IT Senior Cybersecurity Analyst (SOC)

We are looking for a self-motivated Senior Cybersecurity Analyst to join the R1 Cybersecurity Operations Team. We have a relentless focus on driving results for our customers and enabling them to invest more into patient care; in turn, this allows us to continue to grow our company and your career. 

The successful candidate must be well-versed in security operations, cyber security tools, intrusion detection, and secured networks. They will serve as an expert and be responsible for providing network and security operations technical analysis, assessment, and recommendations in the areas of real-time security situational awareness, operational network system and applications systems security monitoring. 

Responsibilities: 

• Monitor various security tools to identify potential incidents, network intrusions, and malware events, etc., to ensure the confidentiality, integrity, and availability of R1’s architecture and information systems are protected. 

• Generate trouble tickets and perform initial validation and triage to determine whether incidents are security events using open-source intelligence (OSINT). 

• Review and analyze log files to report any unusual or suspect activities. 

• Utilize incident response use-case workflows to follow established and repeatable processes for triaging and escalating. 

• Follow established incident response procedures to ensure proper escalation, analysis, and resolution of security incidents. 

• Analyze and correlate incident event data to develop preliminary root cause and corresponding remediation strategy. 

• Provide technical support for new detection capabilities, recommendations to improve upon existing tools/capabilities to protect R1’s network, and assessments for High Value Assets. 

• Research Threat Intelligence sources on the latest malware, trends, patches to keep the Security Program up to date. 

• Document and maintain SOPs/Runbooks related to investigating security incidents. 

• Perform case management throughout the incident lifecycle for moderately complex security incidents. 

• Understand and assist with compliance and enterprise change management policies and procedures. 

• Attend and participate in cybersecurity projects and the change management process. This includes interacting with business units and technical teams to understand what is coming and how their projects can be more secure from the beginning. 

• Maintain metrics & reports on the status of the R1 cybersecurity operations program. 

Required Qualifications: 

• A bachelor’s degree in a technical discipline (e.g., Computer Science, Business Analyst, etc.) 

• A minimum of 2-4 years of professional experience in an IT-related field. 

• Intermediate knowledge of security, monitoring, and networking technologies, tools, protocols, and standards. 

• Intermediate or advanced security, networking, or equivalent professional experience in security operations. 

• Knowledge of security policy, programs, process, and metrics. 

• Understanding/Experience on Network Security, Firewall Security, and Web Security (including web application firewalls and proxies). 

• Experience on SIEM, PIM, Content Filtering, and Firewalls. 

• Experience on Investigating, documenting, and reporting on any information security (InfoSec) issues as well as emerging trends. 

• Experience Threat Hunting and searching for malicious activity. 

• Strong drive and passion to deliver distinctive end-products, a quick learner with a strong attention to detail and quality. 

• Excellent interpersonal and communication skills. 

• Self-driven, with attention to detail and the ability to think outside the box for solutions to issues. 

• Knowledge of IT Industry standards such as ISO 27001, HIPAA, SOX. 

• Good knowledge of security programs, process, and metrics. 

• Good knowledge of IT Security Infrastructure and related applications and toolsets. Examples include firewalls & Network, Active Directory, DNS. 

Desired Qualifications: 

• Certification (or ability to obtain certification) in at least one of the following areas: General Security (CISSP), Cloud Security (GCLD, Cloud+, CCSK), and Ethical Hacking (CEH). 

• Experience with advanced cybersecurity tools, network topologies, intrusion detection, and secured networks. 

• In-depth understanding of NIST SP 800-61, SOC 2 AICPA controls, and frameworks. 

• Recent experience with static and/or dynamic code review process. 

• Experience with forensic data analysis. 

• Leadership experience and qualities.