Primary Duties and Responsibilities

The Cyber Security Analyst III establishes and maintains the corporate-wide Cyber Security program to ensure information assets are adequately protected. Responsible for ensuring the confidentiality, integrity, and availability of Hoag enterprise-wide security devices. Working with management, the Analyst III will direct system security assessments to identify vulnerabilities, remediation strategies, and implement effective safeguards. Conducts incident response activities from detection, analysis, remediation, and mitigation, to lessons-learned documentation. Adheres to and maintains Hoag Cyber Security policies, procedures, guidance. Works with multiple stakeholders (internal and/or external) to ensure deliverables are accurate, complete/on time.

Partners with the Incident Response Lead for Cyber Security Incident Response activities. Analyzes security events and incidents, ensuring optimal use of existing tool sets. Identifies any technical gaps and drives plans for improvement.

Proactively assesses security controls (technical, operational, procedural) for alignment with regulatory requirements (e.g., NIST CSF, HIPAA, HITRUST, PCI).

Develops and documents remediation guidance, develops and implements corrective action plans based on assessment findings and identified vulnerabilities. Ensures necessary feeds are being ingested into Splunk, and properly formatted for reviews. Leads the team in analyzing security log data, leveraging tools and technologies including but not limited to:

- Security Information and Event Management (SIEM) tools

- Access Control

- Network Security

- Intrusion Detection / Prevention Systems

- Identity Governance and Administration

- Malware Protection

- Email Security

- Data Loss Prevention

- Cloud Security solutions

Implements upskilling plans to improve team effectiveness. Leads training and Cyber exercises.

Identity Governance and Access Management (IGAM):

With the IGAM Lead, implements and enforces Multi Factor Authentication (MFA) requirements, access controls, and User Lifecycle Management (ULM). Provides Recommends to continuous improvements to IGAM processes to prevent end-user issues. Position entails work in a 24/7 department which may require work outside of normal business hours. Performs other duties as assigned.

Education and Experience

Required:

Bachelor's degree in a relevant technical area such as Cyber Security, Computer Science, Computer Information Systems, Engineering, or related technical field, or equivalent work experience.

A minimum of seven to ten (7-10) years of relevant business/industry experience. Hands-on experience with cyber security tools, process, methodologies and frameworks.

Expertise working incident response and cyber operations.

Technical leadership skills, ability to set priorities and meet obligations in a timely manner.

Preferred:

Master's degree in Computer Science, Computer Information Systems, Cyber Security, Cyber Forensics, Engineering, or related technical field.

Five plus (5+) translating business requirements and priorities into cyber security policies and procedures.

Five plus (5+) of experience in vulnerability assessment and/or penetration testing, digital forensics, or Incident Response.

Experience in a hospital or healthcare related organization.

Licenses Required

N/A

Licenses Preferred

N/A

Certifications Required

At least one of the following: GIAC Certified Incident Handler (GCIH),GIAC Advanced Security Essentials - Enterprise Defender (GCED), Certified Information Systems Security Professional (CISSP), or equivalent

Nearest Major Market: Orange County
Nearest Secondary Market: Los Angeles

About the Job
Reverse engineer malware samples in order to characterize their attributes for identification, correlate indicator information to identify larger attack architectures and topologies, and create proof of concept software to assist in real-time analysis and tracking of targeted malware families.

• Conduct vulnerability analysis of complex and diverse software systems and network architectures.

• Identify anti-analysis techniques, including encryption, obfuscation, virtual machine detection, and conditional coding for the purpose of identifying tactics, techniques, and procedures used by malware authors.

• Provide subject matter expertise on cyber threats, attacks, and incidents of interests to PhishLabs and our customers as well as knowledge of typical attack vectors, network exploitation techniques, and exfiltration channels.

• Monitor underground marketplace activity for any new threats being distributed or discussed by cyber actors.



Reverse Engineer Required Skills



• Advanced understanding of Windows and Linux based operating systems as well as the iOS and Android Platforms.

• A Bachelor’s or Master’s degree in Computer Science, Information Systems, or other computer related field.

• Demonstrable experience working with open-source and commercial analysis tools for the purposes of malware reverse engineering including, but not limited to, decompilers, disassemblers, debuggers, systems internals utilities, and network traffic analysis tools.

• Experience with enterprise level sandbox tools and familiarity of edge and endpoint protection systems.

• Experience programming in a scripting language, such as Python, as well as working knowledge of x86, x64, and ARM assembly instructions, C, C++, Java, JavaScript, PHP and HTML.

• Proven ability to analyze and reverse engineer packed or obfuscated code, develop code to monitor botnets, and reverse engineer custom protocols.

• Advanced understanding of operating system internals and Windows API.

• Experience with both SQL and NoSQL data storage solutions as well as ElasticSearch search and analytics engine to include data implementation and design.

• Experience with security data characterization standards such as STIX, MAEC, TAXII, CybOx.

• Experience with networking, network protocols, and security infrastructures.

• Experience with financially-incentived malware such as banking trojans is preferred.

• Experience with creation and maintenance of rules to detect malicious activity or code (yara, snort, suricate, etc.)


Skills

STIX, MAEC, TAXII, CybOx.

Compensation

1 usd/ month