IS Security Opns Analyst

York, PA | Information Systems and Technical Support | Tracking Code: 58228

Position Summary:


General Summary:


Under the general supervision of the IS Security Manager, provides intermediate to advanced level technical knowledge and expertise in security anomaly management. Shares responsibility for all security operations, analysis, vendor provided analysis and security application packages. Assists in managing and overseeing security monitoring, analysis, event management, tech support, and incident response. Evaluates events to determine escalation requirements, tracking and documentation functions. Evaluates and analyzes security infrastructure output (logs, reports, etc.). Determines and discriminates between normal activity and malicious activity. Analyzes traffic and output from controls and other security integration mechanisms. Works closely with information security policy makers to identify non-compliance with System information security policies and directives and to support information security strategy. Works collaboratively with the implementation organizations during the implementation of security solutions to mitigate threats and to take action in a tactical situation to increase defenses [outside of role I think]. Is a key participant/operator in incident response activities to include incident reporting, enterprise coordination, incident resolution management, isolation activities, containment, eradication and recovery activities, and provides forensic analysis for incidents. Coordinates with peers in organizations outside of the System to form relationships to share incident activity and enhance strategic and tactical protection posture.


Duties and Responsibilities:


1 Regularly reviews security events; assesses events for validity, and escalates incidents to Incident Response manager.
2 Manages the collection of security device logs and system event logs and correlates data into meaningful information.
3 Identifies potential security gaps and articulates enterprise risk.
4 Produces regular metrics and reports (i.e. web usage, VPN usage, vulnerabilities).
5 Responsible for internal vulnerability scanning.
6 Analyzes malware, phishing emails, and writes protection signatures.
7 Possesses understanding of common application-level protocols (i.e. SMTP, SSH, HTTPS, FTP) and network fundamentals (routing, switching).
8 Administers Linux and Windows.
9 Scripting (i.e. Bash, VbScript, Perl, PHP, etc)
10 Administers MySQL.
11 Acts as a major participant in event management and escalation activities and assists team manager.
12 Provides technical support.
13 Tracks all events and incidents to conclusion and develops documentation.
14 Identifies malicious, illegal or any other activity that does not fit within the System IT Policy guidelines and reports to manager.
15 Ensures that security infrastructure output (logs, etc) are analyzed and evaluated to identify security incidents to include isolation, containment, eradication, recovery, resolution and forensic analysis.
16 Participates in tactical efforts to stem attacks and malicious activities.

Required Skills





Note: Other combinations of formal education, training and experience may be considered.


Minimum Education Bachelor's Degree Preferred


Minimum Experience 3 years or more Technology experience with 2+ years of enterprise information system security experience.


Preferred Experience Prior experience in banking, government or health care security procedures, matrix management and cross-project or cross-functional integration. Experience with MDM a definite plus. Experience with mobile and open source application reviews.


Pref Cert/Registration CISSP and/or other certifications preferred not required


Skills: Other Excellent interpersonal and written communication skills.

Quality of Life

WellSpan Health is an integrated health system that serves the communities of central Pennsylvania and northern Maryland. The organization is comprised of a multispecialty medical group of more than 1,500 physicians and advanced practice clinicians, a regional behavioral health organization, a home care organization, eight respected hospitals, more than 19,000 employees, and 170 patient care locations. WellSpan is a charitable, mission-driven organization, committed to exceptional care for all, lifelong wellness and healthy communities. We are committed to transforming the health of the communities we serve and to educating the next generation of clinicians, staff and leaders.

Quality of Life
Quality of Life

Founded in 1741, the city of York is considered by many as the first capital of the United States. The Articles of Confederation were signed by the Second Continental Congress here in 1777. Its beautifully restored historic district is an architectural treasure. While York retains its farming and manufacturing heritage, at its heart York is a thriving cultural community that has attracted creative talent and innovative entrepreneurial investors from across the nation.

Life in York County offers affordable housing, options for higher education, a thriving arts and cultural community, historical attractions, parks and recreational resources, semi-professional baseball team, fine dining and more — within an easy drive of major East Coast cities.

York County residents can find local employment in healthcare, manufacturing, technology, agricultural and service sectors. (Patient population: 445,000)

Diversity & Inclusion at WellSpan

Know, Respect, Include

WellSpan Health believes that diversity includes all the human characteristics that make each of us similar as well as different. We strive to make every person feel welcomed, respected, and valued while creating a safe and inclusive environment where we all have the individual freedom to express our uniqueness in a respectful manner.

WellSpan Health is an equal opportunity employer. Employment selection and related decisions are made without regard to sex, race, age, disability, religion, national origin, color or any other protected class. WellSpan Health does, however, have a tobacco-free/nicotine-free hiring policy.

Similar Opportunities