1,707 Malware Analysis jobs in the United States

This position continuously monitors the alert queue; investigates security alerts; monitors health of security sensors and endpoints; collects data and context necessary to initiate IR response. In addition, the analyst will be responsible for maintaining multiple security technologies for detecting and preventing IT security incidents.
• *What you'll be doing**

+ Responsible for correlation and initial triage of security events and indicators generated by security monitoring tools to determining scope, urgency and potential impact.

+ Document incidents from initial detection through final resolution.

+ Perform incident response functions including but not limited to - host-based analysis functions through investigating Windows, Linux, and Mac OS X systems to identify suspicious and malicious activities.

+ Maintain expertise in Operating Systems (Windows/Linux) operations and artifacts to assist in investigations.

+ Ability to analyze different data types from various sources within the enterprise and draw conclusions regarding past and potential current security incidents

+ Provide after-hours (on-call/weekend rotational) support as required to address critical incidents and maintain continuous coverage.

+ Perform threat hunting exercises to proactively and iteratively discover current or historical threats that evade existing security mechanisms and use that information to improve cyber resilience.

+ Create and modify SIEM dashboards to clearly identify scope of findings or monitor activity.

+ Tune and maintain security tool policies (EDR, IPS, Content Filter, etc.) to reduce false positives and improve tool detection capabilities.
• *What we’re looking for**

+ 3 - 5+ Years Experience with one or more of the following technologies: Endpoint Detection and Response (EDR/XDR) and/or DFIR opensource tools (Ex. Kape, Plaso Log2Timeline, Autopsy, etc.)

+ 3 - 5+ Years Information Security related experience, in areas such as: security operations, incident analysis, incident handling, and vulnerability management or testing, system patching, log analysis, intrusion detection, or firewall administration.

+ 4 Year/Bachelor's degree or equivalent work experience

#DICE
• *What’s it like to work here?**

At Lincoln Financial, we love what we do. We make meaningful contributions each and every day to empower our customers to take charge of their lives. Working alongside dedicated and talented colleagues, we build fulfilling careers and stronger communities through a company that values our unique perspectives, insights and contributions and invests in programs that empower each of us to take charge of our own future.
• *What’s in it for you:**

+ Clearly defined career tracks and job levels, along with associated behaviors for each of Lincoln's core values and leadership attributes

+ Leadership development and virtual training opportunities

+ PTO/parental leave

+ Competitive 401K and employee benefits ( Free financial counseling, health coaching and employee assistance program

+ Tuition assistance program

+ Work arrangements that work for you

+ Effective productivity/technology tools and training

Apply now: Security Analyst II, location is Hybrid (2 days onsite in Alexandria, VA). The start date is ASAP.

Job Title: Security Analyst II
Location-Type: Hybrid (Tues & Thurs onsite in Alexandria, VA)
Start Date Is: ASAP
Duration: Permanent
Compensation Range: $150K-$165K

Job Description:
Support and enhance security operations, ticketing processes, and incident response across various cybersecurity tools, ensuring efficient security event monitoring, troubleshooting, and process automation.

Day-to-Day Responsibilities:

• Work with IDS, IPS, SIEM, and other security tools to generate and action tickets.
• Troubleshoot and resolve security incidents, escalating as needed.
• Ensure log sources and search sources are correctly consolidated for streamlined response.
• Document security processes and work toward automating operations.
• Generate reports on security operations, incident trends, and system performance.
• Collaborate cross-functionally with cybersecurity engineers and other IT teams.
• Participate in an on-call rotation (every six weeks) for cybersecurity incidents.

