Sr Cybersecurity Analyst

CommonSpirit Health was formed by the alignment of Catholic Health Initiatives (CHI) and Dignity Health. With more than 700 care sites across the U.S. from clinics and hospitals to home-based care and virtual care services CommonSpirit is accessible to nearly one out of every four U.S. residents. Our world needs compassion like never before. Our communities need caring and our families need protection. With our combined resources CommonSpirit is committed to building healthy communities advocating for those who are poor and vulnerable and innovating how and where healing can happen both inside our hospitals and out in the community.

The purpose of the Cybersecurity Senior Analyst position is to support the entire Cybersecurity department, enterprise staff, and vendors for CommonSpirit Health. The Cybersecurity Senior Analyst has an important responsibility to provide 24x7 threat and vulnerability triage and analysis of identity and security logs across the enterprise. This program is responsible for cyber security ticket response and investigation including preparation, documentation, workflow, operational support, and coordination with other teammates and teams, assisting with eradication and recovery, and any necessary post-incident activities. The Cybersecurity Senior Analyst also provides Incident Response support when threats are confirmed, and the organization goes into containment and eradication modes. In addition to real-time threat detection and analysis, Senior Analysts also analyze and respond to hardware and software issues and vulnerabilities as well as ensure all user reported issues to Security Operations are properly documented, managed and investigated. The Senior Analyst may also act as ‘security advisors’ to the organization and its associates, coordinate with Threat Intelligence, other Security Operations Analysts, and help teams contain or remediate cyber threats and vulnerabilities as needed. 

The Cybersecurity Senior Analyst, Security Operations position will report to the System Manager, Security Operations as part of the overall Security Operations focused on identifying, protecting, responding and containing threats and Vulnerabilities to the overall CommonSpirit organization.

• Rotating on-call
• Collaborate with internal and external stakeholders, providing leadership and support ofintermediate and advanced complexity requests during incident investigations,remediations, and projects.
• Proactively identifies and escalates security issues, risks, or operational performanceconcerns.
• Performs investigative tasks of advanced level complexity on specific incidents.
• Responsible for incident communications with affected business stakeholders,including senior management.
• Manages workload, prioritizing tasks and documenting time, and other duties asdirected by management, as well as assisting other team members.
• Partner with SIEM and anomaly detection engineers and content developers to improvedata quality and reduce false positives.
• Contribute to vulnerability scanning and alerting playbooks and patterns across avariety of technologies and with developing scripts or automation playbooks to facilitateinvestigative or create workflow efficiencies.
• Proactively identifies and drives opportunities for process improvement.
• Participates in strategy design and leads initiatives
• Acts as an escalation point for others
• Supports initiatives participating in the collection and documentation of departmentalknowledge artifacts, participates in the population of knowledge management andcollaboration systems for the Cyber Security team.
• Create reports and dashboards within a variety of security technologies and ticketmanagement tools, as needed to enhance investigations or Security Operations.
• Communicates technical information and acts as a mentor for other team members.
• Respond in a timely manner (within documented SLA) to support tickets and promptlyhandle incoming Security Operations escalation calls.
• Prepare details and/or reports, as requested, of analysis methodology and results.
• Adhere to policies, procedures, and security practices.
• Recommend and develop needed updates to Standard Operating Procedures and othersimilar documentation.
• Maintain records of reported issues, security monitoring and incident response activities, utilizing case management and ticketing technologies
• Interface with a variety of associates pertaining to reported issues or in the resolution ofsecurity events in a polite, positive, and professional manner.
• Possess and maintain a deep knowledge about the cybersecurity threatscape (andkeeping up to date with the security industry).
• Maintain and employ a strong understanding of advanced threats, continuousvulnerability assessment, response and mitigation strategies used in Cybersecurityoperations
• Pursue continuing education to grow and maintain knowledge of best practices, compliance, requirements, threats and trends in information security, translating intooperational action items, policies, procedures, standards and guidelines.
• Act as a security advocate for adherence to CommonSpirit Health policies and industrybest practices.
• Remote eligible.

The job summary and responsibilities listed above are designed to indicate the generalnature of the work performed within this job. They are not designed to contain or beinterpreted as a comprehensive inventory of all job

Qualifications:

• Bachelors preferred
• 2 or more relevant technical/professional security certifications preferred
• 4-5 years job related experience required
• 5+ years job related experience preferred

Preferred:

• Knowledge of one or more of the following: Python, Powershell, Crowdstrike, Rapid7, GCP, Splunk, CyberArk EPM