Cloud Security Analyst
Chicago, IL, United States
Applications have closed
Northwestern Memorial Healthcare
Northwestern Medicine is a leader in quality healthcare and service, bringing together faculty, physicians and researchers to support and advance that care through leading-edge treatments and breakthrough discoveries.Company Description
At Northwestern Medicine, every patient interaction makes a difference in cultivating a positive workplace. This patient-first approach is what sets us apart as a leader in the healthcare industry. As an integral part of our team, you'll have the opportunity to join our quest for better healthcare, no matter where you work within the Northwestern Medicine system. At Northwestern Medicine, we pride ourselves on providing competitive benefits: from tuition reimbursement and loan forgiveness to 401(k) matching and lifecycle benefits, we take care of our employees. Ready to join our quest for better?
Job Description
The Cloud Security Analyst reflects the mission, vision, and values of NM, adheres to the organization’s Code of Ethics and Corporate Compliance Program, and complies with all relevant policies, procedures, guidelines and all other regulatory and accreditation standards.
The Cloud Security Analyst is responsible for providing security for cloud-based digital platforms and plays an integral role in protecting NMHC's data. The security analyst will be extensively involved with security event monitoring, evaluating and reporting on information security that supports risk posture. Responsibilities also include investigate, create, and recommend innovative technologies or other methods that will enhance the security of cloud-based environments.
Responsibilities:
- Cloud Security Skills:
- Threat and Vulnerability Management - Continuously acquire, assess, and take action on new information in order to identify vulnerabilities, remediate, and minimize the window of opportunity for attackers throughout our cloud service
- Malware protection - Prevent, detect and respond to the installation, spread, and execution of malicious code at multiple points in the enterprise, while optimizing the use of automation to enable rapid updating of defense, data gathering, and corrective action
- System hardening - Establish, implement, and actively manage (track, report on, correct) the security configuration cloud resources using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings
- Data protection - Define and manage processes and tools used to prevent data exfiltration, mitigate the effects of exfiltrated data, and ensure the privacy and integrity of sensitive information (DLP, GASB…)
- Log management/Security Analysis - Collect, manage, and analyze audit logs of events that could help detect, understand, or recover from an attack
- Incident Response - Protect the organization's information, as well as its reputation, by developing and implementing an incident response infrastructure (e.g., plans, defined roles, training, communications, management oversight) for quickly discovering an attack and then effectively containing the damage, eradicating the attacker's presence, and restoring the integrity of the network and systems
- Penetration Tests and Red Team – coordinate testing the overall strength of an organization's defense (the technology, the processes, and the people) by simulating the objectives and actions of an attacker
- General Technical Skills:
- Maintains solid technical competence for assigned services and systems while grasping the integration and interaction of all supported services and systems
- Provides technical support for computing systems security
- Strong operations experience focused on public cloud security
- Maintains a broad working knowledge of the full range of NMHC IT security policies and controls
- Understanding of cloud infrastructure security and networking, governance, maintaining compliance, creating security policies and blueprints, security in layers concepts, key vaults, intrusion protection, risk mitigation and automated security remediation (SecOps)
- Works directly with project managers to understand application objectives, develop scope of project, outline effort projections, determine schedules, and finalize plans
- Establishes and enforces standards and procedures in accordance with NMHC’s security policies
- Provides technical leadership including the identification and implementation of NMHC best practice standards
- Code using modern scripting languages (Python, Ruby, PowerShell, JavaScript)
- Customer Service:
- Develops reports, monitoring dashboards, workflows, and metrics within cloud and hybrid environments
- Responds thoroughly and promptly to customer needs as defined in conjunction with our customers
- Manages customer relationships and follows issues through to closure
- Includes all aspects of customers (NMHC technology users, IS team members, etc.)
- Works effectively in supporting the Information Service team with project and support activities
- Actively participates and communications with the project teams
- Understands the business and clinical processes at NMHC and the operational environments of assigned customers
- Additional Functions
- Providing on-call support is required.
Qualifications
Required:
- 3+ years technical experience
- Excellent verbal and written communications skills
Preferred:
- Bachelor's degree in computer science or related field
- 3+ years of experience in core discipline in the healthcare industry
Additional Information
Northwestern Medicine is an affirmative action/equal opportunity employer and does not discriminate in hiring or employment on the basis of age, sex, race, color, religion, national origin, gender identity, veteran status, disability, sexual orientation or any other protected status.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Automation Cloud Compliance Computer Science Governance Incident response JavaScript Malware Monitoring PowerShell Privacy Python Red team Ruby Scripting SecOps Security analysis Vulnerabilities Vulnerability management
Perks/benefits: Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Product Security Engineer jobs
- Open Senior Cybersecurity Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cloud Security Architect jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Network Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Information System Security Officer jobs
- Open Security Consultant jobs
- Open Information Systems Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Information Security Architect jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Security Architect jobs
- Open CISA-related jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open GCP-related jobs
- Open ISO 27001-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open DoD-related jobs
- Open DevOps-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Vulnerability management-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Security assessment-related jobs
- Open PowerShell-related jobs
- Open SQL-related jobs