Protects PeaceHealth against cyberattack and cybercrime. Analyzes cyber events to identify threats and takes defensive action. Performs cyber investigation and digital forensics. Analyzes data from information technology and cyber defense tools, and actively monitors network activity to thwart potentially damaging activities. Develops cyber security tools and processes in conjunction with other departments.
- Analyzes data from information technology and cyber defense tools, such as endpoint protection, intrusion detection, security event monitors and secure proxies, to identify potential threats and defend PeaceHealth against all forms of cyber deception and attack. Actively monitors network activities to thwart potentially damaging activities.
- Protects PeaceHealth's information, information systems, networks and all related people by analyzing public and private information sources to develop effective defensive techniques. Assists and leads efforts to remediate vulnerabilities based upon past history and works to predict the types of attacks most likely to occur in the future.
- Engineers and implements new information security systems and controls, to deliver risk-prioritized solutions to pressing cybersecurity problems.
- Implements security response automation, integrating various information and cyber defense tools using scripting languages such as PowerShell and Python to create fast, intelligent responses to common and/or critical cyber incidents.
- Maintains and administers tools used to defend PeaceHealth against cyberattack and data loss.
- Participates in the development of plans and techniques to mitigate vulnerabilities and improve defenses. Actively participates in developing the goals, strategy and methodologies of the PeaceHealth cyber defense program in alignment with the overall Information Security program strategy.
- Performs other duties as required or assigned.
- Bachelor's Degree in Computer Science, Healthcare Information Technology, or relevant field preferred. Equivalent knowledge, training, education, and/or experience may substitute for degree.
EXPERIENCE / TRAINING:
- Five years information security experience required.
- Direct experience securing cloud-based Microsoft offerings highly preferred.
- Technical experience in a multi-datacenter environment with critical, non-stop enterprise applications running in virtual server environments is highly preferred.
- Health Information experience preferred.
LICENSE / CERTIFICATION:
- GCIH preferred
- GCFA preferred
- CompTIA CASP preferred
- GPEN preferred
- GSEC – GIAC Security Essentials preferred
- CEH – Certified Ethical Hacker preferred
KNOWLEDGE / SKILLS /
- Knowledge of endpoint protection, intrusion detection, security event monitors, secure proxies, firewalls and other security devices/tools.
- Knowledge of incident response methodologies.
- Knowledge of hardware and operating systems.
- Knowledge of cyber threats and vulnerabilities.
- Knowledge of adversarial tactics and techniques.
- Knowledge of cybersecurity, ethics and privacy principles, along with related regulatory requirements.
- Knowledge of IAM technologies (Directories, SSO, SCIM, etc.)
- Ability to collect and analyze data to guide decision making.
- Ability to interpret the information collected by network tools, such as Traceroute, Ping, packet captures, etc.
- Ability to analyze and categorize vulnerabilities in information systems.
- Ability to organize, standardize, and manage detailed information.
- Ability to work collaboratively and effectively in and between teams.
- Ability to prioritize, managing multiple competing work efforts.
- Strong self-motivation.