Threat Detection and Response Analyst

Discover Vanderbilt University Medical Center: Located in Nashville, Tennessee, and operating at a global crossroads of teaching, discovery, and patient care, VUMC is a community of diverse individuals who come to work each day with the simple aim of changing the world. It is a place where your expertise will be valued, your knowledge expanded, and your abilities challenged. Vanderbilt Health recognizes that diversity is essential for excellence and innovation. We are committed to an inclusive environment where everyone has the chance to thrive and where your diversity of culture, thinking, learning, and leading is sought and celebrated. It is a place where employees know they are part of something that is bigger than themselves, take exceptional pride in their work and never settle for what was good enough yesterday. Vanderbilt's mission is to advance health and wellness through preeminent programs in patient care, education, and research.

Organization: VEC TDR

Job Summary: Conducts cyber threat intelligence, computer and network intrusion detection, incident response, and cybersecurity forensic investigations under occasional guidance. Conducts small and medium scale threat analysis for the environment. Troubleshoots and resolves complex security issues. Implements small and medium technology projects or components of large projects. Ability to solve medium to complex problems.

.

KEY RESPONSIBILITIES

• Performs intrusion detection and incident response.
• Conducts computer investigations.
• Conducts threat analysis for the environment.
• The responsibilities listed are a general overview of the position and additional duties may be assigned.
  
  TECHNICAL CAPABILITIES ANOMALY AND INTRUSION DETECTION : - Possesses sufficient fundamental proficiency to successfully demonstrate Intrusion and Anomaly Detection practices in practical applications of moderate difficulty. Has a basic understanding of network behavior analysis techniques and tools. Capable of using various detection systems and software.
  INCIDENT RESPONSE : - Demonstrates the ability to respond quickly to reports from individuals. Takes immediate action to stop a cybersecurity incident from continuing or recurring. Determines whether an incident should be handled locally or reported to the IT Security Response Team. Works with the IT support staff to repair a system, restore service, and preserve evidence of the incident. Handles sensitive and other critical responses in a professional manner. Evaluates and documents investigation findings after resolving an incident. Capable of using various computer forensic systems and software.
  MALWARE ANALYSIS : - Possesses sufficient fundamental proficiency to successfully demonstrate Malware Analysis in practical applications of moderate difficulty. Has determined the behavior and purpose of a simple malware threat and eliminated it from the Company's computers. Familiar with Dynamic Analysis, the analysis of software during its execution on a computer or in a virtual machine, and Static Analysis, the method to look at the component without any execution on the component itself. Has used basic Malware Analysis tools and products.
  
  NETWORK AND SYSTEMS FORENSICS : - Possesses sufficient fundamental proficiency to successfully demonstrate Digital Forensics capability on system and network data in practical applications of moderate difficulty. THREAT DATA :- Proficient to review and collect pertinent Indicators of Compromise and other threat data from available sources (feeds, community communications, etc) to feed into existing Intrusion Detection systems and processes, to enhance discovery of threats in the environment. SECURITY POSTURE ASSESSMENT : - Demonstrates the ability to successfully review basic Internet connections and internal networks to identify standard hacker/cracker threats. Able to review the configuration of server and major network applications to identify configuration errors and other problems that weaken organizational systems and increase their likelihood of misuse. Has conducted an assessment of at least one of the following: [1] access controls, governing access to applications and files, [2] password controls, determining permissible choice of passwords and governing the requirement to change passwords, [3] connectivity controls [e.g., open ports/ enabled protocols] influencing permissible communications to and from a computer system, [4] inappropriate files [including viruses, worms, Trojan horses, bootleg software, music files, inappropriate image files], and [5] unpatched software, bringing attention to available security-related patches that have not been deployed. Has basic knowledge of several of the following: network foot-printing, port scanning, and enumeration techniques, specific operating system vulnerabilities [like Win-NT, *nix,Win-2K, Solaris], web server vulnerabilities, application level exploits, worms, viruses, and Trojans, network vulnerabilities, sniffing, wireless sniffing, IP spoofing, and PPTP/VPN breaking. Generate security reports for management that show system safety and incident reporting. Our professional administrative functions include critical supporting roles in information technology and informatics, finance, administration, legal and community affairs, human resources, communications and marketing, development, facilities, and many more. At our growing health system, we support each other and encourage excellence among all who are part of our workforce. High-achieving employees stay at Vanderbilt Health for professional growth, appreciation of benefits, and a sense of community and purpose Core Accountabilities: Organizational Impact: Executes job responsibilities with the understanding of how output would affect and impact other areas related to own job area/team with occasional guidance. Problem Solving/ Complexity of work: Analyzes moderately complex problems using technical experience and judgment. Breadth of Knowledge: Has expanded knowledge gained through experience within a professional area. Team Interaction: Provides informal guidance and support to team members. Core Capabilities : Supporting Colleagues:- Develops Self and Others: Invests time, energy, and enthusiasm in developing self/others to help improve performance e and gain knowledge in new areas.- Builds and Maintains Relationships: Maintains regular contact with key colleagues and stakeholders using formal and informal opportunities to expand and strengthen relationships.- Communicates Effectively: Recognizes group interactions and modifies one's own communication style to suit different situations and audiences. Delivering Excellent Services:- Serves Others with Compassion: Seeks to understand current and future needs of relevant stakeholders and customizes services to better address them.- Solves Complex Problems: Approaches problems from different angles; Identifies new possibilities to interpret opportunities and develop concrete solutions.- Offers Meaningful Advice and Support: Provides ongoing support and coaching in a constructive manner to increase employees' effectiveness. Ensuring High Quality: - Performs Excellent Work: Engages regularly in formal and informal dialogue about quality; directly addresses quality issues promptly.- Ensures Continuous Improvement: Applies various learning experiences by looking beyond symptoms to uncover underlying causes of problems and identifies ways to resolve them. - Fulfills Safety and Regulatory Requirements: Understands all aspects of providing a safe environment and performs routine safety checks to prevent safety hazards from occurring. Managing Resources Effectively: - Demonstrates Accountability: Demonstrates a sense of ownership, focusing on and driving critical issues to closure.- Stewards Organizational Resources: Applies understanding of the departmental work to effectively manage resources for a department/area.- Makes Data Driven Decisions: Demonstrates strong understanding of the information or data to identify and elevate opportunities. Fostering Innovation:- Generates New Ideas: Proactively identifies new ideas/opportunities from multiple sources or methods to improve processes beyond conventional approaches.- Applies Technology: Demonstrates an enthusiasm for learning new technologies, tools, and procedures to address short-term challenges.- Adapts to Change: Views difficult situations and/or problems as opportunities for improvement; actively embraces change instead of emphasizing negative elements. Position Qualifications: Responsibilities: Certifications: Work Experience: Relevant Work Experience
  Experience Level: 2 years Education: Bachelor's Vanderbilt Health recognizes that diversity is essential for excellence and innovation. We are committed to an inclusive environment where everyone has the chance to thrive and to the principles of equal opportunity and affirmative action. EOE/AA/Women/Minority/Vets/Disabled