We have an exciting opportunity to join our team as a Sr I Analyst-Info Security.
In this role, the successful candidate The Senior Analyst will be part of the Penetration Testing and Vulnerabilities Management team. The group is an agile team that effectively test and manage security vulnerabilities for the Medical Center. As a member of the team, the analyst will review a large volume of security event data from a variety of sources with the goal of identifying vulnerabilities and following up with remediation.
Works within vulnerability management team to ensure vulnerabilities are properly tracked, reported, and closed
Develops remediation reports, out briefs, and scorecards addressing risk, vulnerability, and organizational processes
Clearly advises stakeholders and technical teams on vulnerabilities, criticality, impacts, and remediation to meet information security standards
Applies excellent project management skills to ensure organizational vulnerabilities are documented, tracked, and addressed
Interacts with existing Governance Risk and Compliance (GRC) team to collect metrics and deliver risk acceptance issues
Conducts data analysis on information security compliance / risk trends and significant variances for senior
Perform penetration testing of existing and new solutions
To qualify you must hold a four (4) year Bachelors degree with focus on information security and possess five(5) to seven(7) years of experience in the Information Security Field. Additionally, you must be CISSP (Certified Information Systems Security Professional ISC2) or GCIA (GIAC Certified Intrusion Analyst) certified or possess other relevant security certification(s)
Three or more years working in IT Security, preferably with hands on experience performing incident monitoring and analysis in a 24x7 operational environment. Strong security platform and technology capabilities. Able to utilize several SIEM tools to review and analyze security events to identify and/or confirm suspicious activity. Ability to analyze large data sets and unstructured data for the purpose of identifying trends and anomalies indicative of malicious activity. Able to learn and develop new techniques to do such analysis. Knowledge of, and experience with, TCP/IP protocol and network/packet analysis. Strong conceptual and practical understanding of IT Infrastructure designs, technologies, products, and services. This should include knowledge of networking protocols, firewall functionality, host and network intrusion detection systems, operating systems, databases, encryption, load balancing, and other technologies. Demonstrate excellent communication skills, analytical ability, strong judgment, and the ability to work effectively with IT management and staff. Strong understanding of security policies, processes, procedures and standards Three to five years experience in eDiscovery, eForensics, and incident handling Knowledge of the EDRM framework and the National Institute of Standards and Technology (NIST) requirements Familiar with eDiscovery and digital forensics software to collect data, run searches, and export data for clients. Excellent technical knowledge of mainstream operating systems (for example, Microsoft Windows, Mac OS, and Linux) and a wide range of security technologies, such as network security appliances, vulnerability scanners, anti-malware solutions, advanced threat protection systems, security incident and event monitoring tools, and automated policy compliance and desktop security tools Ability to correlate technical information from disparate security systems to draw conclusions about incidents. Strong understanding of security policies, processes, procedures and standards Proven analytical and problem-solving abilities. Ability to effectively prioritize and execute multiple tasks in a high-pressure environment. Good written, oral, and interpersonal communication skills. Ability to conduct research into IT security issues and products as required.
Qualified candidates must be able to effectively communicate with all levels of the organization.
NYU Langone Health provides its staff with far more than just a place to work. Rather, we are an institution you can be proud of, an institution where you'll feel good about devoting your time and your talents.
NYU Langone Health is an equal opportunity and affirmative action employer committed to diversity and inclusion in all aspects of recruiting and employment. All qualified individuals are encouraged to apply and will receive consideration without regard to race, color, gender, gender identity or expression, sex, sexual orientation, transgender status, gender dysphoria, national origin, age, religion, disability, military or veteran status, marital or parental status, citizenship status, genetic information or any other factor which cannot lawfully be used as a basis for an employment decision. We require applications to be completed online.
NYU Langone Medical Center, a world-class patient-centered integrated academic medical center, is one of the nation's premier centers for excellence in clinical care, biomedical research, and medical education. Located in the heart of Manhattan, NYU Langone is composed of four hospitals – Tisch Hospital, its flagship acute care facility; Rusk Rehabilitation; the Hospital for Joint Diseases, one of... only five hospitals in the nation dedicated to orthopaedics and rheumatology; and Hassenfeld Children's Hospital, a comprehensive pediatric hospital supporting a full array of children's health services across the medical center – plus the NYU School of Medicine, which since 1841 has trained thousands of physicians and scientists who have helped to shape the course of medical history. The medical center's tri-fold mission to serve, teach, and discover is achieved 365 days a year through the seamless integration of a culture devoted to excellence in patient care, education and research. For more information, go to www.NYULMC.org.