Employers Only
  • Coventry Health Care
  • WellPoint
  • IBM
  • Gwinnett Health Systems
  • Nestle USA
  • Parsons
  • Verizon Wireless
  • TD Ameritrade
  • Conoco Phillips
  • PwC
  • Mission Hospitals
  • Monsanto
  • Rush University Medical Center
  • MillerCoors
  • Johnson & Johnson Family of Companies
  • Kaiser Permanente
  • Liberty Property
  • Northrop Grumman
  • Wells Fargo
  • Federal Home Bank
  • Wheaton Franciscan Healthcare
  • JPL
  • Yum! Brands
  • National Security Agency
  • Methodist Hospital System
  • Enterprise Rent A Car
  • Ryder System
  • ServiceMaster
  • Cisco
  • Yoh Company

Kaiser Permanente

Cyber Threat Monitoring (Senior)

Job Information

Posted:

Tuesday, February 05, 2013

Modified:

Monday, February 11, 2013

Division:

Kaiser Permanente Information Technology (KPIT)

Salary: 

0

Location: 

Pleasanton California USA

Job ID:

147552 (Kaiser Permanente Job ID)

HireDiversity Job ID:

3582197

Job Text


Main Responsibilities:
The Security Information Management Information Protection Senior will implement, and manage the toolsets of the Security Information Management Team. The Security Event Management team is responsible for providing log management, file integrity monitoring, security information management, reporting, and system integration services to a variety of customers including: SOC, CFI, KSIRT, Enforcement, Assessment, System Assurance, IAM, Compliance, application owners, and KP-IT.

Essential Functions:
- Recommends and/or assists in the development and implementation of Information Protection policies, standards, procedures, and guidelines.
- Assists in development of policy and standards for Information Protection.
- Ensures that KP-IT security systems are in compliance with KP-IT policies.
- Conducts periodic security compliance reviews.
- Works with other KP-IT staff to assess security system modifications required due to other system changes.
- Ensures the implementation of system access controls based upon KP-IT Information Protection policies and standards.
- Ensures that all requests for access to computerized systems and data have received appropriate approvals.
- Maintains security database.
- Creates, modifies and deletes user profiles and other access controls.
- Reviews security logs and violation reports and follows-up as appropriate.
- Investigates and documents security incidents.
- Works with KP-IT technical support to coordinate the system maintenance of the security database.
- Assesses the development, testing and implementation of appropriate Information Protection controls.
- Participates with internal and external audit staff to assess the effectiveness of the KP-IT security program.
- Plans and implements recommended enhancements to the KP-IT security program.
- Participates in task forces responsible for determining Information Protection requirements for new applications and advises Leads and Consultants on control weaknesses.
- Participates in technical reviews for new software.
- Assesses and reports on the adequacy of the products' security features.
- Assists in testing of third party Information Protection products to verify that products meet KP-IT security functionality needs.
- Assists with supervising and training of subordinate staff members.
- Assists in developing and maintaining training programs for individuals responsible for data security and confidentiality.
- Assists in developing Information Protection awareness programs and performs Information Protection training.
- Communicates security incidents expeditiously, both internally and externally, according to guidelines.
- Informs decentralized security resources in Healthcare Foundation and medical groups of modifications to security database.
- Provides statuses about end user access to end users, end user management and higher level resources.
- Identifies compensating controls to mitigate risks in the healthcare enterprise.
- Assists with facilitation of risk analysis with business units.

Qualifications:

Basic Qualifications:
- Bachelor's degree in a related field and/or an additional4 years of equivalent work experience.
- Five years of information systems experience is required with at least 2 years information security experience performing information security event management system implementation and administration.
- Experience with Federal, State, Local and other regulatory requirements (HIPAA/SOX/PCI).

Preferred Qualifications:
- Demonstrated knowledge of Incident Response processes and best practices
- Demonstrated knowledge of information security threats and analysis.
- Ability to provide senior level security event correlation
- Senior level knowledge of Windows and *NIX platforms and networking
- Senior level knowledge of security technologies including: Anti Virus, IDS/IPS, Firewalls, Web Filtering and Data Exfiltration systems
- Must be well organized and possess excellent interpersonal, customer service, communication, and documentation skills
- Informed of the latest in security trends, threats, and industry resources such as CERT, SANS, D-Shield, etc.
- Demonstrated ability to work well as a team and independently.
- Ability to perform with little to no supervision
- Ability to participate in technically focused teams
- Experience implementing Security Tool Architectures
- Proven ability to work effectively with management, staff, vendors, and consultants
- Experience with programming/scripting (PERL, JAVA, XML, Python, C, C++, SQL)
- Senior Level experience with manipulation of structured and unstructured data
- Experience with large volumes of data management and information extraction/manipulation
- Senior Level Vulnerability and Threat analysis skills
- Experience with system administration and performance management
- Experience with database implementation, and performance management
- Candidates with Information Security certifications such as CISSP and GIAC will be given preference.



External hires must pass a background check/drug screen.
We are proud to be an equal opportunity/affirmative action employer.

Save job

named

Share This Job!

Diversity Events