Information Security Analyst

Description This position assists with implementing as well as maintaining an in-depth Security program for AMSURG and strives to enforce security best practices, policies, standards and guidance to ensure the safeguard of AMSURG’s proprietary data, physical infrastructure and resources from internal and external threats. This position is required to maintain an extensive understanding of services provided by AMSURG, Information Technology and to develop relationships throughout the organization to assist Information Security in accomplishing its goals for the company.

ESSENTIAL RESPONSIBILITIES:

• Coordinate vulnerability assessments of operating systems, applications, databases and network infrastructure components to detect, enumerate and classify major vulnerabilities for performing trend analysis and reporting to Enterprise customers through the use of vulnerability assessment tools and methodologies.

• Assist with investigating intrusion detection events by monitoring, analyzing and reporting on all network and application communication specific protocols for unwanted manipulation to systems, malicious network traffic, network attacks against vulnerable services, data driven attacks on applications, host based attacks or unauthorized access to sensitive data.

• Assist with implementing security operations management of operating systems, security applications and network infrastructure components to provide security configurations, controls for user account access, monitoring of services, centralized logging, network connectivity, job scheduling execution and routine maintenance through the use of administrative tools and methodologies.

• Assist with incident handling by detecting, analyzing and performing remediation on attacks that deny the use of authorized applications, networks or systems, malicious entities that infect single or multiple hosts, unauthorized access without permission to application, data, networks, systems or other resources, inappropriate usage that violates acceptable use policies or multiple components by assisting constituents that consist of enterprise legal staff, and/or Compliance.

• Review the results from auditing of applications, operating systems and networks to provide a measurable technical assessment that includes interviewing staff personnel, performing security vulnerability scans, reviewing access controls or analyzing physical access to ensure availability, confidentiality and integrity to help the organization meet internal and external regulatory compliance.

• Execute social engineering to obtain confidential information by manipulation of legitimate users through the use of telephone conversations, face to face manipulation, or phishing attacks in order to educate users on security policies and procedures.

• Demonstrate security knowledge and experience on technologies and methodologies as it relates to operating systems, firewalls, proxies, access controls, encryption, networking, programming/scripting, auditing, vulnerability assessments, intrusion management and operations management to assist the Security team with effective research, data gathering, analysis, metrics reporting and communications.

 

Regular and reliable attendance required.

Successful candidate will pass a background check and drug screen.

Requirements Education/Experience:

Bachelor’s degree from an accredited college or university is preferred with a minimum of (1) one year of experience. Experience will be considered in lieu of a degree.

KNOWLEDGE AND SKILLS:

To perform this job successfully, an individual must be able to perform each essential responsibility satisfactorily. The requirements listed below are representative of the knowledge, skills and/or abilities required.

• Understanding of Security Methodologies

• Experience with automation and scripting of applications and systems

• Experience in anomaly detection (signature / behavioral)

• Experience with event and log correlation

• Experience of TCPIP/UDP/ICMP

• Advanced knowledge of the OSI Reference Model

• Windows / Linux operating systems

• Advanced experience of Networking components (routers, switches, load balancers, wireless access points, etc)

• Understanding of routing protocols (BGP, OSPF, MPLS, etc.)

• Common knowledge of firewalls, proxies, mail servers and web servers

• Experience with operational support for operating systems, applications and networks

• Advanced knowledge of client/server relationships

• Common knowledge of relational databases and structured query language

• Experience with vulnerability assessments

• Experience with intrusion management and its components

• Understanding of encryption algorithms and ciphers (PKI/SSL)

• Common knowledge of malicious code (worms, viruses, spyware, etc.)

• Common knowledge of Virtual Private Networking

• Common knowledge of multi-tier environments

• Experience with packet inspection / sniffers

• Experience with forensics and e-discovery

 

We are an equal opportunity employer.

We do not discriminate in practices or employment opportunities on the basis of an individual’s race, color, national or ethnic origin, religion, age, sex, gender, sexual orientation, marital status, veteran status, disability, or any other prohibited category set forth in federal or state regulations.

We will provide reasonable accommodation to complete the online application consistent with applicable law. If you require an accommodation, please contact Human Resources.

Source:https://re11.ultipro.com/AMS1004/JobBoard/JobDetails.aspx?__ID=*D302ED85A541D8A2&bID=1702