Systems Security Analyst

SUMMARY:

The Systems Security Analyst is a critical member of the Chief Information Security Officer's (CISO's) team and reports to the Manager of Information Security Operations.  This is a hands-on role that requires a high level of technical and analytical expertise. Responsible for a broad range of tasks, including the day-to-day administration of information security tools, the creation of security documentation as well as second and third level support for security information and event management (SIEM) alerts.  The role ensures that the healthcare organization maintains compliance with regulatory requirements, industry standards, and internal policies while proactively managing security risks.

Brown University Health employees are expected to successfully role model the organization's values of Compassion, Accountability, Respect, and Excellence as these values guide our everyday actions with patients, customers and one another.

In addition to our values, all employees are expected to demonstrate the core Success Factors which tell us how we work together and how we get things done. The core Success Factors include:

Instill Trust and Value Differences
Patient and Community Focus and Collaborate

RESPONSIBILITIES:

Consistently applies the corporate values of respect, honesty and fairness and the constant pursuit of excellence in improving the health status of the people of the region through the provision of customer-friendly, geographically accessible and high-value services within the environment of a comprehensive, integrated academic health system.  Is responsible for knowing and acting in accordance with the principles of the Brown University Health Corporate Compliance Program and Code of Conduct.

Monitors, configures and takes remediation actions surrounding, SIEM, Alerting / Detection (Network & Endpoint), Log Management, Phishing (Detection & Response), Digital Forensics, Penetration Testing, Zero-Trust architecture, threat-informed defense (MITRE ATT&CK), O365, and security automation.

Monitor and configure security controls across multi-cloud (Azure / AWS) environment as needed.

Assists in the development and documentation of security architecture, policies, standards, and procedures

Works with third party partners and services to ensure Brown University Health receives value and performance in accordance with contractual agreement

Participate in cloud / on-premises Incident Response processes, including tabletop exercises for breach scenarios

Ensure Brown University Health is prepared for external audits.

Maintains up-to-date technical knowledge by attending seminars, vendor presentations, and reading professional literature.

Attend and actively contribute to problem-management and major-incident conference calls as required.

Researches and assists in the piloting and evaluation of new tools, technologies, technical controls, and processes to support and enforce defined security policies.

Monitor emerging threats, vulnerabilities, and industry best practices to ensure security controls remain effective and aligned with the evolving threat landscape.

Provide expertise on security best practices across IT, infrastructure, and enterprise operations to support secure business strategies.

Contributes to a knowledgebase comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations.

Ensures audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements.

Evaluates baseline security configurations for operating systems, applications, and networking and telecommunications equipment

Assists Brown University Health staff in the resolution of reported security incidents.

Assist in ensuring compliance with relevant regulatory standards, including HIPAA, HITECH, PCI-DSS, NIST, and other applicable frameworks.

Research and assess new threats and security alerts and recommends remedial actions.

Identify opportunities for improving Security Operations practices, recommending updates to processes and controls.  Stay current with emerging security risks, regulatory requirements, and best practices to ensure the ongoing effectiveness of the security program.

Provides expert level guidance to IT staff and the business regarding all Information Security policies, standards, processes, and procedures.

Works with various infrastructure teams and business units to ensure policy compliance and adherence to security best practices.

Participates in security projects and provides expert guidance on security policy, process, and procedures for other IT projects, as required.

Participates in compliance / audit activities as requested by internal and external auditors.

Maintains work effort status within SLA’s on Brown University Health’s Service Desk and Task Management Platforms.

Identifies risks within the environment and performs risk register validations as required.

Requires participation in a recurring on-call schedule that includes evenings and weekends.

Performs other duties as assigned.

MINIMUM QUALIFICATIONS:

EXPERIENCE:

A minimum of 10 years of IS experience, with 5 years in an information security role.

A bachelor's degree in information systems or equivalent work experience; an M.B.A. or M.S. in information security is preferred.

Certifications Required (3 or more - CISSP, CCSP, OSCP, CISA, GIAC, CEH, Security+)

Strong understanding of authentication and authorization protocols (OAuth2, SAML, OpenID Connect)

Experience implementing and supporting phishing-resistant multi-factor authentication (e.g., FIDO2/WebAuthn, smart cards, or certificate-based authentication) to strengthen identity and access security.

Experience implementing security controls via infrastructure-as-code (Terraform, Ansible, etc.)

Familiarity with SOAR platforms or automated incident response playbooks

Experience securing cloud environments (AWS, Azure, GCP) with knowledge of cloud-native security services

Experience with SIEM platforms (e.g., Splunk, Sentinel, QRadar) for monitoring, alerting, and correlation

Hands-on familiarity with EDR/XDR solutions (e.g., CrowdStrike, Defender for Endpoint)

Knowledge of vulnerability scanning and management tools (e.g., Nessus, Qualys, Rapid7)

Experience with cloud security posture management (CSPM) and cloud workload protection tools to identify misconfigurations, vulnerabilities, and risks across multi-cloud environments.

Experience with APIs, including integrating with RESTful or GraphQL endpoints to securely pull and push data between systems.

Proficiency in scripting and automation using Python, PowerShell, or Bash to support security operations, including tasks such as log parsing, API integration, incident response workflows, and orchestration of security tools.

Strong understanding of regulatory requirements, security frameworks, and risk management methodologies (e.g., HIPAA, HITECH, NIST, ISO 27001).

Expert level in security best practices.

Excellent written and verbal communication skills, with the ability to present complex security concepts to diverse audiences.

Intermediate level with Wireshark and/or equivalent packet capture and analysis

Experience with patch management, device hardening, configuration auditing and other end point security best practices.

Familiarity with the principles of cryptography and cryptanalysis.

Experienced in the use of virtualization technologies

Experience designing and implementing secure landing zones in both Microsoft Azure and Amazon AWS.

Understanding of Public Key Infrastructure

Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.

Strong understanding of networking technologies from architecture best practices to packet analysis

In-depth knowledge of risk assessment methods and technologies.

Knowledge of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts.

Excellent technical knowledge of mainstream operating systems [for example, Microsoft Windows and Linux] and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools.

Proficiency in performing risk, business impact, control and vulnerability assessments.

Working knowledge of IT/network and cloud architectures sufficient to map controls, evidence, and risks.

Strong written and verbal communication skills.

Ability to communicate security guidance to a non-technical audience.

INDEPENDENT ACTION:

Functions independently within departmental policies and practices.  Must be able to work independently in a manner to achieve goals, objectives and productivity requirements.  Refers unresolved complex issues to director where clarification of department policies and procedures may be required.

SUPERVISORY RESPONSIBILITIES:

Employee functions independently within department policies and practices; refers specific complex problems to direct manager where clarification of departmental policies and procedures may be required.

Pay Range:

$102,963.22-$169,867.15

EEO Statement:

Brown University Health is committed to providing equal employment opportunities and maintaining a work environment free from all forms of unlawful discrimination and harassment.

Location:

BHCS 15 LaSalle Square - 15 LaSalle Square Providence, Rhode Island 02903

Work Type:

M-F 8:00am-4:30pm

Work Shift:

Day

Daily Hours: 

8 hours

Driving Required:

Yes