• Must-Haves:
  
  • 5 years in cybersecurity and 4 years as a Security Analyst.
  • Tenure in full-time roles (ideally 3-5 years per position).
  • Hands-on experience with ITSM (ticketing systems), SIEM, IDS/IPS, next-gen firewalls, DLP, email security, and web application firewalls.
  • Strong documentation experience with the ability to create and operationalize security processes.
  • Experience investigating, blocking, and remediating malicious traffic and alerts.
  • Ability to interpret logs and analyze security events using tools like Wireshark, Fortinet Analyzer, DeepSeas, and Microsoft Defender.
  • Familiarity with scripting languages such as PowerShell, Bash, or Python for security automation.
  • Strong interpersonal skills: proactive, team player, independent, and flexible.
• Nice-to-Haves:
  
  • Experience in startups or Managed Security Providers (MSPs).
  • Knowledge of DFIR, IAM, PAM, NGFW, EDR, CASB, SOAR, MSSPs, and MITRE Telecommunication&CK framework.
  • Background in systems engineering or administration.
  • Relevant cybersecurity certifications (GCIH, GCIA, GMON, GCED, CISSP, CEH, Fortinet, CompTIA, or similar).
  • Bachelor's degree in cybersecurity, IT, or a related field (or equivalent experience).

The IT Security team is responsible for overseeing the security of the firm's data and systems. The team manages server and endpoint security, network security, edge security, regulatory compliance and operational security concerns globally. The team is responsible for designing security policies and procedures that align with corporate and regulatory goals, implementing technology solutions to enforce policies, and supporting all security systems.

Overview

Reporting to the manager of the IT Networking & Security team, this position is part of the IT Infrastructure group. The IT Security Engineer has responsibility for the design and implementation of security technology and policies that protect the firm's data and systems from internal and external threats. Since the firm has a cloud-first strategy, a key skill will be the ability to understand and respond to the unique risks in a cloud environment that supports IaaS, PaaS, and various SaaS platforms. A strong candidate will have extensive hands-on experience with Palo Alto Firewalls (including Panorama Management, Clustering, SSL Decryption and URL Filtering), Checkpoint Firewalls, Bit9/ Carbon Black Application Whitelisting, Microsoft Azure Security & Compliance Center, Microsoft Cloud App Security, Windows Defender and Defender ATP.

This is a hands-on role which spans responsibilities for security architecture, design, implementation, and support. This individual has responsibility for improving security policies and configuration of our current systems, as well as working with the team to improve their overall effectiveness. This individual will participate in product selection for net new and replacement systems, as well as design and produce reports to track threats to our network. The role requires knowledge and experience working with the security systems used by the firm.

Primary Responsibilities:

• Hands-on approach when it comes to implementing and supporting the firm's security systems
• Define key threats to critical data and systems; create policies and engineer systems to reduce threats and risk
• Research and develop future road maps, strategies, and technical visions to support security program
• Assist in performing product evaluations and recommend products/services for data security
• Responsible for identifying and protecting against emerging threats associated with risks in the cloud and third-party vendor systems
• Management, troubleshooting, and monitoring of firewalls, intrusion detection systems, enterprise anti-virus systems, enterprise log management system, and data loss prevention system
• Create and compile enterprise-wide security reporting at set intervals to management
• Respond to security incidents 24 x 7
• Monitor security audit and intrusion detection system logs for system and network anomalies, investigate and/or escalate security violations, and document and report events
• Ensure environment is stable and in compliance with corporate security policy and industry standards
• Work closely with Risk Management, Legal, and Compliance teams to create cohesive security policies
• Work with IT Risk Management and Security team on definition and implementation of security policies
• Create and maintain documentation for supported systems, including DR/BCP planning
• Participate in scheduled off-hours configuration changes, service outage upgrades, and DR/BCP testing
• Perform and/or manage internal and external vulnerability scanning and remediation
• Identify and support quality improvement initiatives

• Undergraduate degree in technology discipline or equivalent experience
• 5+ years of information systems security experience
• 5+ years experience in the financial services industry preferred
• CISSP preferred
• PCNSE preferred

