Sr. IT Security Analyst - (1.0 FTE, Days)
1.0 FTE, 8 Hour Day Shifts
Lucile Packard Children's Hospital Stanford is the heart and soul of Stanford Children’s Health. Nationally ranked and internationally recognized, our 311-bed hospital is devoted entirely to pediatrics and obstetrics. Our six centers of excellence provide comprehensive services and deep expertise in key obstetric and pediatric areas: brain & behavior, cancer, heart, pregnancy & newborn, pulmonary and transplant. We also provide an additional, wide range of services for babies, kids and pregnant moms.
This paragraph summarizes the general nature, level and purpose of the job.
Reporting to the Chief Information Security Officer, the Senior IT Security Analyst is responsible for development and oversight of the information security vulnerability management and compliance programs. This includes but is not limited to working with the Information Services (IS) team, as well as the Application, Web Development and Data Management teams to provide oversight of Dell security operations (account management, password management, etc.), perform vulnerability assessments, develop vulnerability reports, and manage all aspects of the pen testing and application security programs
The essential functions listed are typical examples of work performed by positions in this job classification. They are not designed to contain or be interpreted as a comprehensive inventory of all duties, tasks, and responsibilities. Employees may also perform other duties as assigned.
Employees must abide by all Joint Commission Requirements including but not limited to sensitivity to cultural diversity, patient care, patient rights and ethical treatment, safety and security of physical environments, emergency management, teamwork, respect for others, participation in ongoing education and training, communication and adherence to safety and quality programs, sustaining compliance with National Patient Safety Goals, and licensure and health screenings.
Must perform all duties and responsibilities in accordance with the Service Standards of the Hospital(s).
- Implements and maintains a compliance and vulnerability management program designed to assure protection of Stanford Children's assets
- Conducts regular scans of Stanford Children's computing platforms to detect the presence of unauthorized software
- Performs periodic audits of outsourced security operations (rogue device scans, account management, etc.) to validate compliance with security guidelines and requirements and report audit results to leadership and IT.
- Coordinates annual black and grey hat penetration tests and oversee remediation of detected vulnerabilities.
- Conducts recurring internal penetration tests and document results.
- Integrates into SDLC process and perform regular vulnerability scanning to detect vulnerable code and/or solution design prior to deployment to production
- Develops and Publish monthly reports demonstrating regular vulnerability scanning and vulnerability remediation.
- Performs ad-hoc vulnerability scan requests as directed in response to security breaches and/or pending attacks
- Assesses threats to the environment and provides input into security architectures and designs.
- Develops, researches and maintains proficiency in tools, techniques, countermeasures and trends in computer and network vulnerabilities.
- Performs other duties as assigned.
Any combination of education and experience that would likely provide the required knowledge, skills and abilities as well as possession of any required licenses or certifications is qualifying.
Education: Bachelor's degree in a work-related discipline/field from an accredited college or university
Experience: Eight (8) years of progressively responsible and directly related work experience
Knowledge, Skills, and Abilities
These are the observable and measurable attributes and skills required to perform successfully the essential functions of the job and are generally demonstrated through qualifying experience, education, or licensure/certification.
- Thorough understanding of network defense technologies, TCP/IP networking, Active Directory, DHCP, DNS, network security monitoring tools, secure engineering principles and technical security testing
- Experience with a scripting language (Perl, Python, or other) in a vulnerability or penetration testing environment
- Extensive Windows, Mac, Linux and UNIX experience including deep knowledge of associated vulnerabilities, hardening techniques and strategies
- Ability to deliver succinct and fact-based communications, both verbally and in writing
- Strong leadership skills with demonstrated ability to prioritize and execute in a methodical and disciplined manner.
- Ability to use independent judgment to make sound, justifiable decisions and take action to solve problems.
- Customer-focused mindset, with demonstrated skill in managing expectations, providing proactive status updates, and producing high-quality work product
- Knowledge of information security standards (e.g., ISO 17799/27002, etc.), rules and regulations related to information security and data confidentiality (e.g. HIPPA, PCI, DSS, etc.), and desktop, server, application, database, and network security principles for risk identification and analysis very helpful. Strong analytical and problem solving skills are required. Excellent communication (oral, written, presentation), interpersonal and consultative skills will be needed in order to succeed.
- Ability to plan, organize, prioritize, work independently and meet deadlines.
- Ability to work in a collaborative, team environment.
- Knowledge of local, state and federal regulatory requirements related to areas of functional responsibility.
Physical Requirements and Working Conditions
The Physical Requirements and Working Conditions in which the job is typically performed are available from the Occupational Health Department. Reasonable accommodations will be made to enable individuals with disabilities to perform the essential functions of the job.
Equal Opportunity Employer