Security Analyst I - Vulnerability Management
Select Medical - mechanicsburg, PA
Apply NowJob Description
Overview Security Analyst I - Vulnerability Management (Hybrid/On-site) ***Employer will not sponsor work visas _for this position now or in the future and is not interested in corp.-to-corp. business arrangements at this time. _* Select Medical is one of the largest operators of critical illness recovery hospitals, rehabilitation hospitals, outpatient rehabilitation centers, and occupational health centers in the United States, with more than 50,000 colleagues caring for nearly 100,000 patients every day across our care continuum. Select Medical and its parent company, Select Medical Holdings Corporation (NYSE: SEM), are based in Mechanicsburg, Pennsylvania, and honored to be recognized as one of America's Best-In-State (Pennsylvania) Employers 2020 by Forbes. The Security Analyst I - Vulnerability Management will be responsible for establishing and implementing security policies, standards and guidelines related to all information systems. The Security Analyst I - Vulnerability Management will also be responsible for conducting investigations into any alleged computer or network security compromises, incidents, or problems. Responsibilities of this position include the monitoring of compliance to HIPAA, SOX, and PCI security requirements as well as the development and maintenance of security policies and procedures. The Security Analyst I - Vulnerability Management will provide secondary support for the Information Service Department, while delivering quality customer service. TheSecurity Analyst I - Vulnerability Managementwill report directly to the Manager, Information Security. Responsibilities Performs vulnerability assessments to evaluate the security of operating systems, networks, databases, and applications. Identifies methods that could be leveraged to exploit vulnerabilities and assesses state of compensating controls to determine prioritization recommendations Evaluates system security configurations and recommends methods to improve them. Evaluates findings and performs root cause analysis Prepares and presents technical reports and briefings to leadership Leverages industry leading tools to conduct network based and Web application based vulnerability scanning. Conducts risk audits and assessments Documents processes and procedures related to vulnerability management efforts Explains facts, policies and practices related to job area. Collaborates across shared services teams to ensure the remediation of vulnerabilities Identify information protection goals and objectives within the scope of a strategic plan. This should be reviewed on an annual basis. Implement and administer security management practices and monitoring tools. Ensure platform level compliance to information security policies, standards and best practices through a security monitoring and compliance review program. Create, maintain and update disaster recovery procedures and the Configuration Management Database (CMDB) when changes in hardware or applications occur. Monitor access control logs and security violation logs. Keep abreast of "state of the art" security techniques to advise systems designers and users on security methods that best implement stated policy and standards. Lead investigation efforts into any alleged computer or network security compromises, incidents, or problems under the direction of leadership. Provide support in defining, updating and standardizing systems configurations for all applications; and thoroughly test any modifications prior to deployment to ensure disruptions to operations are not caused by those changes. Develop reports, upon request, utilizing various report-writing tools in all applications. Recognize and identify potential areas where existing policies and procedures require change, or where new ones need to be developed, especially regarding future business expansion and recommend ways to improve them to management. Monitor servers and networks to detect possible intrusion attempts. Report on any security violation related to the unwarranted access to corporate data. Ensure compliance to HIPAA, SOX, and PCI security requirements. Ensure that all applications and system related problems are resolved in a timely and efficient manner. Willingness to travel a must. Maintain awareness of the rapidly changing Select Medical environment and recommend cost efficient techniques when supporting corporate and field systems. Support the mission of and direction of Select Medical Information Services both within the department and throughout the corporation. Build team spirit by assisting and coaching other staff members. Completion of any activities, tasks, and projects as defined. Ensure all changes comply with the Change Management policies and procedures. Assist with change and problem management activities to ensure that information security concerns are incorporated into information technology development efforts. Qualifications Required: BS or BA degree in Business Systems, Computer Science, Security Risk Analysis, Cybersecurity, Information Sciences and Technology or related field or commensurate experience. In lieu of undergraduate degree, the ratio is 1:1 meaning one year of college equals one year of work experience and vice versa. Four (4) years of systems or other professional experience. Requires superior teamwork skills. Strong interpersonal and communication skills a must; ability to read, write, and speak in a professional manner. Excellent analytical and problem solving skills are essential. Must possess a personal sense of urgency. Knowledge of browser-based technology. Understanding of operating systems such as Windows and OS X/iOS. Strong understanding of HIPAA, Data Privacy, SOX, and PCI Security Regulations a plus. Understanding of applicable control frameworks including, NIST RMF/CSF, and Mitre Att&ck a plus Preferred: Ability to effectively multi-task and adapt to changing business priorities. Superior customer service skills. Proven experience making impactful contributions to successful projects. Large-scale multi-site IS operations experience. Excellent time management and organizational skills are required. Excellent attention to detail. PC Hardware and peripheral experience. Knowledge of Microsoft productivity applications. Experience with security administration and network monitoring tools. Understanding of Essential Security Business Practices. Experience with managing personal and enterprise firewalls a plus. Excellent report writing skills a plus. Healthcare experience a plus. Additional Data Select Medical and its parent company, Select Medical Holdings Corporation (NYSE: SEM), are based in Mechanicsburg, Pennsylvania, and honored to be recognized as one of America's Best-In-State (Pennsylvania) Employers 2020 by Forbes. For more information, visit or . Select Medical strives to provide our employees with a solid work-life balance, as we understand that happy employees have both fulfilling careers and fulfilling lives beyond our doors. An extensive and thorough paid orientation program. Paid Time Off (PTO) and Extended Illness Days (EID). Health, Dental, and Vision Insurance; Life insurance; Prescription coverage. A 401(k) retirement plan with a company match. Select Medical is committed to having a workforce that reflects diversity at all levels and is an equal opportunity employer. Qualified applicants are considered for employment, and employees are treated during employment without regard to race, color, religion, national origin, citizenship, age, sex, sexual orientation, gender identity, marital status, ancestry, physical or mental disability, veteran status, or any other characteristic protected under applicable law. Apply for this job ( Share this job Job ID 307323 Location US-PA-Mechanicsburg Experience (Years) 4 Category Information Systems Street Address 4714 Gettysburg Rd Company Select Medical Position Type Full Time
Created: 2024-11-02