Security Analyst (EDR)
Join a team dedicated to supporting the crucial mission of improving health outcomes.
At Merative, you can apply your skills – and grow new ones – with colleagues who have deep expertise in health and technology. Merative provides data, analytics and software for the health industry. Our clients include providers, health plans, employers, life sciences companies and governments around the world. With industry-leading products and focused innovation, we help customers improve decision-making and performance so that together, we drive real progress in health. Learn more at merative.comAs IT Cybersecurity Engineer and member of the Chief Information Security Officer (CISO) organization you will support the security of the company products and infrastructure. You will use your knowledge of concepts, technology, and tooling to ensure the security of the company’s and our client’s critical information. This will include participation in the maintenance and monitoring of security tooling, investigation of security incidents and support company and client audits. You will interface with the business and functional leaders in development, operations, information technology and other stakeholders to promote and support a secure environment.
Essential Job Duties
Provides technical leadership, advice, guidance and perform IT Cybersecurity related activities.
Works under limited supervision and in conjunction with team members with the objective to ensure a secure and compliant environment. Manage day to day security tools such as Endpoint Detection and Response (EDR), Vulnerability Management, Data Loss Prevention, File Integrity Monitoring, Encryption, Key Management, Intrusion Detection, etc.
Work with various technology teams to ensure tool sets used to detect infrastructure security issues are deployed on all necessary platforms.
Research new security trend and provide recommendation to support increased security protection for our environment.
Defines objective and implements complex solutions related to IT Cybersecurity.
Accountable for project results, timing, and productiveness in delivery activities.
Provide technical expertise in Information Technology and on Security products with hands-on experience.
Assist with data protection initiatives and other programs as necessary
Participates in the internal and external audit program to demonstrate security procedures and tools to assure ongoing compliance.
Participates in activities related to the corrective and preventive action process.
Recognizes problems related to project objectives and applies sound judgement when addressing the issues.
Independently generates solutions based on analytical skills and business knowledge.
Pursues a program of self-development using selected reading, seminars, and participation in continuing education.
Performs all duties and responsibilities as required by the company Security Policies and Procedures.
Identifies and communicates possible improvements in the work process for customers and peers.
Performs other duties as assigned by immediate supervisor or upper management
Bachelor’s degree in a scientific or technical discipline required
5+ years of technical, hands-on proficiency in multiple cybersecurity competencies (e.g. network security, systems security, application security, security operations)
5+ years’ experience performing security technical testing or technical controls validation including documentation of testing methods and results
Experience monitoring and maintaining Crowdstrike Endpoint Detection and Response (EDR) platform.
Experience with Crowdstrike Falcon and Cloud security products.
Experience using SIEM products (e.g., Splunk, Sumo Logic) to collect data and investigate anomalies.
Experience developing API to include integrating API calls into applications and troubleshooting API issues
Experience with identifying and investigated security events within Crowdstrike
Knowledge of cloud computing concepts and security architecture (Azure, IBM Cloud, AWS).
Knowledge of security controls related to infrastructure technology including enterprise storage (NAS/SANS), Windows and Linux Operation systems, ESX VMware, etc.
Knowledge of security standards and controls (e.g., NIST, CIS etc).
Proactive awareness of emerging cybersecurity threats and technologies
Detail oriented with strong verbal and presentation skill
Demonstrated proficiency with executive level presentations and status reporting
Excellent interpersonal, communication, and negotiation skills
Effective research and analytical skills
Effective written and oral communication, technical writing and editing skills
Ability to work independently with minimal supervision
Security related certification (i.e. Security+, CISSP, GIAC, etc)
Experience implementing security controls to meet requirements of various security and privacy related standards and regulations such as SOC I/II, ISO 2700x, HIPAA, GDPR, HITRUST, etc
It is the policy of Merative to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, HIV status, or any other characteristic protected by federal, state or local law. In addition, Merative will provide reasonable accommodations for qualified individuals with disabilities.