Cyberdefense Analyst

Remote, United States  | IT (Information Technology)

Description

Position at GoHealth Urgent Care

JOB SUMMARY

The Cyberdefense Analyst will serve as a member of the Cybersecurity team at Gohealth, and will be responsible for the development, success, and support of the Cyberdefense team objectives and procedures. The mission of the team is to detect, analyze, triage, and manage security events from impacting the organization and establish highly effective repeatable processes and playbooks to ensure comprehensive protection exists to prevent unauthorized or malicious activities impacting the organization.

The Cyberdefense Analyst will have operational responsibilities for Cybersecurity technology used to detect and prevent malicious activities. The experienced Analyst will be responsible for updating, implementing, and following a Security incident response plan (IRP) and creating standard operating procedures (SOP). You will help support all aspects of Cyberdefense, and partner with our businesses, IT, Legal and Compliance to ensure GoHealth delivers on commitments to our customers as it relates to incident response, vulnerability management, mock phishing campaigns, cloud security controls, SIEM log integration, cloud events investigation, end point detection and response, develop remediation plans and lead a vendor management program.

This role is also responsible for daily review and investigation of security alerts from multiple sources, a point contact to a 24x7x365 managed detection and response (MDR), responding to compliance questionnaires and to help identify configuration flaws that can be used to exploit our environment.


Education

 Bachelor’s degree required (or equivalent experience)

Work Experience

 4+ years’ experience in Cybersecurity cloud/network controls, Cyberdefense monitoring, tackling, and blocking, security vulnerability management and incident response required

 Minimum 2+ years with servers, applications, Azure security knowledge, with maintain, operate, and support experience preferred

Required Licenses/Certifications

 Possess one or more of the following certifications:

Azure Certified, GIAC, CEH, GWAPT, GPEN or OSCP is preferred

Additional Knowledge, Skills and Abilities Required

 Experience with Microsoft Azure Security, Amazon AWS, M365 threat protection, end point security products
 Experience managing an enterprise EDR solutions such as Blackberry EDR, Crowdstrike, SentinelOne or MS Defender
 Hands on with LogRythm SIEM, Cisco Umbrella, Knowbe4 and Digital Defense Intelligence
 Excellent verbal and written communication skills and the proven ability to influence people
 Ability to work collaboratively and professionally with all levels in dynamic situations

Additional Knowledge, Skills, and Abilities Preferred

 Familiarity with HIPPA and HITRUST framework, NIST, experience with regulation compliance

 ESSENTIAL FUNCTIONS 

• Managing relationships with our IT operational team to learn our environment and collaborate on software, systems, or network configuration changes.
• Maintain vendor management standards, questionnaires, and processes to adhere to regulatory compliance.
• Implement / maintain technical control systems and monitor log events for unusual or suspicious activity.
• Perform threat monitoring – monitor industry resources, latest hardware, and software vulnerabilities, and observe new technical developments, intruder activities and related trends to help identify threats to GoHealth.
• Follow incident handling processes, such as incident discovery, analysis and verification, incident tracking, containment and recovery, incident response coordination with Legal and notification as needed.
• Prepare Cybersecurity advisories and security information bulletins.
• Develop and document standard operating procedures for the Cyberdefense team.
• Develop and maintain information security operational metrics, such as # of incidents, types of incidents, # of application security findings, EDR and/or missing security vulnerability patches.
• Conduct daily security log management and monitoring.
• Perform malware analysis and provide mitigating controls.
• Perform data analysis, develop use cases and playbooks in support of a security management process.
• Provide analysis and information gathering to provide situational awareness and actionable intelligence response.
• Document, communicate, and help to resolve feedback, questions, and enhancement requests along with others on the GoHealth IT and operational staff.
• Escalating risks and issues as appropriate to leadership, Project management and/or the external partner.
• Collaborate with a great team of people moving exciting projects forward and working to improve systems, Culture, Cybersecurity, and processes along the way.