| Company Overview:|
At Memorial Sloan Kettering (MSK), we’re not only changing the way we treat cancer, but also the way the world thinks about it. By working together and pushing forward with innovation and discovery, we’re driving excellence and improving outcomes.
For the 27th year, MSK has been named a top hospital for cancer by U.S. News & World Report. We are proud to be on Becker’s Healthcare list as one of the 150 Great Places to Work in Healthcare in 2016, as well as Glassdoor’s annual Employees’ Choice Awards 2017. We’re treating cancer, one patient at a time. Join us and make a difference every day.
The Information Services Department at MSK is seeking a Sr. Security Analyst to join their team.
As the Sr. Security Analyst, you will:
- Oversee and execute all Incident Security incident monitoring, response, and remediation
- Perform hands-on forensics on various technologies including Windows, Unix/Linux, OSX.
- Manage and maintain all Information Security incident response procedures.
- Maintain current knowledge of security vulnerabilities, threats, and industry best-practices (both within and external to the healthcare industry) in order to develop and enhance security measures and controls.
- Assist in developing and managing various information security policies, standards, and guidance.
- Actively participate and assist in managing organizational information security awareness efforts.
- Be responsible for evaluating and developing the security controls for IT solutions both pre- and post-implementation.
- Participate in various information security-related projects and initiatives.
- An effective communicator, possessing both strong verbal and written communication skills.
- Experienced with high stress situations and able to make sound decisions under pressure.
- Able to interface with and provide security guidance to members of the organization at all levels.
- Action-oriented and eager to embrace new opportunities and tough challenges with a sense of urgency, high energy, and enthusiasm.
- Someone with a proven ability to maneuver through complex policy, process and people-related organizational dynamics.
- Flexible in your approach and demeanor in order to align with the shifting demands of evolving circumstances.
- A Bachelors Degree, preferably in Computer Science or Information Technology.
- 3+ years in Information Technology and Information Systems Security with strong technical acumen in the areas of Information Technology and Security.
- Basic understanding of the applicable regulatory requirements. This includes: Health Insurance Portability and Accountability (HIPAA) Security Rule and the security provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act and Payment Card Industry (PCI) Standards.
- Knowledge of National Institute of Standards and Technology (NIST) Special Publications (including 800-37, 800-53, and 800-88) and able to demonstrate the ability to translate regulatory requirements to these recommended security standards and subsequently illustrate organizational compliance to these standards through the implementation of testable security controls.
- Experience with commercial and open-source forensic tools such as Encase, FTK, Redline, SANS SIFT, Oxygen, and security tools such as Wireshark, Ettercap, Kismet, Metasploit Framework, Shodan, Burp Suite, Nmap, Nikto, Maltego, Nexpose, Nessus.
- Experienced with the use and tuning Security Incident Event Monitoring (SIEM) solutions.
- Experience with Windows binary and malware analysis; and current knowledge and proficiency in use of Windows, Mac, and Linux Server and Desktop operating systems and experience conducting OS and client-server application security testing.
- Knowledge of and hands-on ability in one or more scripting languages such as Python, Perl, Ruby, etc and the ability to apply that knowledge to improving processes through automated means and develop custom scripts to support incident response
- Knowledge of one or more programming languages such as C/C++ and Assembly
- Knowledge of web technologies and programming languages including IIS, Apache, ASP.NET, PHP and/or Ruby on Rails; current knowledge of exploit and mitigation techniques for common web vulnerabilities
- Knowledge of multiple database management systems including MySQL, Microsoft SQL Server, DB2, Oracle, and Sybase
- Current knowledge of mobile technologies including Windows, Blackberry, Android and Apple iOS.
MSK is an equal opportunity and affirmative action employer committed to diversity and inclusion in all aspects of recruiting and employment. All qualified individuals are encouraged to apply and will receive consideration without regard to race, color, gender, gender identity or expression, sexual orientation, national origin, age, religion, creed, disability, veteran status or any other factor which cannot lawfully be used as a basis for an employment decision.
Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please tell us if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.