Combine two of the fastest-growing fields on the planet with a culture of performance, collaboration and opportunity and this is what you get. Leading edge technology in an industry that's improving the lives of millions. Here, innovation isn't about another gadget, it's about making health care data available wherever and whenever people need it, safely and reliably. There's no room for error. Join us and start doing
your life's best work.(sm)
Primary Responsibilities
- Perform monitoring and incident response of cyber security events as part of a highly available Security Operation Center (SOC)
- Create and review alerts generated by the SIEM for false positives, modify and optimize alerts as needed to reduce noise
- Develop and follow detailed operational processes, procedures and playbooks to appropriately analyze, escalate and assist in the remediation of information security related incidents
- Work closely with Digital Forensics, Engineering, Product departments to remediate security related issues and incidents
- Develop deep expertise regarding the Splunk or any other SIEM platform
- Assist in the administration, maintenance and optimization of the Splunk or any other SIEM platform
- Develop advanced queries and alerts to detect adversary actions
- Contribute to incident and root cause analysis reports
- Research and educate self on existing and emerging cyber-attacks that could impact the Organizations
- Perform threat hunting and malware analysis
- Research and explore the enrichment and correlation of existing data sets to provide deep threat analysis
- Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so
Required Qualifications
- Minimum of 0 - 2 years of prior experience as a SOC Analyst
- Prior experience with core security technologies (firewalls, IDS / IPS, HIPS, proxies, vulnerability scanners, AV, etc.)
- Work experience in Linux and/or Windows operating system administration and configuration including Active Directory
- Demonstrable working knowledge of TCP / IP and general networking
- Strong proficiency in written and spoken English
- Strong leadership and interpersonal skills
- Ability to read, investigate, evaluate and interpret security related logs from disparate sources
- Ability to summarize relevant security related alerts and incidents for consumption by tier III escalation team as well as other departments
- Capable to work in 24/7 shifts
- Available on call during weekends and off hours
Preferred Qualifications
- Relevant certifications such as CEH, OSCP, CompTIA Security+, CompTIA Analyst, Splunk Fundamentals
- Bachelor's or Associate degree in Information Technology, Computer Science Engineering
- Working knowledge of Splunk / or any other SIEM tools
- Knowledge of Scripting language for automating tasks (Ex: Python, Bash, PowerShell)