• Proactive approach to learning and educating others about cloud threats
• Excellent, proven troubleshooting skills
• Strategic thinking and roadmap design for multi-year model.
• Ability to work with other teams within Infrastructure, such as Network, DevOps, and Architecture to create comprehensive and holistic security solutions
• Palo Alto (PCNSE), Cloud Security (CCSP) and other related vendor certifications a plus.
• Experience with Microsoft Azure Security & Compliance Center, Microsoft Cloud App Security, Windows Defender and Defender ATP preferred
• Experience working with IP networking, networking protocols and understanding of security related technologies including encryption, IPsec, PKI, VPNs, firewalls, proxy services, DNS, electronic mail and access-lists.
• Experience with Palo Alto and Checkpoint firewall management and associated system managers
• Experience with TippingPoint IPS and associated system mangers, or other IDS/IPS products
• Experience with Bit9/ Carbon Black Application Whitelisting product
• Experience analyzing Firewall and IPS logs, as well as Windows Event and Security logs
• Experience working with enterprise log management software SIEM (preferably LogRhythm)
• Experience with data loss prevention and eDiscovery technologies (preferably Symantec DLP)
• Experience working with internal IT Development or IT Architecture teams to develop secure coding practices and educate Developers a plus
• Experience working within the banking/finance/regulatory industry
• Experience working with relevant operating system security (Windows, Linux, etc.)
• Experience working with teams outside of IT to create effective security policies
• Strong written and verbal communications and interpersonal skills
• Must exhibit a team-oriented approach
• Engineering level knowledge of the following areas:
  
  
  • Active Directory and Group Policy structure and management.
  • Authentication solutions (ex. RADIUS, TACAS)
• Experience with Security and System Forensic tools and methodologies.
• Experience designing and implementing endpoint protection (i.e. Symantec Endpoint Protection, Bit9, Windows Defender)
• Understanding of IT Management processes such as ITIL.
  
  #LI-MC1

• Perform PCI, SOC2, ISO, and applicable State of Florida cybersecurity controls-related reviews to ensure that current, new, and technology infrastructure complies with these standards and Department's security policies.
• Plan and perform IT security controls effectiveness. Manage remediation efforts for the identified gaps including assessment of new or enhanced implemented controls.
• Maintain IT security risk and compliance matrix and performs management reporting. This will include IT systems controls, and business process risks to meet compliance requirements. Provide risk mitigation strategies
• Maintain Third Party Risk Management Program (TPRM) and analyze SOC-2 and other reporting including mapping to key IT security and compliance controls such as NIST, PCI, and COBIT.
• Manage IT security vulnerabilities management program aligned with PCI and NIST standards.
• Identifying and ranking the value, sensitivity, and criticality of the operations and assets that could be affected should a threat materialize in order to determine which operations and assets are the most important.
• For the most critical and sensitive assets and operations, estimating the potential losses or damage that could occur if a threat materializes, including recovery costs.
• Identifying cost-effective actions to mitigate and reduce risk. These actions can include implementing new organizational policies and procedures as well as the design of technical or physical controls.
• Coordinating, tracking, and verifying remediation of audit findings.
• Documenting the results and developing a plan of action and milestones for mitigating any identified risk.
• Produce formal audit reports based on ISACA Audit Standards.
• Promotes compliance with regulatory requirements (e.g. PCI DSS) and IT best practices.

• 7-10 years of IT Audit experience (CISA certified preferred)
• 3 years of IT Risk Management lifecycle experience
• 3 years of hands-on technical experience (e.g. developer, system administrator)
• Experience working with NIST 800-30 Risk Assessment Standard
• Extensive experience with IT General Controls evaluation and design
• Advanced skill level in business process mapping and documentation as well as policy and procedure development
• Recent experience in Information Security with up-to-date knowledge of the current threat landscape.
• Solid understanding of PCI DSS standards

• Bachelor's Degree in Computer Science, Information Systems, Business Administration, or other related field and/or equivalent work experience.
• CISA and CISSP certifications (preferred).

