Senior Specialist, Information Security Analyst
New York, NY
Operations – InfoSec Operations
Planned Parenthood Federation of America (PPFA) is the nation’s leading women’s health care provider, educator, and advocate, serving women, men, teens and families. For over 100 years, PPFA has done more than any other organization in the United States to improve women’s health and safety, prevent unintended pregnancies, and advance the right and ability of individuals and families to make informed and responsible health care decisions.
Parenthood Federation of America (PPFA) seeks a dynamic and effective Senior Specialist, Information Security Analyst. This job reports to the Sr Dir Security Operations in the Information Security - Operations department of PPFA. The Office of Information Security provides the strategy and implementation of the information security program that safeguards the systems, applications and data entrusted to Planned Parenthood by its patients, supporters, donors and staff.
This position provides advanced security monitoring, event investigation and analysis, and countermeasure proposals on a 24x7 basis along with providing support and guidance to Tier I Analysts and is responsible to directly interface with the Managed Security Service Provider (MSSP) and IT Managed Service Provider (MSP). Additionally, the position is tasked with the identification, implementation, and maintenance of Information Security tool sets protecting the organization, and in supporting the Information Security needs of Planned Parenthood Affiliates as assigned and required.
This role requires both periods of very focused technical analysis with little interaction with business, IT and / or Affiliate staff and periods of direct, continued interaction with business, IT and / or Affiliate staff. The individual must be able to function with independent decision making capabilities, especially in identifying analysis tracks for escalated events, analysis assignments, and escalation decisions ranging from a base Tier I event to Incident Response level remediations. The individual must be able to function with little direction in successfully fulfilling their role, while knowing the importance of and when to escalate situations. This role also requires strong communication skills to provide support directly to all levels of management and staff. This individual must be comfortable interacting with both executive and general staff, and communicating with both technical and non-technical audiences.
DUTIES AND RESPONSIBILITIES
- Provide security monitoring, threat/risk analysis in a 24/7 environment
- Monitoring - Observe, audit, and protect all devices, including servers, laptops, desktops, mobile devices, and removable media that connects to the Planned Parenthood network or is utilized by Planned Parenthood staff and Affiliates as assigned. Ensure all tickets are handled whether internally or through the MSSP Revised VSOC and that there is proper communication between the parties.
- Threat Intelligence – Monitor Information Security tools, vendor alerts, websites and periodicals for threat alerts, identify potential impact, escalate as necessary to management, and take action as appropriate.
- Event Detection - Monitor and ensure established, documented processes for event detection are followed, and provide overall guidance to Tier I analysts, ensuring all alerts and incidents are addressed timely and handled thoroughly through to completion, including:
- Receipt of Security Alerts (and Operational Health Alerts from Security Devices) from security tools for monitored devices and associated technology
- Acknowledge receipt of the event by following stated processes by opening new service desk tickets, or update existing tickets, in order to track event handling through its lifecycle to resolution and closure, as well as assignment of the event ticket to the appropriate owner.
- Event Filtering – Monitor & ensure established processes for identification of events are followed and where required make recommendations for new or refined event filtering to better match the business requirements and eliminate “noise” in alerting, ensuring all updates are completed
- Event Investigation & Assignment – Monitor & ensure established processes are followed for collecting relevant data and performing the necessary levels of analysis on that data occur. Ensure events are assigned appropriately.
- Tier II Event Escalations - Follow an established process for handling Tier II escalations, identifying the source of the escalation (MSSP, MSP, Affiliate or other) and the appropriate triage and documentation processes required.
- Event Analysis: Identify source of escalation, validate event is at a Tier II level, if verified begin triage documentation
- Collect and analyze event information, plan next level of triage, escalate as necessary and appropriate
- Review and analyze raw logs, internal security tool and external data, continue analysis while providing additional insight into escalations as relevant / critical data is identified
- Review raw log data from various security platforms and provide analysis and trending intel.
- Report on recurring problems and issues discovered during the course of your duties developing trending scenarios for incidents at national office and Affiliates
- Determine if event meets IR requirements & escalate, if appropriate, to management and the MSSP
- Initiate & participate in IR process as assigned ○ Ensure all activities and findings are documented as per IR requirements
- Ensure all data and assets are maintained and preserved for IR use, along with documenting chain of custody.
- Event closure - Follow established process to ensure that resolution criteria are met before closing tickets.
- Resolve assigned events / tickets within the approved timeframe and updating tickets with notes upon resolution
- Ensure all parties are communicated with when completing final documentation and closing tickets. Deal with any remaining open issues raised and close event / ticket.
- Manual Health Checks - Follow established and approved processes for performing scheduled health checks on applicable security tools.
- Enterprise Security Management & Trends
- Participate in the identification, implementation and maintenance of Information Security tools, trends and best practices
- Define, recommend & assist in implementing enterprise security protocols, including but not limited to encryption standards, DLP, workstation lockdown standards, dual factor authentication, PAM, Email, Network and IAM protocols
- Trend, manage and tune security monitoring and alerting solutions
- Provide alerts trend analysis and Metrics recommendations ○ Generate “Use Cases” for implementation in SIEM & other security tools
- Assist in creating and maintaining Standard Operating Procedures (SOPs) for the Information Security Ops group
- Provide assistance as assigned on more complex security tool specific tasks with the assistance and guidance of management, vendor & MSSP resources
- Provide recommendations on security process improvements
- Assist in creating and automating custom reports from security technologies
- Assist in the generation, oversight & completion of Change Requests and documentation update
- Participate in Vulnerability Management / Penetration testing including execution, remediation and documentation
- Process Documentation - Participate in the preparation, proofing / validation and updates of departmental process and procedure documentation and training materials.
- Non-Security Event Responsibilities – Activities of the position that fall outside Effective Date: (Insert month and year) the direct oversight of security events and investigations.
- Provide support to PPFA and Affiliate IT staff on Information Security matters
- Provide mentorship and guidance to Tier-I analysts regarding escalations, processes, and resolutions
- Engage in knowledge sharing with other analysts o Provide business staff support through security education and mentorship
- Communicate effectively, orally and in writing and establish a cooperative working relationship with persons contacted while performing assigned duties.
- Remain current on Information Security trends and products
REQUIREMENTS / TECHNICAL EXPERTISE
- UNIX, AIX & Solaris, Linux, Windows Server Operating Systems
- Network/System Intrusion Detection or Prevention Systems (IDS/IPS)
- Security Information and Event Management (SIEM)
- Vulnerability scanner/Penetration testing systems
- Wireless Networking
- Switches/Routers, Firewalls (basic configuration)
- TCP/IP networking, VPN, VLAN, NAT and security concepts
- Software & Hardware Asset Management
- Security threat and attack countermeasures
- Ability to conduct in-depth forensic analytical studies and investigations
PERSONAL QUALITIES /OTHER ATTRIBUTES
- Analytical Problem Solving skills
- Efficient communication skills (listening, written and oral)
- Ability to communicate with both technical and non-technical audiences
- Strong troubleshooting, reasoning and problem solving skills
- Team player with ability to work autonomously
Planned Parenthood Federation of America is an equal employment opportunity employer and is committed to maintaining a non-discriminatory work environment, and does not discriminate against any employee or applicant for employment on the basis of race, color, religion, sex, national origin, age, disability, veteran status, marital status, sexual orientation, gender identity, or any other characteristic protected by applicable law. Planned Parenthood is committed to creating a dynamic work environment that values diversity and inclusion, respect and integrity, customer focus, and innovation.
Planned Parenthood Federation of America participates in the E-Verify program.