Duke Health Technology Solutions is a robust, specialized division of Duke University Health System dedicated to the development and management of enterprise IT systems. A 2018 ‘Most Wired’ health system, Duke is nationally recognized for IT and information management as the first healthcare system to achieve the Davies Award – highest honor by the Healthcare Information and Management Systems Society (HIMSS) – for inpatient, ambulatory and analytics health information technology capabilities. Our employees are among the top-skilled IT experts in the Triangle and partner with leading scholars, clinicians, and researchers across Duke University and Duke Health to develop innovative technologies that support our mission of delivering tomorrow's healthcare today.
Information Security Analyst
The Information Security Analyst is an individual contributor that will provide support for a variety of operational information security functions as part of Duke Health’s Information Security Office (ISO). This role will entail working as a member of the ISO Engineering and Architecture team, maintaining, and providing support for Duke Health’s core Information Security Infrastructure. The Information Security Analyst will work under the direction of the Chief Information Security Officer (CISO) and the Director of Security Operations and must be able to work and communicate effectively with IT, clinical, research, and management staff from other departments across Duke Health.
While the typical office hours for this position will be 8 am to 5 pm Monday through Friday, periodic after-hours work may be required.
The Information Security Analyst role incorporates the following tasks and responsibilities:
- Be trained on and provide monitoring for various security infrastructure systems using provided tools (e.g., DLP, EDR, Secure Web Gateway, etc).
- Work on assigned tasks with team of Engineers and Architects to implement operational maturity improvements.
- On a daily basis, respond to relevant service requests received from end users (e.g. for investigation of security events, use of security tools, or adherence to security policies and procedures).
- Participate in other activities necessary to support the information security program, and perform other related duties incidental to the work described herein
Desired Technical Knowledge, Skills, Abilities:
Regulatory requirements (HIPAA Security Rule, FISMA, and/or NIST Cybersecurity Framework)
A broad understanding of multiple IT disciplines and technologies
Strong focus on customer satisfaction
Strong written and oral communication skills
Strong critical thinking, analytical, and problem-solving skills
Able to troubleshoot problems in complex environments
Able to work independently as part of a team as necessary
Able to effectively prioritize tasks with competing deadlines
Excellent interpersonal skills with a demonstrated ability to build relationships with colleagues, customers, vendors, and other third parties.
Special competencies/Credentials required:
Good written and oral communication and customer service skills are critical for this role.
Must be able to work effectively in a fast-paced environment where priorities may shift quickly.
Must be able to work independently or as part of a team as necessary.
One or more basic information security industry certifications (e.g. CompTIA Security+, CySA+ or equivalent) are highly desirable for this role.
Required Minimum Qualifications
Level 1: Bachelor's degree in a related field or four years of equivalent technical experience required.
Level 1 - No experience required beyond the minimum education (or equivalency) requirement.
Should have a working knowledge of at least one of the following information security practices, standards, and systems:
- Data Loss Prevention (DLP) systems
- Encryption technologies and standards
- Endpoint security software
- Governance, Risk, and Compliance (GRC) systems
- Forensic investigation practices
- Identity and Access Management (IAM)
- Incident response practices
- Intrusion Detection and Prevention Systems (IDS/IPS)
- Network and/or application penetration testing
- Risk assessment practices
- Security Information Event Management (SIEM) systems
- Virtual Private Network (VPN) systems
- Vulnerability management practices
- Vulnerability scanning tools
Should have a working knowledge of at least one of the following regulatory compliance requirements and IT management frameworks:
- HIPAA Security and/or Privacy Rules
- HITECH and Meaningful Use
- HITRUST Common Security Framework (CSF)
- ISO 27000-series standards
- NIST information security standards
- PCI DSS
Duke is an Affirmative Action/Equal Opportunity Employer committed to providing employment opportunity without regard to an individual's age, color, disability, gender, gender expression, gender identity, genetic information, national origin, race, religion, sex, sexual orientation, or veteran status.
Duke aspires to create a community built on collaboration, innovation, creativity, and belonging. Our collective success depends on the robust exchange of ideas—an exchange that is best when the rich diversity of our perspectives, backgrounds, and experiences flourishes. To achieve this exchange, it is essential that all members of the community feel secure and welcome, that the contributions of all individuals are respected, and that all voices are heard. All members of our community have a responsibility to uphold these values.
Essential Physical Job Functions: Certain jobs at Duke University and Duke University Health System may include essentialjob functions that require specific physical and/or mental abilities. Additional information and provision for requests for reasonable accommodation will be provided by each hiring department.