The Cyberdefense Analyst will serve as a member of the Cybersecurity team at Gohealth, and will be responsible for the development, success, and support of the Cyberdefense team objectives and procedures. The mission of the team is to detect, analyze, triage, and manage security events from impacting the organization and establish highly effective repeatable processes and playbooks to ensure comprehensive protection exists to prevent unauthorized or malicious activities impacting the organization.
The Cyberdefense Analyst will have operational responsibilities for Cybersecurity technology used to detect and prevent malicious activities. The experienced Analyst will be responsible for updating, implementing, and following a Security incident response plan (IRP) and creating standard operating procedures (SOP). You will help support all aspects of Cyberdefense, and partner with our businesses, IT, Legal and Compliance to ensure GoHealth delivers on commitments to our customers as it relates to incident response, vulnerability management, mock phishing campaigns, cloud security controls, SIEM log integration, cloud events investigation, end point detection and response, develop remediation plans and lead a vendor management program.
This role is also responsible for daily review and investigation of security alerts from multiple sources, a point contact to a 24x7x365 managed detection and response (MDR), responding to compliance questionnaires and to help identify configuration flaws that can be used to exploit our environment.
Bachelor’s degree required (or equivalent experience)
4+ years’ experience in Cybersecurity cloud/network controls, Cyberdefense monitoring, tackling, and blocking, security vulnerability management and incident response required
Minimum 2+ years with servers, applications, Azure security knowledge, with maintain, operate, and support experience preferred
Possess one or more of the following certifications:
Azure Certified, GIAC, CEH, GWAPT, GPEN or OSCP is preferred
Additional Knowledge, Skills and Abilities Required
Experience with Microsoft Azure Security, Amazon AWS, M365 threat protection, end point security products
Experience managing an enterprise EDR solutions such as Blackberry EDR, Crowdstrike, SentinelOne or MS Defender
Hands on with LogRythm SIEM, Cisco Umbrella, Knowbe4 and Digital Defense Intelligence
Excellent verbal and written communication skills and the proven ability to influence people
Ability to work collaboratively and professionally with all levels in dynamic situations
Additional Knowledge, Skills, and Abilities Preferred
Familiarity with HIPPA and HITRUST framework, NIST, experience with regulation compliance
• Managing relationships with our IT operational team to learn our environment and collaborate on software, systems, or network configuration changes.
• Maintain vendor management standards, questionnaires, and processes to adhere to regulatory compliance.
• Implement / maintain technical control systems and monitor log events for unusual or suspicious activity.
• Perform threat monitoring – monitor industry resources, latest hardware, and software vulnerabilities, and observe new technical developments, intruder activities and related trends to help identify threats to GoHealth.
• Follow incident handling processes, such as incident discovery, analysis and verification, incident tracking, containment and recovery, incident response coordination with Legal and notification as needed.
• Prepare Cybersecurity advisories and security information bulletins.
• Develop and document standard operating procedures for the Cyberdefense team.
• Develop and maintain information security operational metrics, such as # of incidents, types of incidents, # of application security findings, EDR and/or missing security vulnerability patches.
• Conduct daily security log management and monitoring.
• Perform malware analysis and provide mitigating controls.
• Perform data analysis, develop use cases and playbooks in support of a security management process.
• Provide analysis and information gathering to provide situational awareness and actionable intelligence response.
• Document, communicate, and help to resolve feedback, questions, and enhancement requests along with others on the GoHealth IT and operational staff.
• Escalating risks and issues as appropriate to leadership, Project management and/or the external partner.
• Collaborate with a great team of people moving exciting projects forward and working to improve systems, Culture, Cybersecurity, and processes along the way.