Information Security Analyst
Job ID 2020-2470
WebMD is the most recognized and trusted brand of health information and the leading provider of health information services, serving consumers, physicians, healthcare professionals, employers and health plans through our public and private online portals and WebMD the Magazine. The WebMD Health Network includes WebMD, Medscape, MedicineNet, eMedicine, RxList, theheart.org and Medscape Education. Our consumer portals and mobile health applications provide engaging, relevant and credible health and wellness information, personalized health assessment tools and access to online communities.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
The Information Security Analyst, as a member of WebMD’s Information Security Office is responsible for ensuring the continued adoption of security best practices and, assist in the implementation of processes and security technologies to protect the confidentiality of information.
- Create and track security metrics to enable trend reporting to senior management
- Identify security threats through the monitoring and correlation of various security systems and event sources including antivirus, vpn, host intrusion detection, proxy, and system logs
- Participate in the Vulnerability Management program; that is identifying patches, rating patch criticality, monitoring patch process and tracking vulnerabilities through their lifecycle
- Completion of daily requests requiring security review (e.g. requests for access)
- Perform security due diligence of third party tools, vendors and systems
- Assist in the resolution of security incidents through technical analysis (e.g. forensics, log review)
- Provide guidance as needed to IT and Business partners to ensure secure implementation of processes, systems and services
- Development of documentation with respect to security standards and guidelines
- BS in Computer Science or related field
- 3+ years of experience in an Information Security, or IT related role with security exposure. Including backgrounds in site reliability engineering, operations, and networking.
- Strong knowledge of threats, vulnerabilities, attack methods and countermeasures
- Technical knowledge of Operating Systems (Windows/Linux), Networking, and Web technologies
- Industry certifications such as Security+, Associate CISSP are a strong plus
- Knowledge of OWASP vulnerabilities and mitigation strategies
- Scripting experience with Python, Ruby, BASH, or PowerShell is a plus
- Familiarity with industry standard frameworks such as NIST, FISMA, HiTrust, HIPAA, or SOC I & II
- Experience with any of the following tools is a plus:
- Palo Alto XDR
- Carbon Black
- Security Onion
This is NOT a remote position and you will be required to be in office, Covid permitting.