• Assist in efforts to implement a robust MMIS security posture as the MMIS system migrates to the AWS cloud datacenter and beyond.
• Work with the MMIS Security Manager and EOHHS and EOTSS enterprise security organizations to identify and remediate infrastructure and application code vulnerabilities and facilitate the operational process of continuous monitoring, remediation based on objective industry standards, measures of risk impact and probability, and reporting to stakeholders.
• Participate in efforts to integrate Static Application Security, Dynamic Application Security and Software Composition Analysis Tools (SAST, DAST & SCA) into MMIS Software Development Lifecycle (SDLC) emphasizing "Shift Left" early detection and remediation of potential threats and vulnerabilities, and automation, and process integration.
• Participate in efforts to implement security standards and secure common frameworks.
• Participate in efforts to produce developer documentation and educational materials as well as create and update learning resources for application security.
• Participate in efforts to present and explain threat modelling; as well as institute risk detection and risk mitigation strategies to business and IT stakeholders (including leadership) and effectively defend recommendations, where necessary.
• Participate in efforts to define MMIS technical security software environment requirements .

• Extensive hands-on experience with implementing security best practices for AWS cloudhosted applications including the appropriate utilization of AWS security and monitoring tools and resources.
• Experience with DevOps practices and Continuous Integration/Continuous Development(CI/CD) using GitLab and pipelines.
• Experience with web and API development technologies.
• Knowledge of current development practices, including containerized applications, microservice architectures, serverless architectures, etc.
• Experience with Medicaid systems or in IT healthcare settings desired.
• Required Experience :
• 3+ years of experience working in application and infrastructure security roles.
• Strong technical knowledge of internet security issues, cloud architectures, and threat landscape.
• Strong technical understanding of application and cloud security threats and vulnerabilities, including Common Vulnerabilities & Exposures (CVE), Common Weakness Enumeration (CWE), OWASP top 10, SANS top 25, etc.
• Extensive knowledge of and experience with security standards such as NIST- 800-53, FEDRamp, and ISO 27xxx.
• Strong understanding of AWS networking and security tools and resources.
• Strong technical knowledge of AWS security and network management tools and resources.
• Strong background in web application development and/or code auditing.
• Strong consensus building and interpersonal communications skills
• Strong analytical abilities.
• Strong writing and technical documentation skills.
• Strong attention to detail.
• Strong sense of urgency.
• Education and Certifications:
• Associate degree in Computer Science, Information Systems/Technology, Business GIAC GSEC or GWEB, or other similar credentials a plus, Administration, or other related field, or equivalent work experience.
• Professional security certification: CompTIA Security+, AWS Security Specialty, (ISC)2 CCSP

Responsibilities:

• Monitor security systems and networks for potential threats and vulnerabilities.
• Respond to security incidents, conduct investigations, and perform root cause analysis.
• Coordinate with other departments and external entities during incident response.
• Maintain and update incident response plans and playbooks.
• Stay up-to-date with the latest security trends, technologies, and threats.
• Recommend and implement enhancements as needed to incident response procedures, tools, and controls.
• Work with various stakeholders on the appropriate tactics to protect the organization.
• Proactively work with partners and suppliers to achieve objectives on time and within budget.
• Direct and/or take appropriate action with partners to build enterprise class solutions, respond to issues/threats, and communicate to stakeholders.
• Actively engage in the greater Information Security and privacy community (e.g. peer groups, seminars, conferences, etc.) to help identify new technologies, new techniques and new partners.

Key Qualifications:

• 5+ years of relevant experience is required.
• 3+ years of experience working in incident response roles.
• Bachelor's degree in Computer Science, Management Information Systems, Information Security or equivalent is required.
• Cybersecurity certifications (e.g. CISSP, GIAC certifications, etc.) are preferred.
• Experience working with CIS Critical Controls, NIST CSF and ISO 27001 frameworks are preferred.

