The Cybersecurity Analyst will take a lead role in day-to-day security operations, identifying threats and vulnerabilities, containing, and recommending corrective actions for eradication. 

This role will test and ensure compliance of internal and commercial offerings with security policies and standards, as well as with applicable regulations and laws. 

You will also perform assessments of systems and networks within the network environment or enclave and identify where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. 

The output will measure the effectiveness of defense-in-depth architecture against known vulnerabilities. As a member of the Cyber Security Incident Response Team (CSIRT), you will be the front-line responder, combating cybersecurity threats against our Information Technology Environments/Services. You will conduct incident response activities, including advanced investigation, response, and remediation. Each member of the team will play a role in Incident Response. 

• Conduct monitoring and detection analysis using cybersecurity defense tools.
• Correlate activity across assets (endpoint, network, apps) and environments (on-premises, cloud) to identify patterns of anomalous activity.
• Build and manage relationships with 3rd party SOC providers.
• Review and assess alerts to contain any intrusions or threats.
• Provide reports on events that occur within the environment.
• Test systems to understand compliance with cybersecurity policies and drive remediation, as required.
• Stay abreast of emerging threats and vulnerabilities to assist in the identification of incidents.
• Preserve all records indicating changes made to access control lists to facilitate audits and other investigations.
• Maintain detailed program metrics around initiative goals.
• Participate in an on-call rotation.
• Uphold company mission and values through accountability, innovation, integrity, quality, and teamwork.
• Support and comply with the company’s Quality Management System policies and procedures.
• Maintain regular and reliable attendance.
• Ability to act with an inclusion mindset and model these behaviors for the organization.

• Bachelor’s degree in computer science, engineering, or related field as outlined in the essential duties; or Associates Degree and 5+ years of relevant experience as outlined in the essential duties instead of a Bachelor’s degree; or High School Diploma/General Education Degree and 5+ years of relevant experience as outlined in the essential duties instead of Bachelor’s Degree.
• 5+ years of relevant work experience in incident response, digital forensics, and infrastructure security in a regulated environment.
• Strong customer focus with a track record for driving delivery and operational performance improvements across an organization.
• Demonstrated track record of rapidly responding to alerts, threatening hunting, digital forensics, threat mitigation, and remediation.
• Excellent change management and issue resolution skills with the ability to deliver results.
• Excellent verbal and written communication skills as well as customer service and organizational skills.
• Demonstrated ability to perform the essential duties of the position with or without accommodation.

Nice to have:

• Obtained or working towards industry certification/s relating to incident response/digital forensics (GCFE, GCIH, CEH, etc.).
• Experience in healthcare or biotech industries.
• Experience with any of the following tools: MS Sentinel, Defender Products, Crowdstrike EDR, Mimecast Email Filtering, zScaler VPN and URL filtering, ServiceNow, Active Directory, AzureAD, O365, Okta.
• Experience with any of the following: AWS, Cloud trail, Guard Duty, AzureAD, Azure Data Lake.