Cyber Security Operations Centers Analyst-Tier 2

Join us as we work to create a thriving ecosystem that delivers accessible, high-quality, and sustainable healthcare for all.

The Information Security group at athenahealth is looking for a security analyst to join our Cyber Security Operations Center (CSOC) team.  This is a hands-on role that acts as the initial triage for any incoming security incident-related request or alerts via automated workflows.

You must be someone who can debug complex problems and use methodical processes when troubleshooting a technical issue.  You must be an excellent communicator who can work with stakeholders to understand employee questions and potential concerns.  You must provide strong customer support and understand how and when to appropriately escalate potential issues, but also when to communicate statuses between shifts if issues are not resolved.  You are a tenacious, but nimble learner, who demonstrates design and engineering excellence. Being able to communicate security issues to employees in a non-technical manner is critical to success.

The Team:

The CSOC team within the Information Security group at athenahealth is a three-tiered structure responsible for ensuring the company’s products and infrastructure are as secure as possible.  The team works cross-functionally across the business with stakeholders to provide support, guidance, and technical implementations where appropriate, to include triage, containment, and remediation when applicable.

Job Responsibilities:

• Act as the initial triage point for all security-related tickets that come into the team’s various queues (including triage, containment, and remediation when necessary).
• Understand the basic incident response lifecycle and the analytical mindset when it comes to triage and investigations.
• Follow standard operating procedures (SOPs) to ensure tickets are triaged appropriately and in a timely manner, according to SLAs.
• Excel at documentation and detailed notetaking, including SOP writing, incident reporting, e-mail and instant messaging etiquette, and most importantly, documenting incident actions in tickets.
• Ability to know when to appropriately escalate a potential issue to peers and/or leadership.
• Willingness and ability to review and help develop strong documentation for stakeholders and team members.
• Desire to learn new concepts and technologies to grow and take on more responsibility over time.
• Champion security tooling: ensure teams know about it and use it during their daily coding activities.
• Familiarity with security tools like Splunk, CrowdStrike EDR, Carbon Black EDR, Proofpoint tools, Microsoft Defender components, Cylance Protect, Office 365 tools, PowerShell, and various network tools, etc.
• Understanding the various stages of incident response, the importance and critical factors of an investigation, and how to contain as soon as possible.
• Understand the incident response lifecycle, the Lockheed Martin Cyber Kill Chain, the MITRE framework, and the forensic workflows as outlined by NIST.
• Work with development teams to ensure they’re using best practices and company processes in their daily activities.
• Drive self-organization; help determine how the team functions in collaboration with your peers
• Respond to phishing attacks by tracking down and recalling malicious e-mails; contact users who may be impacted.
• Build strong relationships with cross-functional team members between the three tiers of the CSOC.
• Participate in off-hours on-call rotation, as required, and necessary.

Typical Qualifications:

• Bachelor’s Degree in a computer-related field (computer science, information security, etc.) or equivalent job experience.
• 2-5 years of IT security experience, with some exposure to information security (also known as cyber security).
• Completion of the Security+ certification, GIAC Certified Incident Handler (GCIH), GIAC Security Essentials (GSEC), GIAC Security Operations Certified (GSOC) or equivalent.
• Experience or knowledge of endpoint detection and response (EDR) solutions, which are the majority of incident response detections in 2024, which includes a fundamental understanding of memory processes and memory management practices, or the willingness to learn these principles.
• Information Security familiarity and training, including areas such as incident response, computer forensics, risk assessment, vulnerability testing, penetration testing, secure development lifecycle, threat modeling, and risk management.
• Experience in distributed systems and cloud-based architecture including Amazon AWS, Microsoft Azure, and the native security tools available in these environments (Data Explorer, GuardDuty, Log Analytics, etc.).
• Familiarity with Unix/Linux, Windows, SQL, macOS, shell scripting, and various other technologies.
• Familiarity with common phishing attacks, methods, and risks to look out for from a security perspective.
• Basic understanding and exposure to project management and collaborative software applications such as Jira, Confluence, SharePoint, ServiceNow, MS Teams, etc.
• Have strong written and verbal communication skills and not be afraid to ask questions or for advice.
• Be a strong team member and collaborate often and openly.

https://www.athenahealth.com/careers/equal-opportunity