Technical Skills and Abilities

• Strong interpersonal, written, and verbal communication skills
• Demonstrated experience working with a team to solve technical problems.
• Ability to focus on and achieving results.
• Demonstrated reliability and follow through on commitments and assignments.
• Demonstrate professionalism and courtesy in all interactions.
• Demonstrated ability to implement security best practices.
• Work well under pressure (i.e., a critical system is down)
• Able to work independently and as part of a team.
• Working knowledge of scripting (PowerShell, Python, Perl, etc.)
• Working knowledge of core network and systems administrator protocols
• Working knowledge of network solutions/technologies
• Experience working with Security Information and E.vent Management (SIEM) and Security Orchestration and Automation Response (SOAR) platforms.
• Experience with EDR solutions.
• Ability to analyze and interpret security logs and data.
• Experience with and ability to implement security best practices.
• Experience with security tools (vulnerability scanners, sniffers, log correlation tools)
• Experience with Windows, Linux, and Mac operating systems

#LI-DNI

This role is based in our Columbus, OH or Washington, D.C. office. A reasonable rate of compensation for this position is between $90,000-$100,000 per year.

Enterprise Systems & Applications

Candidates must be US Citizens, Lawful Permanent Residents, or be able to gain clearance to access export-controlled information. The University is not able to provide Visa Sponsorship for this position.

Are you seeking to make a difference in the lives of students? Are you desirous of enabling research that is changing our world? Would you like to have a strong influence in setting direction for a technology organization whose mission focuses on education, research, and application of knowledge to solve some of the world's great challenges? If so, we would like to talk to you. If you are a potential member of the S&T information technology team and are humble, coachable, approachable, introspective, and passionate about building relationships, then we want to talk to you. Serving at Missouri University of Science and Technology is a calling. We are revitalizing our campus and looking to a bright future. Join us.

This position will serve as a technical security expert. This position will be a part of the ISO led security team for risk and compliance and serve in a technical role for security under the ISO's direction for all S&T security.

Firewall Management:

• Configure, monitor, and maintain enterprise firewalls to ensure secure network traffic and prevent unauthorized access
• Develop and implement firewall policies and rules based on industry standards and security best practices
• Design and manage network segmentation to protect sensitive data and systems from potential threats
• Troubleshoot and resolve firewall-related incidents and performance issues
• Collaborate with network teams to ensure firewall and network segmentation changes are aligned with organizational goals
• Collaborate with Networking and Systems Infrastructure team on the maintenance of data center firewall rulesets and routing related to service delivery

Azure Security and Active Directory Management:

• Manage Azure Active Directory as part of a systemwide team, ensuring secure and scalable identity and access management
• Implement and manage security solutions within Microsoft Azure, including configuring security policies, managing resources, and monitoring for vulnerabilities
• Ensure proper configuration and security of Active Directory services, including group policy management, permissions, and role-based access controls
• Contribute to the maintenance of local custom web tools for privilege delegation capabilities of AD/Azure/other management functions

Account Management:

• Oversee user account lifecycle management, including the provisioning, de-provisioning, and auditing of user access to systems
• Ensure adherence to the principle of least privilege across all account management activities
• Conduct regular reviews of user accounts and permissions to identify and mitigate potential security risks

Incident Response:

• Lead and participate in security incident response activities, including investigating, analyzing, and mitigating security incidents
• Hunt for and remediate phishing campaigns, ensuring timely detection and neutralization of threats
• Secure email to prevent misuse and ensure the integrity of organizational communications
• Perform forensic analysis and root cause investigations to determine the scope and impact of security events
• Develop and document incident response procedures and runbooks to improve the organization's response capabilities
• Collaborate with other teams to ensure proper escalation and resolution of security incidents

Vulnerability Management:

• Administer vulnerability management tools, discovery, tracking, and remediation coordination
• Administer Microsoft security environment including Defender, Entra, Purview, and Sentinel
• Lead technical security operations including security monitoring and reporting
• Monitor security systems and logs for signs of potential vulnerabilities or breaches
• Develop and maintain security dashboards and reports for senior management and stakeholders
• Provide guidance on emerging threats, vulnerabilities, and best practices
• Provide oversight to other teams for patch management progress/state as well as help to determine when security issues require immediate vs delayed action

Risk Management and Compliance:

