Information Security Analyst
Ardent Health - brentwood, TN
Apply NowJob Description
Overview Ardent Health Services (AHS) is a national health care services company headquartered in Nashville, TN. Through its subsidiaries, Ardent owns and operates nearly 200 sites of care. Our subsidiaries own and operate hospitals and multispecialty physician practices in six states. Ardent includes 30 hospitals, 4,423 patient beds, 23,000 employees, and 1,700 employed physicians. Within the industry, we are noted for recognizing that every hospital is as unique as the community it serves. This in-depth understanding of how health care works at the local level is one of our great strengths. POSITION SUMMARY The goal of an Information Security Analyst is to identify, schedule, administer and perform assigned technical Information Security analyses functions, ensuring all applicable Information security requirements are met. This role will assist other members of the Ardent Information Security Operations team and key corporate/partner/business units in support of the AHS Company Mission and strategic business initiatives. Responsibilities Assist building the attack simulation program. Manage attack simulation software and work with other teams to enhance security posture. Assessing security configurations on personal computers, mid-range systems and enterprise networks. Monitor/analyze system and network activity, transactions and anomalies to ensure compliance with applicable laws, regulations, and industry standards, such as SOC 2, GDPR, HIPAA, PCI-DSS, and NIST. Review user access levels to ensure compliance and access justification. Participate in red/blue team activities. Routinely and proactively test information systems to perform risk or threat assessment and analysis. Assisting with interface interactions with departments, vendors, and extranet partners. Works with other business units, partners and customers to maintain secure methods of data management. Assist in designing secure internal trust domains, web access zones, B2B, B2C, third-party connections and remote access technology. Assist technology group in implementing threat detection solutions to include intrusion detection systems, malicious code and program monitoring, unauthorized technology identification, and log activity monitoring. Assess vulnerability detection solutions to include compliance testing, vulnerability scanning (including attack and penetration studies), and business and disaster recovery solutions. Perform physical security reviews and providing observation/recommendation reports. Responding to internal security incidents, as needed, and interfacing with law enforcement when necessary. Qualifications Education & Experience Required - Associates degree or equivalent technical training/experience. Reputable security certifications (Security +, GSEC, CAP, OWASP, HCISSP or CISA) are a plus Advanced certifications (CISSP, CISSP w/specialization, SSCP, GIAC, CISM) are a plus Experience with Attack Simulation tools and working knowledge of Penetration testing. Experienced in assessing and/or administering intrusion detection/prevention. ITIL familiarization or experience - managing incidents, requests, and changes. Knowledge, Skills & Abilities Working knowledge of general computing concepts (OSI reference model, multi-tiered application architecture, operating systems, etc.) Understanding of the technical components of a network infrastructure/architecture and their interactions (routing, switching, WLAN, LDAP, etc.). General knowledge of related third-party software products (firewalls, intrusion detection systems, filtering routers, VPNs, security scanners). Knowledge of network authentication services. Knowledge of static and dynamic routing protocols. Knowledge of LAN and WAN packet analyzers. Knowledge of DNS, DHCP, WINS and HSRP. Knowledge of Ethernet and virtual local area networks. Knowledge of secure virtual private networking Knowledge of common networking protocols and services and their relevant security issues (TCP/IP, DNS, SNMP, SMTP, etc.). Must have good communication skills: both oral and written. Must display the ability to be a team player and work cohesively with Ardent employees throughout all organizational levels. Must be willing to travel occasionally. Must be willing to respond to security issues 24x7.
Created: 2024-11-05