InfoSec Operations Security Analyst

Planned Parenthood Federation of America (PPFA) is the national umbrella organization for the nation’s leading network of women’s health care providers, educators, and advocates, serving women, men, teens and families. For over 100 years, Planned Parenthood has done more than any other organization in the United States to improve women’s health and safety, prevent unintended pregnancies, and advance the right and ability of individuals and families to make informed and responsible health care decisions. Planned Parenthood Action Fund (PPAF) is the advocacy and political arm of PPFA. 
Planned Parenthood Federation of America (PPFA) seeks a dynamic and effective Senior Specialist, Information Security Analyst. This job reports to the Senior Director of Security Operations in the Information Security department of PPFA. The Office of Information Security provides the strategy and implementation of the information security program that safeguards the systems, applications and data entrusted to Planned Parenthood by its patients, supporters, donors and staff.
Purpose : This position provides advanced security monitoring, event investigation and analysis, and countermeasure proposals on a 24x7 basis along with providing support and guidance to Tier I Analysts, and is responsible to directly interface with the Managed Security Service Provider (MSSP) and IT Managed Service Provider (MSP). Additionally, the position is tasked with the identification, implementation, and maintenance of Information Security tool sets protecting the organization, and in supporting the Information Security needs of Planned Parenthood Affiliates as assigned and required. Delivery : The delivery of services from this role are critical to supporting the National Office and the Federation from an Information Security perspective. This factor focuses on the execution of work and the role on the team for supporting business/operational functions.
■ Security Monitoring - Provide security monitoring, threat/risk analysis in a 24/7 environment ○ Monitoring - Observe, audit, and protect all devices, including servers, laptops, desktops, mobile devices, and removable media that connects to the Planned Parenthood network or is utilized by Planned Parenthood staff and Affiliates as assigned. Ensure all tickets are handled whether internally or through the MSSP VSOC and that there is proper communication between the parties. ○ Threat Intelligence – Monitor Information Security tools, vendor alerts, websites and periodicals for threat alerts, identify potential impact, escalate as necessary to management, and take action as appropriate. ○ Event Detection - Monitor and ensure established, documented processes for event detection are followed, and provide overall guidance to Tier I analysts, ensuring all alerts and incidents are addressed timely and handled thoroughly through to completion, including: ■ Receipt of Security Alerts (and Operational Health Alerts from Security Devices) from security tools for monitored devices and associated technology ■ Acknowledge receipt of the event by following stated processes by opening new service desk tickets, or update existing tickets, in order to track event handling through its lifecycle to resolution and closure, as well as assignment of the event ticket to the appropriate owner. ○ Event Filtering – Monitor & ensure established processes for identification of events are followed and where required make recommendations for new or refined event filtering to better match the business requirements and eliminate “noise” in alerting, ensuring all updates are completed. ○ Event Investigation & Assignment – Monitor & ensure established processes are followed for collecting relevant data and performing the necessary levels of analysis on that data occur. Ensure events are assigned appropriately. ● Tier II Event Escalations - Follow an established process for handling Tier II escalations, identifying the source of the escalation (MSSP, MSP, Affiliate or other) and the appropriate triage and documentation processes required. ● Event Analysis ○ Identify source of escalation, validate event is at a Tier II level, if verified begin triage documentation ○ Collect and analyze event information, plan next level of triage, escalate as necessary and appropriate ○ Review and analyze raw logs, internal security tool and external data, continue analysis while providing additional insight into escalations as relevant / critical data is identified ○ Review raw log data from various security platforms and provide analysis and trending intel. ○ Report on recurring problems and issues discovered during the course of your duties developing trending scenarios for incidents at national office and Affiliates ● IR Escalations ○ Determine if event meets IR requirements & escalate, if appropriate, to management and the MSSP ○ Initiate & participate in IR process as assigned ○ Ensure all activities and findings are documented as per IR requirements ○ Ensure all data and assets are maintained and preserved for IR use, along with documenting chain of custody. ● Event closure - Follow established process to ensure that resolution criteria are met before closing tickets. ○ Resolve assigned events / tickets within the approved timeframe and updating tickets with notes upon resolution ○ Ensure all parties are communicated with when completing final documentation and closing tickets. Deal with any remaining open issues raised and close event / ticket. ● Manual Health Checks - Follow