• Ensure that security controls comply with industry regulations, such as CUI, NSPM-33, PCI, HIPAA, NIST 800-171, NIST 800-172, ITAR, NERC, and organizational policies
• Conduct regular security assessments, vulnerability scans, and penetration tests
• Review software, hardware, services, and vendors for adoption
• Recommend and implement security enhancements based on risk assessments and security audits
• Maintain compliance with export-controlled data regulations and work closely with law enforcement on related matters

• Bachelors degree in computer science, cybersecurity, or similar fields, or equivalent experience
• Ability to work on export controlled projects
• Ability to obtain and maintain a top-secret security clearance is required

• 5 years of experience in security analysis with hands-on experience in firewall management, Azure, Active Directory, account management, and incident response
• A cyber security certification such as CISSP, CISM, CEH, or equivalent is required
• Expertise in incident response, phishing remediation, mass email security, risk mitigation, and security operations
• Expertise in data security concepts such as security labeling, Controlled Unclassified Information (CUI), Secret, and Top-Secret information, and tools such as Microsoft Purview preferred
• Expertise in Microsoft security and networking tools such as Active Directory, Domain Controllers, Defender, Entra, and Sentinel preferred
• Expertise in vulnerability scanning tools such as Tenable, Qualys, Nessus, and Nmap
• Knowledge of access management models such as Identity and Access Management (AIM_ access controls, Access Control List (ACL) access controls, Privileged Access Workstation (PAWs), Role-Base Access Controls (RBAC), Attribute-Based Access Controls (ABAC), Privilege Escalation access control, and Zero Trust Network Access (ZTNA) preferred
• Ability to work with export-controlled data and collaborate with law enforcement agencies
• Strong understanding of security frameworks such as NIST CSF, NIST 800-53, NIST 800-88, PCI, ITAR, NERC, ISO 27001, and CIS Controls
• Proficiency in scripting and automation (PowerShell, Python) for security purposes is a requirement
• Excellent analytical, problem-solving, and communication skills.
• Existing security clearance is preferred

The anticipated hiring range for this position has been established as $52,223-$120,078 annually.

Salary is determined by a variety of factors, including but not limited to, the individual's particular combination of education, skills, and experience, as well as organizational requirements.

Your total compensation goes beyond the number on your paycheck. The University of Missouri provides generous leave, health plans, and retirement contributions that add to your bottom line.

Grade: GGS 9E, 10, 11, 12, OR 13
University Title: SECURITY ANALYST- ENTRY, SPECIALIST, EXPERT, PRINCIPAL, OR EXPERT.
To review the University of Missouri's Staff Compensation Structure you can view the Job Code detail page. Internal applicants can determine their university title by accessing the Talent Profile tile in myHR.

Applications will be accepted until this position is filled.

Visa Sponsorship Information:
Applicants must be authorized to work in the United States. The University will not sponsor applicants for this position for employment visas.

University Information
Missouri S&T is one of the nation's leading research universities with over 100-degree programs in 39 disciplines. It was founded in 1870 as one of the first technological institutions west of the Mississippi River. Located about 100 miles west of St. Louis in the vibrant community of Rolla, Missouri S&T is an accessible, safe, and friendly campus surrounded by Ozarks' scenery. Missouri S&T offers undergraduate degrees in engineering, the sciences, liberal arts, humanities, and business, with M.S. and Ph.D. programs available in many of the science and engineering programs. With over 7,000 students and 300 faculty, Missouri S&T is big enough to accommodate a broad population, yet small enough for individuals to build high visibility and impactful careers.

About Rolla
Rolla, Missouri offers several great advantages that help individuals enjoy a high quality of life. Rolla is an ideal place for families, with its low cost of living, excellent schools, safe neighborhoods, and a range of recreational activities suitable for all ages. The Ozark Scenic Riverways and beautiful landscapes offers abundant opportunities for outdoor enthusiasts of every lifestyle. With its vibrant community, Rolla hosts multiple events, concerts, art exhibitions, and theater performances throughout the year. The university's Leach Theatre showcases nationally renowned performers for campus and community alike. Overall, living in Rolla offers a high quality of life with a supportive community, affordable living, beautiful natural surroundings, and numerous opportunities for personal and professional growth.

