Cyber Security Analyst

Company Overview

OPKO Health is a multi-national and diversified life science corporation that owns and operates a set of businesses offering biopharmaceutical, genetic testing, laboratory diagnostics, medical device, contract manufacturing, animal, supplement and nutritional health products and services in 60 plus countries with 5,000 employees.

External Description

The Cyber Security Analyst will be a team player, dynamic and motivated with an understanding of cybersecurity risks, threats, vulnerabilities, and attack vectors.  They will continuously assess the evolving threat landscape (malware, Advanced Persistent Threat, etc.) and new technologies, solutions and services to stay ahead of them, monitor security events via SIEM, perform vulnerability and incident response functions.  Business acumen in healthcare and pharmaceutical industry, highly focused on business benefit, business writing capability along with the capability to work with all areas and levels are some of the essential non-technical parts of this position.   

Responsibilities:

• Participate in technical design reviews, integration, testing, and documentation.
• Identify threats and develop suitable defense measures, evaluate system changes for security implications, and recommend enhancements, research, and draft cyber security reports, and provide support to the operations staff for resolving cyber security issues.
• Assist in configuring Windows and Linux host-based security as well as network and cloud-based security systems.
• Support installation and configuration of network security architectures, including firewalls, switches , router ACLs, web content filters and DMZ.
• Conduct application and vendor risk assessments following HIPAA, SOX, etc.
• Maintain, configure and run pen testing and vulnerability scanning. 
• Perform root cause analysis on failed scans and security incidents.
• Monitor external vulnerabilities and interface with vendors to resolve identified vulnerabilities.
• Prepare Threat Profiles/Risk Assessments for vulnerabilities based on internal testing, CVE #, SANS, CIS, etc. as required.  A write-up of a given vulnerability describing the technical details and severity of the issue in the context of business risks and benefits.

• Assess vulnerability assessment results, audit findings and configure cybersecurity tools for remediation and ongoing compliance.
• Document security reports and work with other IT teams for effective resolution.

Experience, Skills and Education:

• 1 to 5 years’ experience.
• Experience with as many of these as possible: (1) Active Directory domains, groups, organizational units, security permissions and capabilities, (2) MS Exchange and Outlook security, (3) Mobile Device security (4) firewall, DMZ and router configurations, (5) Web services and application API security, (6) Linux configuration and security, (7) Database security configurations, (8) workstation and server security, (9) security patch management, (10) access controls, segregation of duties and conflict of interest, (11) user provisioning and controls.
• Networking experience with the TCP/IP stack, OSI model.
• Working knowledge of pen testing and vulnerability assessment tools, power shell, Java, .Net.
• Experience with HIPAA and SOX.
• Fast learner, quick thinker, multi-tasking with an excellent communication Skills – oral as well as written, and ability to work independently, time pressured environment.
• Must be hungry to learn, plan and execute. 
• CISSP, CISA or other security certification is a plus. 
• Bachelor’s degree.  Computer science or related area is a plus