systems remain secure, available, and resilient against evolving cyber threats. As a Cyber Threat Intelligence professional at Banner Health, your day will be dynamic and impactful. You'll start by monitoring threat intelligence feeds and analyzing emerging threats relevant to the healthcare sector, identifying potential risks to Banner's infrastructure and operations. Throughout the day, you'll collaborate with cross-functional security teams to assess vulnerabilities, develop threat reports, and provide actionable intelligence that informs our security strategy. You'll investigate suspicious activities, correlate threat indicators, and contribute to incident response efforts when threats are detected. The ideal candidate will possess strong analytical skills, experience with threat intelligence platforms and frameworks (such as MITRE ATT&CK), understanding of healthcare-specific threats and compliance requirements, and the ability to translate complex technical findings into clear, actionable recommendations for both technical and non-technical stakeholders. This position offers the opportunity to make a real difference in protecting patient care and organizational operations in one of the nation's largest nonprofit healthcare systems.

Requirements

Bachelor's degree in Computer Science, Information Security, Information Systems, or related field.
Four to six years of experience in enterprise-scale information security engineering, preferably in healthcare.
One to three years of experience in a healthcare environment or an equivalent combination of relevant education, technical, business, and healthcare experience.
Experience with IT operations, automation of cybersecurity processes, coding and scripting languages.
Ability to document cybersecurity processes and use case development.
Experience with assessing cyber products, including vendor selection, defining requirements, and contractual documentation development.
Experienced in planning, designing, and implementing cybersecurity solutions.
Experienced in operating, maintaining, implementing, upgrading, and lifecycle management of cybersecurity solutions.
Proficient understanding of regulatory and compliance mandates, including but not limited to HIPAA, HITECH, PCI, Sarbanes-Oxley.
Advanced knowledge of Security Engineering Principles, including risk management, resilience, vulnerability management, Information Security, NIST, MITRE ATT@CK, etc.
Expertise in Cyber products supporting Data Loss Prevention, EDR, AntiVirus, Perimeter services, Threat systems, cyber platform analytics, SIEM, CASB, CLOUD Security, etc.
Requires independent judgment, critical decision making, excellent analytical skills, with excellent verbal and written communications.
Ability to think quickly under difficult or complex conditions and clearly communicate to appropriate staff.
Ability to balance project workloads with customer support and on-call demands.
Must demonstrate knowledge of information technology and information security principles and practices.
Requires communication and presentation skills to engage technical and non-technical audiences.
Requires ability to communicate and interact across facilities and at various levels.
Skills to mentor less experienced team members.

Nice To Haves

Certification in two or more of the following areas: Systems Security Certified Practitioner (SSCP), HealthCare Information Security & Privacy Practitioner (HCISPP), CompTIA Security+, Certified Information Systems Security Professional (CISSP) – Engineering (ISSEP), Certified Ethical Hacker (CEH), SANS GIAC, or Certified Information Systems Auditor (CISA).
Three plus years as a System Administrator, Security Operations or in IT Operations.
Three plus years in risk management or GRC experience in the healthcare/medical environment.
Three plus years’ experience in a healthcare environment or an equivalent combination of relevant education, technical, business and healthcare experience.
Additional related education and/or experience preferred.

Responsibilities

Designs, develops, configures, implements, tunes, and maintains solutions for cybersecurity threat & vulnerability management, identity management, security operations center, forensics, and data protection.
Works with Cybersecurity Architects to execute strategic cyber initiatives.
Evaluates security components of the network, applications, and end-user devices.
Provides guidance to ensure new systems meet regulatory and technical standards.
Participates in root-cause analysis efforts to determine improvement opportunities when failures occur.
Manages Cyber systems, ensuring they are tuned, on the current release, and manages appropriate change management across the IT organization and the business.
Leads in the design and implementation of cybersecurity solutions.
Leads in providing technical expertise and support for cybersecurity solutions, including operational aspects of the software, hardware, network/firewall.
Leads in the design, implementation, and compliance of secure configurations for applications and infrastructure components.
Leads in technical assessments of systems and applications to ensure compliance with policy, standards, and regulations.
Leads in the ongoing evaluation and development of security policies and procedures. Leads the revision of policies and procedures, as needed.
Serves as technical lead of cybersecurity projects, including the development of project scope requirements, cybersecurity product implementation, tuning, and operational support model creation.
Responsible for cybersecurity across multiple departments system-wide and requires interaction at all levels of staff and management.
Works closely on cross-functional IT Teams.