Salary Range: $53.1200 - $81.6700 /hour. Actual compensation may vary based on geographic location, work experience, skill level, and education.

About Our Team

At Hoag Cyber Security, we take our job very seriously. But that doesn’t mean we have to take ourselves seriously all the time. Despite our solemn duty to protect patient and business information and the systems that process them, we can make space for fun, too! Our diverse team has a variety of eclectic interests, and we approach our work with both professionalism and humor. So, while we’re definitely looking for someone with “mad skills” (which are explained in more detail below), you’ll fit in if you also enjoy obscure pop culture references, the occasional game, good-natured ribbing and sharing hobbies.

Primary Duties and Responsibilities
The Cyber Security Analyst works to establish and maintain the corporate-wide Cyber Security program to ensure information assets are adequately protected. The Cyber Security Analyst is responsible for ensuring the confidentiality, integrity, and availability of Hoag enterprise-wide security devices. Working with the Cyber Security Operations Manager, the Cyber Security Analyst will actively drive system security assessments to identify vulnerabilities, remediation strategies, and assist system owners in implementing effective safeguards. The Analyst will conduct incident response activities from detection, analysis, remediation, and mitigation, to lessons-learned documentation.

Adheres to and maintains Hoag Cyber Security policies, procedures, and guidance. Works across organizational lines with multiple stakeholders (internal and/or external) to ensure deliverables are accurate, complete, and on time. Analyzes security events and incidents utilizing existing tool sets.

Works closely with team members and team leads for Cyber Security Incident Response activities. Proactively assesses security controls (technical, operational, procedural) for alignment with regulatory requirements (e.g., NIST CSF, HIPAA, HITRUST, PCI). Creates documentation for remediation and develops corrective action plans based on assessment findings and identified vulnerabilities. Conducts log data analysis for Cyber technologies to secure Hoag’s information and systems. This includes, but is not limited to:

- Security Information and Event Management (SIEM) tools

- Access Control

- Network Security

- Intrusion Detection / Prevention Systems

- Identity Governance and Administration

- Malware Protection

- Email Security

- Data Loss Prevention

- Cloud Security solutions

Identity Governance and Access Management (IGAM): Works with the IGAM lead to implement and enforce Multi Factor Authentication (MFA) requirements, access controls, and all facets of User Lifecycle Management (ULM). Provides recommendations to continuously improve IGAM processes and prevent end-user related issues.

This is a 24/7 department requiring work outside of normal business hours. Performs other duties as assigned.

Education and Experience
Required:

Bachelor’s degree in a relevant technical area such as Cyber Security, Computer Science, Computer Information Systems, Engineering, or related technical field, or equivalent work experience.

A minimum of four to seven (4-7) years of relevant business/industry experience. Hands-on experience with cyber security tools, process, methodologies and frameworks.Experience working incident response and cyber operations.

Ability to set priorities and meet obligations in a timely manner.

Preferred:

Master’s degree in Computer Science, Computer Information Systems, Cyber Security, Cyber Forensics, Engineering, or related technical field.

Three plus (3+) years translating business requirements and priorities into cyber security policies and procedures.
Three plus (3+) years of experience in vulnerability assessment and/or penetration testing, digital forensics, or Incident Response.

Experience in a hospital or healthcare related organization.

Incident response experience, reverse malware engineering experience, vulnerability assessment experience, red Team, blue Team, or purple team experience, threat modeling, data analytics, and use case development and digital Forensics experience preferred

Certifications Required
A minimum of one of the following: GIAC Security Essentials (GSEC), GIAC Certified Incident Handler (GCIH), or Certified Ethical Hacker (C|EH)

Certifications Preferred
GIAC Advanced Security Essentials – Enterprise Defender (GCED), Certified Information Systems Security Professional (CISSP), or equivalent.