Job Description | A Security Analyst plays a crucial role in the Indiana Department of Health's (IDOH) information security strategy by protecting the IDOH's data, systems, and networks from various cyber threats and vulnerabilities. - The Security Analyst is responsible for monitoring and analyzing an IDOH's security infrastructure, identifying vulnerabilities, and implementing measures to safeguard the IDOH's data and assets.
- They work to ensure the confidentiality, integrity, and availability of information systems and data while staying updated on emerging cyber threats and industry best practices.
- They participate in day-to-day security operations as needed.
Key Responsibilities: Security Monitoring and Incident Response: - Continuously monitor security alerts and incidents to identify potential threats.
- Investigate security incidents and breaches, determine their impact, and initiate appropriate responses.
Vulnerability Assessment: - Perform regular vulnerability assessments and penetration testing to identify weaknesses in the IDOH's systems and applications.
- Collaborate with other teams to prioritize and remediate identified vulnerabilities.
Security Policy and Compliance: - Assist in developing and enforcing security policies, standards, and procedures.
- Ensure compliance with industry regulations and standards (e.g., GDPR, HIPAA, PCI DSS).
Security Tools and Technologies: - Manage and maintain security tools such as firewalls, intrusion detection/prevention systems, antivirus software, and SIEM (Security Information and Event Management) solutions.
- Evaluate and recommend new security technologies and solutions.
Security Awareness and Training: - Conduct security awareness training for employees to promote a culture of security within the organization.
- Provide guidance and recommendations for secure practices.
Incident Documentation and Reporting: - Document security incidents, investigations, and remediation efforts.
- Prepare reports and communicate findings to management and relevant stakeholders.
Threat Intelligence and Research: - Stay current with the latest cyber threats and vulnerabilities.
- Analyze threat intelligence data to proactively identify potential risks.
Security Audits and Assessments: - Participate in security audits and assessments, both internal and external.
- Collaborate with auditors to provide evidence of security controls and practices.
Security Policies and Procedures: - Contribute to the development and maintenance of security policies, procedures, and guidelines.
|