IT Security Ops Analyst

MetroPlusHealth provides the highest quality healthcare services to residents of Bronx, Brooklyn, Manhattan, Queens and Staten Island through a comprehensive list of products, including, but not limited to, New York State Medicaid Managed Care, Medicare, Child Health Plus, Exchange, Partnership in Care, MetroPlus Gold, Essential Plan, etc. As a wholly-owned subsidiary of NYC Health + Hospitals, the largest public health system in the United States, MetroPlusHealth network includes over 27,000 primary care providers, specialists and participating clinics. For more than 30 years, MetroPlusHealth has been committed to building strong relationships with its members and providers to enable New Yorkers to live their healthiest life.

Position Overview

The IT Security Operations Analyst is responsible for the day-to-day operations of all MetroPlusHealth security monitoring systems. Additionally, this role will oversee the identification, investigation, and resolution of security incidents/threats. The IT Security Operations Analyst will be involved in the implementation of new security solutions, as well as participate in the creation and maintenance of security policies, procedures, standards, baselines, and guidelines. The IT Security Operations Analyst will be expected to remain apprised of the enterprise's security goals as established by its stated policies, procedures, and guidelines, and to actively work towards upholding those goals.

Job Description

Strategy & Planning

• Participate in the planning and design of enterprise security architecture, under the direction of the Director of IT Security Operations.
• Participate in the creation of enterprise security documents (policies, procedures, standards, baselines, and guidelines) under the direction of the Director of IT Security Operations.
• Serve as project lead for IT Security initiatives by documenting project plan, implementation, and outcome.

Acquisition & Deployment

• Research the latest information security industry trends, including awareness of new or revised security solutions, improved security processes, and the emergence of new attacks and threat vectors.
• Recommend security enhancements to IT Security management.
• Perform deployment, integration, and initial configuration of new IT Security solutions and of any enhancements to existing IT Security solutions, in accordance with industry-standard best operating procedures and the enterprise's security documents.

Operational Management

• Monitor MetroPlusHealth security systems to ensure efficient and effective operation.
• Review logs and reports for all MetroPlusHealth devices, whether they be under direct control (i.e., security tools) or not (e.g., workstations, servers, network devices).
• Interpret the implications of any reported activity, and devise plans for appropriate response and resolution.
• Monitor for security breaches and investigate when a violation occurs.
• Participate in the design and execution of vulnerability assessments, penetration tests, and security audits.
• Provide on-call support for end users for all MetroPlusHealth security systems.

Minimum Qualifications

• Bachelor's Degree required, with a preference for Cybersecurity or similar area of study; and
• Minimum 5 years of experience in IT Security Operations; or
• Associate's Degree required, with a preference for Cybersecurity or similar area of study; and
• Minimum 7 years of experience in IT Security Operations.
• Demonstrated ability to identify threats and understand the workflows associated with investigating security events and incidents.
• In-depth knowledge of systems, applications, and systems forensics.
• Strong knowledge of threat intelligence.
• An understanding of various coding languages.
• Thorough understanding of computer-related security systems including firewalls, encryption, password protection, and authentication.
• Experience with SIEM platforms.
• Working technical knowledge of Advance Threat Protection tools such as Crowdstrike, Trellix, etc.
• Strong understanding of network protocols, architecture, and administration.

Licensure and/or Certification Preferred

One or more of the following certifications or exams are preferred but not required

• ISC2
  • CISSP: Certified Information Systems Security Professional
  • SSCP Systems Security Certified Practitioner
  • CCFP Certified Cyber Forensics Professional
• CompTIA
  • CompTIA Security+
  • CompTIA CySA+
• GIAC
  • GSEC: GIAC Security Essentials Certification
  • GCFE: GIAC Certified Forensic Examiner
  • GCIH: GIAC Certified Incident Handler
• Microsoft
  • Microsoft 365 Certified: Security Administrator Associate
  • Microsoft Certified: Security Operations Analyst Associate
  • Microsoft Certified: Azure Security Engineer Associate
  • Exam MS-500: Microsoft 365 Security Administration
  • Exam SC-200: Microsoft Security Operations Analyst
  • Exam AZ-101: Microsoft Azure Integration and Security

Professional Competencies

• Demonstrated problem-solving and analytical skills.
• Strong documentation skills
• Effective communication skills - both written and verbal.