Cyber Security Analyst (SOC Lead)

Domain - Healthcare industry.

Job Description
1. Security Operations Architecture:
7 years experience as a Lead in a Security Operations Center, provide proactive and reactive defense against evolving cyber threats. This is an
exciting opportunity to help shape the future of our security operations as part of a dynamic cybersecurity team.
Design and Implement Security Architecture: Develop and implement scalable and integrated security infrastructures, including SIEM, threat
detection systems, and incident response mechanisms.
Optimize SOC Processes: Collaborate with teams to enhance incident detection, investigation, and response workflows, including automation and
orchestration for efficiency.
Tool Evaluation and Integration: Evaluate, recommend, and integrate new security technologies and tools that align with the organization's
security needs.
Strong knowledge of SOAR, network security, and cloud security solutions.
2. Incident Response:
10 years IR experience, respond to and triage security incidents, leveraging various tools, and other monitoring tools to identify, contain, and
eradicate threats in healthcare and biomedical systems.
Escalate critical incidents to senior team members or management for further analysis and response, especially those involving biomedical
equipment or patient data breaches.
Document and follow through on incident handling processes, including containment, eradication, and recovery, ensuring compliance with HIPAA
and PCI-DSS regulations during the entire process.
Conduct post-incident analysis to identify root causes, implement corrective measures, and improve the organization s incident response
capabilities, particularly in relation to biomedical and patient care systems.

3. SIEM Monitoring and Detection:
7 years SIEM experience, continuously monitor security alerts from various security tools, including SIEM experience to identify potential security
incidents affecting sensitive healthcare data, biomedical systems, and connected medical devices.
Monitor for incoming threats, phishing attempts, or suspicious emails, ensuring timely identification and response, particularly around threats
targeting biomedical systems or patient data.
Analyze network traffic, logs, and endpoints for signs of compromise or malicious activity using and other tools, ensuring that biomedical systems,
medical records, and connected devices remain secure.
Investigate alerts to determine the severity and impact of potential threats (e.g., ransomware, malware, insider threats) that may compromise
healthcare, biomedical systems, or violate HIPAA or PCI-DSS compliance requirements.
4. Application Security & Vulnerability Management:
10 years AppSec experience, Application Security Design, and Integration: Collaborate with development teams to design and implement security
measures throughout the software development lifecycle (SDLC) to ensure secure application architectures.
10 years Vulnerability Management experience, Vulnerability Identification and Assessment: Lead efforts to identify, assess, and prioritize
vulnerabilities in applications, using tools like static and dynamic analysis, penetration testing, and vulnerability scanners.
Remediation and Risk Mitigation: Work with development and operations teams to remediate identified vulnerabilities and mitigate risks through
patching, secure coding practices, and implementing security controls.
Threat Vulnerability Management: Proactively identify, track, and manage emerging threats and vulnerabilities, ensuring IT is performing timely
patching and response to critical vulnerabilities to reduce risk.
Continuous Improvement and Monitoring: Establish ongoing monitoring, vulnerability scanning, and security assessments to maintain a secure
environment and proactively address emerging threats. Provide metrics to leadership.
5. Reporting and Documentation:
Maintain detailed and accurate records of security incidents, including actions taken, timeline of events, and outcomes, ensuring documentation
aligns with HIPAA, PCI-DSS, and biomedical security standards.
Generate regular security reports and metrics to help management understand security posture, trends, and compliance with healthcare-specific
regulatory standards.
Provide insights and recommendations to improve security policies, procedures, and controls based on analysis of incidents and vulnerabilities,
with a particular focus on safeguarding patient data, biomedical systems, and medical records.

6. Collaboration and Communication:
Collaborate with IT, network operations, biomedical engineering teams, compliance, legal, and healthcare staff to ensure a coordinated response to
security incidents, particularly those affecting biomedical equipment or patient data.
Communicate effectively with both technical and non-technical stakeholders regarding security events, incidents, and healthcare-specific risks,
ensuring the protection of sensitive medical information and biomedical systems.
Assist in security awareness training for employees, with an emphasis on safeguarding patient data, understanding HIPAA and PCI-DSS
compliance, and recognizing social engineering tactics targeting healthcare systems and biomedical devices.
Contribute to risk assessments and vulnerability management programs using various tools like, to identify and address security weaknesses
within healthcare and biomedical systems.

Help prepare the organization for audits by ensuring systems and processes meet compliance standards, including regular security assessments
and proactive monitoring of HIPAA, PCI-DSS, and biomedical device security requirements.

Key Skills and Qualifications:
1. Technical Skills:
Strong understanding of network protocols, firewall configurations, IDS/IPS, and VPN technologies, cloud security.
Experience with SIEM tools, for security event management and log analysis, and EDR. for endpoint protection and security management in a
healthcare and biomedical context.
Knowledge and experience with various Vulnerability Management tools for identifying and managing vulnerabilities across healthcare networks,
biomedical devices, and medical record systems.
Expertise in managing security risks associated with MiOT devices, connected medical devices, and biomedical technologies within healthcare
environments.
Experience with email security tools for protecting against email-borne threats such as phishing and malware, which could impact patient data or
biomedical systems.
Experience with ticketing systems for incident and ticket management, helping streamline the security incident response process.
In-depth knowledge of HIPAA, PCI-DSS, and other healthcare-specific regulations, ensuring compliance in protecting sensitive data and biomedical
systems.
Penetration testing (pentesting) experience, including the ability to conduct security assessments and simulate real-world cyberattacks to identify
weaknesses in biomedical systems and healthcare infrastructure.

2. Cybersecurity Knowledge:
In-depth understanding of cybersecurity concepts, including attack vectors, malware types, vulnerabilities, and exploits, with a focus on
healthcare and biomedical security.
Familiarity with HIPAA, PCI-DSS, and other healthcare-specific regulatory frameworks for protecting sensitive data and biomedical equipment.
Experience with threat intelligence sources, indicators of compromise (IOCs), and vulnerability management, specifically within healthcare and
biomedical environments.
Strong understanding and practical experience with NIST Cybersecurity Framework (CSF) and CIS Controls, utilizing these frameworks to assess,
manage, and improve the organization's security posture in protecting sensitive healthcare data, biomedical devices, and patient records.
Ability to implement and monitor CIS Critical Security Controls to address high-priority cybersecurity risks and enhance overall system resilience,
ensuring compliance with regulatory standards like HIPAA and PCI-DSS.
3. Certifications (Preferred):
CompTIA Security
Certified Information Systems Security Professional (CISSP)
Certified SOC Analyst (CSA)
GIAC Security Essentials (GSEC)
Certified Incident Handler (GCIH)
Offensive Security Certified Professional (OSCP) or equivalent penetration testing certification.