This position is eligible for University benefits. As part of your total compensation, the University offers a comprehensive benefits package, including medical, dental and vision plans, retirement, paid time off, short- and long-term disability, paid parental leave, paid caregiver leave, and educational fee discounts for all four UM System campuses. For additional information on University benefits, please visit the Faculty & Staff Benefits website at

Equal Employment Opportunity

The University of Missouri is an Equal Opportunity Employer.

To request ADA accommodations, please call the Office of Equity & Title IX at .

OverviewThe Cloud & AI organization accelerates Microsoft's mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers' heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world. Microsoft Cyber Defense Operations is seeking a Security Analyst to join our team. In this role, you'll collaborate with security experts across Microsoft to investigate threats, proactively hunt for compromise, enhance and automate processes, and contribute your expertise to initiatives that strengthen the security and scalability of our services. You'll be part of a team focused on identifying emerging threats, coordinating large-scale responses, and driving investigations that protect our customers.This is a unique opportunity to work in a high-impact environment where your contributions directly support the security of Microsoft's cloud platform and online services. The Senior Security Investigator will be passionate about strengthening defenses and protecting customers from evolving threats. If you're driven by the mission to protect and innovate, this role offers continuous opportunities to learn and grow.Microsoft's mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
ResponsibilitiesPerforming analysis on security escalations to determine root cause and impactConduct forensics and maintaining chain-of-custody as neededSupport cross company Security incidents and crisisCreate technical documentation for SOC analysts and teams to followEvaluate security risks and their impact to the Microsoft Cloud platform and its online servicesEmbody our culture and values

WE ARE HEALTHCARE SYSTEMS OF AMERICA. Our mission is to elevate healthcare standards, improve patient outcomes, and create value for communities across the United States. Healthcare Systems of America (HSA) is more than a healthcare provider-we're a community built on excellence, innovation, and compassion. If you're looking for a career that makes a difference, empowers you to grow, and gives you the opportunity to impact lives, HSA is where you belong.

Healthcare Systems of America operates 8 community hospitals across 3 states. We service a multitude of patients and their families across our vast network, while remaining committed to the professional development of our staff, the functional improvement of our patients, and the cultivation of strong partnerships within our communities.

WHAT WE OFFER

• Career Growth & Development - We are an essential, stable and growing company with many opportunities for training and advancement within the medical field that all employees and team members can benefit from.
• Supportive & Inclusive Culture - We foster an environment where every team member is valued, heard, and empowered to succeed.
• Meaningful Work - Every day, you'll contribute to patient care, cutting-edge medical solutions, and life-changing treatment and technologies.

POSITION SUMMARY

The Security Analyst performs investigations and analysis to support cybersecurity operations across HSA Hospitals' Microsoft-centric environments. This role reviews SOC escalations, conducts internal investigations, and collaborates with team members to remediate threats and improve security processes with consideration for HIPAA compliance and privacy.

PRIMARY RESPONSIBILITIES

• Analyze and validate security incidents escalated by the SOC provider.
• Perform proactive investigation of alerts generated internally from Microsoft Windows, server, and Azure environments.
• Document findings, create incident tickets, and assist in remediation planning.
• Support vulnerability management and threat hunting activities.
• Contribute to improvements in security processes, playbooks, and reporting.
• Maintain awareness of emerging cyber threats relevant to healthcare and Microsoft environments.
• Interpret and apply HIPAA security and privacy requirements in daily operational work.

EXPERIENCE/EDUCATION REQUIREMENTS

• Bachelor's degree in Cybersecurity, Information Technology, or related field, or equivalent real-world experience and job history in security operations or analysis.
• 2+ years of experience in security analysis, incident response, or SOC operations.
• Strong familiarity with Microsoft Windows operating systems, server infrastructure, and Azure environments.
• Understanding of HIPAA compliance and its relevance to security operations.

CERTIFICATIONS PREFERRED

• Security+, CySA+, GCIH, or similar.