Service Operation Center Analyst I - Security - Hybrid Work
Weill Cornell Medicine is dedicated to ensuring the secure operation of its systems. The Service Operation Center Analyst I will work closely with the security engineering team to develop procedures and solutions to enhance security operations and improve the incident response process.
Responsibilities
- Fosters close working connections with staff and management to ensure the secure operations for WCM applications and infrastructure while acquiring and retaining comprehensive working knowledge of all infrastructure and related systems
- Assists with day-to-day operations of security systems including, but not limited to, Splunk, CrowdStrike, Duo Security, BeyondTrust, Palo Alto, Dell Data Protection, Proofpoint, Security Onion, bro, and others
- Develops/maintains metrics and reports in Splunk related to WCM’s IS posture, including vulnerability management, incident alerting and response, intrusion detection/prevention, data loss prevention, encryption, and endpoint and mobile device security
- Assists in vulnerability management process and compliance, including threat analysis, vulnerability scanning, mitigation, and reporting
- Maintains a strong understanding and documentation of WCM’s security systems, their implementations, customizations, and operational procedures
- Monitors and defines events for our security event and incident management (SEIM) and log management platform, Splunk Enterprise Security
- Assists with data acquisitions, electronic discovery, and forensic investigations
- Performs security operational work in compliance with defined SLAs and operational level agreements, including firewall change requests, security operational inquiries, security incident reviews, user account management, and other operational processes
- Performs other related duties as assigned
Skills
- Bachelor's Degree
- Information security certifications, such as Security+, CEH, GIAC, SSCP
- Basic understanding of the legal aspects of data acquisitions and electronic discovery
- Strong conceptual thinking, verbal, and communication skills
- Strong understanding of logging or security event and incident management systems, such as Syslog, Splunk, etc
- Experience using security tools, such as Metasploit, nmap, Kali, Backtrack Linux, Wireshark, netcat, etc
- Responds to alerts generated by our security event and incident management (SEIM) and log management platform, Splunk Enterprise Security
- Basic understanding of a variety of incidents and attack vectors, such as network intrusions, web-based attacks, malicious emails, root- and user-level compromises, malware, botnet infections, and other anomalous activity
- Fluency in navigating and using Mac OS X, Red Hat Linux, and/or Windows operating systems
- Ability to create and present diagrams and reports for technical and non-technical audiences
- Excellent written and verbal communication skills, on both technical and non-technical topics
- Ability to produce professional-level documentation and reporting using Microsoft Office
- Ability to think outside the box in terms of designing systems and solutions
- Ability to think critically and make decisions independently
- Ability to deliver under tight deadlines and work off-hours as needed
- Must be able to work in a very demanding and high-pressure environment
- Ability to promote and maintain a favorable and positive work environment for oneself and others to assist in the overall mission of the medical college and hospital
Company Overview