This job has expired and you can't apply for it anymore. Start a new search.
HCR ManorCare logo
Company Name:
HCR ManorCare
Approximate Salary:
Not Specified
Location:
Toledo, Ohio
Country:
United States
Industry:
Position type:
Experience level:
Education level:

Security Analyst II

HCR ManorCare provides a range of services, including skilled nursing care, assisted living, post-acute medical and rehabilitation care, hospice care, home health care and rehabilitation therapy.

Information security safeguards the digital health of our Patients throughout HCR-ManorCare s range of services, including skilled nursing care, assisted living, post-acute medical and rehabilitation care, hospice care, home health care and rehabilitation therapy.

Are you looking for a place where you can be engaged in exciting challenging work and grow your career You ll be working in an vast and complex environment to understand the risks and to deny and disrupt attacks against critical business systems. This role ensures compliance and performs in-depth risk analysis, while assisting business groups to reducing risks of compromise.

You should have demonstrated analytic ability to assess technical environments, discover weaknesses, and analyze exploitation opportunities. Also necessary is the expertise to evaluate and recommend business-first defensive mechanisms to minimize exposures.

Candidates need business acumen to understand HCR s different services and the threat vectors that are most dangerous to that part of the business. Expertise in writing technical risk assessments is required, not just popping shell or stealing credentials. Technical acumen includes, but is not limited to, source code scanners, vulnerability scanners, 3rd party risk identification, application and infrastructure penetration testing. Candidates must have expertise using open source tools, gathering and interpreting information, performing Internet-based research, identifying mitigation strategies, and effectively communicating the results and risk mitigation plans to non-technology business groups.

Such a person should be able to or possess (in priority):

Curiosity about how technology works and be courageous enough to take it apart

Team player, capability to collaborate with diverse people from a variety of areas- both technical and business - and build consensus solutions

Ability to self-manage and prioritize complex and occasionally competing tasks

Experience assessing technologies from a risks perspective and documenting remediation options with recommendations

Knowledge of Android, iOS, W10, and Windows Server, and O365/Azure operating environments

Experience with packet level analysis and forensics low-layer IP networking and have a thorough understanding of network security

Experience with administering both Linux systems and Windows Servers

Proficient with a programming language such as Swift, Java, Powershell, Python, PHP, C or similar

Proficient working knowledge within the following risk domains/technologies: Database and application security, IDS/IPS technologies, System/Access Administration, Firewall technologies, Network Architecture, Security Event Logging & Monitoring , Database/Application/Network Layer Protocols, Secure Software/Code Development, Vulnerability Management.

This role has 4 major deliverables:

  • Regulation Awareness & Familiarity - To be successful one needs to understand HIPPA and how the government expects us to safeguard electronic healthcare information. The same situation applies to credit card information via the Payment Card Industry Data Security Standard (PCI DSS).
  • Governance To be successful one will have to be able to work with Internal and External auditors. This includes the written policies, as well as the gathering of technical evidence that prove we are following the applicable Laws and Regulations.
  • Risk Assessments To be successful one will have to be able to perform comprehensive risk analysis and author assessments. This includes penetration testing on on-premise assets, and working with Cloud and Software as a Service Providers to test their safeguards.
  • Threat Awareness To be successful one will have to stay up-to-date on OS, application vulnerabilities, and other risks so that the Risk Assessments are timely and accurate.

In return for your expertise, you ll enjoy excellent training, industry-leading benefits and unlimited opportunities to learn and grow. Be a part of the team leading the nation in healthcare.

000 - Corporate Office

Basic Qualifications

Experience hacking systems either formally or informally.

Two to four years of Information Security experience in 3 of the 5 following areas:

Access Control,

Application Development Security,

Information Security Governance and Risk Management

Legal regulations, investigations, and compliance, and

Telecommunications and Network Security

Preferred Qualifications

Prior work in Healthcare

Experience with PCI, SOX, HIPAA, and NIST regulatory standards

Certification: ISACA or ISC , GPEN, GCWN, GCED or ECSA a plus

Proficient in recognized IT control frameworks and standards (e.g., COBIT, ITIL, and ISO 27000).

Job Specific Details:Remote is not an option.
Associated topics: attack, forensic, information assurance, leak, protect, security, security analyst, security officer, threat, violation

More Jobs Like This