established and approved processes for performing scheduled health checks on applicable security tools. ● Enterprise Security Management & Trends ○ Participate in the identification, implementation and maintenance of Information Security tools, trends and best practices ○ Define, recommend & assist in implementing enterprise security protocols, including but not limited to encryption standards, DLP, workstation lockdown standards, dual factor authentication, PAM, Email, Network and IAM protocols ○ Trend, manage and tune security monitoring and alerting solutions ○ Provide alerts trend analysis and Metrics recommendations ○ Generate “Use Cases” for implementation in SIEM & other security tools ○ Assist in creating and maintaining Standard Operating Procedures (SOPs) for the Information Security Ops group ○ Provide assistance as assigned on more complex security tool specific tasks with the assistance and guidance of management, vendor & MSSP resources ○ Provide recommendations on security process improvements ○ Assist in creating and automating custom reports from security technologies ○ Assist in the generation, oversight & completion of Change Requests and documentation updates ○ Participate in Vulnerability Management / Penetration testing including execution, remediation, and documentation ○ Process Documentation - Participate in the preparation, proofing / validation and updates of departmental process and procedure documentation and training materials. ● Non-Security Event Responsibilities – Activities of the position that fall outside the direct oversight of security events and investigations. ○ Provide support to PPFA and Affiliate IT staff on Information Security matters ○ Provide mentorship and guidance to Tier-I analysts regarding escalations, processes, and resolutions ○ Engage in knowledge sharing with other analysts o Provide business staff support through security education and mentorship ○ Communicate effectively, orally and in writing and establish a cooperative working relationship with persons contacted while performing assigned duties. ○ Remain current on Information Security trends and products
Engagement: This role requires both periods of very focused, technical analysis with little interaction with business, IT and / or Affiliate staff and periods of direct, continued interaction with business, IT and / or Affiliate staff. The individual must be able to function with independent decision making capabilities, especially in identifying analysis tracks for escalated events, analysis assignments, and escalation decisions ranging from a base Tier I event to Incident Response level remediations. The individual must be able to function with little direction in successfully fulfilling their role, while knowing the importance of and when to escalate situations. This role also requires strong communication skills to provide support directly to all levels of management and staff. This individual must be comfortable interacting with both executive and general staff, and communicating with both technical and non-technical audiences.
Knowledge, Skills and Abilities (KSAs): Qualifications ● BA or equivalent years of experience in Information Security and/or Information Technology. ● 3 years of hands-on experience in Next-Gen Security Product administration and management for Endpoints, Servers, and Cloud-Based Security Tools & Systems. ● UNIX, AIX & Solaris, Linux, Windows Server Operating Systems ● Network/System Intrusion Detection or Prevention Systems (IDS/IPS) ● Security Information and Event Management (SIEM) ● Vulnerability scanner/Penetration testing systems ● Wireless Networking ● Switches/Routers, Firewalls (basic configuration) ● TCP/IP networking, VPN, VLAN, NAT and security concepts ● Software & Hardware Asset Management ● Security threat and attack countermeasures ● Ability to conduct in-depth forensic analytical studies and investigations Non-Technical Skills ● Analytical Problem Solving skills ● Efficient communication skills (listening, written and oral) ● Ability to communicate with both technical and non-technical audiences ● Strong troubleshooting, reasoning and problem solving skills ●Team player with ability to work autonomously
TRAVEL : This is a telecommuter role but will be required to travel as needed.Final offers for this job will be based on capabilities and will be made within the parameters of the PPFA compensation program. Total offer package to include generous vacation + sick leave + paid holidays, individual/family provided medical, dental and vision benefits effective day 1, life insurance, short/long term disability, paid family leave and 401k. We also offer voluntary opt in for Flexible Spending Account (FSA) and Transportation/Commuter accounts.   
We value a truly diverse workforce and a culture of inclusivity and belonging. Our goal is to attract qualified candidates and encourage applications from all individuals without regard to race, color, religion, sex, national origin, age, disability, veteran status, marital status, sexual orientation, gender identity, or any other characteristic protected by applicable law.  We're committed to creating a dynamic work environment that values diversity and inclusion, respect and integrity, customer focus, and innovation.
PPFA participates in the E-Verify program and is an Equal Opportunity Employer.
#LI-SY1*PDN-HR
If denoted as NYC, DC, or both, this position is usually located in our New York City or DC office, but is remote while offices remain closed due to the COVID-19 pandemic.