Senior Information Security Analyst - Cybersecurity Operations (SOC)

One of the nation’s largest and most respected providers of hospital and healthcare services, Universal Health Services, Inc. (UHS) has built an impressive record of achievement and performance. During the year, UHS was again recognized as one of the World’s Most Admired Companies by Fortune; and listed in Forbes ranking of America’s Largest Public Companies. Operating acute care hospitals, behavioral health facilities, outpatient facilities and ambulatory care access points, an insurance offering, a physician network and various related services located all over the U.S. States, Washington, D.C., Puerto Rico and the United Kingdom. www.uhs.com

The Corporate Information Services Department is seeking a dynamic and talented Sr. Information Security Analyst – Cybersecurity Operations (SOC).

As a member of the Security Operations (SOC) team, the Senior Information Security Analyst will play a critical role in safeguarding UHS and affiliates information systems. Responsible for analysis, escalation and initial response actions of security events and alerts to incidents. Improves operational efficiency by building and evaluating workflow processes, procedures, checklists, automation, and tooling. Well-versed in developing detection and hunting strategies for a wide range of cyber threats, particularly in the Healthcare Services sector or similar large/complex environments. Identifies opportunities and recommends solutions to improve UHS incident response maturity, capabilities and overall security posture. Oversees the technical aspects of tasks assigned to less experienced staff or contractors on projects, systems or applications assigned. Adheres to UHS standards of service excellence, professionalism, and integrity while performing duties.

Key Responsibilities include:

• Identifies, plans, implements and maintains selected information security technologies within guidelines of policies, accepted best practices, and in keeping with good project management principles.
• Technical consultant for the IT department to plan, implement and support new and existing security technologies.
• Periodically reviews deployed security technologies to insure that the solutions continue to provide the intended protections efficiently and effectively.
• Periodically reviews deployed security technologies to ensure that the solutions continue to provide the intended protections efficiently and effectively.
• Coordinates the implementation and execution of long-term projects and SOC wide goals.
• Identifies gaps in protection and recommends solutions to remediate or mitigate the risks associated with the protection gaps.
• Leads advanced threat hunting and intelligence operations in order to detect malicious internal and external threats to the organization.
• Works with staff at all levels in the organization, vendors and contractors to insure protections are effective, efficient and non-disruptive to the appropriate duties, rights and mission of the individuals and the organization(s).
• Conducts computer forensic analysis, data recovery, eDiscovery, and other IT investigative work.
• Acts as the subject matter expert (SME) for at least one technology or process, and guides the efforts of 1-3 less experienced staff who assist with the assigned technology or process.
• Authors and updates security documentation to include, but not limited to, standards, policy, system security plans, SOAR playbooks/runbooks, standard operating procedures, and configuration management plans.
• Monitors the resolution of maintenance or enhancement issues assigned by the UHS Customer Support Center.

Position Requirements:

• Bachelor’s degree in Information Systems Security and Risk Management, Computer Science, or related field required. 10 years of increasing technical IT experience along with professional certifications may be substituted in lieu of Bachelor’s degree.
• 5 years in a Cyber Security Operations Center (CSOC), specializing in Cyber Detection, Threat Hunting, and/or SOAR development.
• Possess a breadth of knowledge and experience across the information security domain, with familiarity in a combination of endpoint, email, network, identity management, cloud security; vulnerability management; incident response; and threat intelligence.
• Foundational knowledge of malware analysis, reverse engineering concepts, C2 exploitation, and broader system/network forensics, required.
• Proficient with security tools such as endpoint detection (EDR/XDR), SIEM, SOAR, Firewalls, IAM, IDS/IPS, network anomaly detection, and other industry standard security technologies for event investigation.
• Advanced understanding of security relevant log ingestion required to achieve security use cases.
• Ability to work both independently and as part of a team to conduct forensic analysis to assist with investigations and the drafting of complex reports for the Computer Incident Response Team (CIRT).
• Understanding of security models/frameworks such as MITRE ATT&CK, cyber kill chain, and NIST CSF.
• Experience of developing scripts (Python, Powershell, etc.) quickly in reaction to incidents.
• Currently holds one or more specialized Security Certifications, required.
• Strong problem-solving abilities with an analytic and qualitative eye for reasoning.
• Excellent communication, interpersonal and project management skills.

Travel Requirements: 10 % US travel to field locations may be necessary to complete assigned projects.

This opportunity provides the following:

• Challenging and rewarding work environment
• Growth and development opportunities within UHS and its subsidiaries
• Competitive Compensation
• Excellent Medical, Dental, Vision and Prescription Drug Plan
• 401k plan with company match
• Generous Paid Time Off

*UHS is a registered trademark of UHS of Delaware, Inc., the management company for Universal Health Services, Inc. and a wholly-owned subsidiary of Universal Health Services, Inc. Universal Health Services, Inc. is a holding company and operates through its subsidiaries including its management company, UHS of Delaware, Inc. All healthcare and management operations are conducted by subsidiaries of Universal Health Services, Inc. To the extent any reference to "UHS or UHS facilities" on this website including any statements, articles or other publications contained herein relates to our healthcare or management operations it is referring to Universal Health Services' subsidiaries including UHS of Delaware. Further, the terms "we," "us," "our" or "the company" in such context similarly refer to the operations of Universal Health Services' subsidiaries including UHS of Delaware. Any employment referenced in this website is not with Universal Health Services, Inc. but solely with one of its subsidiaries including but not limited to UHS of Delaware, Inc.

UHS is not accepting unsolicited assistance from search firms for this employment opportunity. Please, no phone calls or emails. All resumes submitted by search firms to any employee at UHS via-email, the Internet or in any form and/or method without a valid written search agreement in place for this position will be deemed the sole property of UHS. No fee will be paid in the event the candidate is hired by UHS as a result of the referral or through other means.

EEO Statement
All UHS subsidiaries are committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and teammates. UHS subsidiaries are equal opportunity employers and as such, openly support and fully commit to recruitment, selection, placement, promotion and compensation of individuals without regard to race, color, religion, age, sex (including pregnancy, gender identity, and sexual orientation), genetic information, national origin, disability status, protected veteran status or any other characteristic protected by federal, state or local laws.
We believe that diversity and inclusion among our teammates is critical to our success.
Notice
At UHS and all our subsidiaries, our Human Resources departments and recruiters are here to help prospective candidates by matching skillset and experience with the best possible career path at UHS and our subsidiaries. We take pride in creating a highly efficient and best in class candidate experience. During the recruitment process, no recruiter or employee will request financial or personal information (Social Security Number, credit card or bank information, etc.) from you via email. The recruiters will not email you from a public webmail client like Hotmail, Gmail, Yahoo Mail, etc. If you are suspicious of a job posting or job-related email mentioning UHS or its subsidiaries, let us know by contacting us at: https://uhs.alertline.com or 1-800-852-3449.