This site uses cookies. To find out more, see our Cookies Policy

Threat Mgmt Analyst - Intermediate in Altamonte Springs, FL at AdventHealth

Date Posted: 5/14/2019

Job Snapshot

  • Job Schedule
  • Date Posted:
  • Job ID:
  • Job Family
    Information Systems
  • Travel
    Yes, 25 % of the Time
  • Shift
    1 - Day
  • Application Zone
    1-Shared Services
  • Organization
    AdventHealth Information Technology

Job Description


Threat Management Analyst - Intermediate

AdventHealth Information Technology

Location Address: Inspiration Avenue, Altamonte Springs FL

Top Reasons To Work At AdventHealth Corporate

•         Great benefits

•         Immediate Health Insurance Coverage

•         Career growth and advancement potential

•         Award-winning IT Department

Work Hours/Shift:

Full-Time, Monday – Friday


You Will Be Responsible For:

•         Intermediate technical analysis of network activity and flow data, monitors and evaluates network flow data for possible malware activity via anomalies.

•         Accumulate IOC’s from intel sources and monitoring tools and respond to detected events with minimal supervision.

•         Analyze cyber threats, vulnerabilities, and exploits; writing advisories and providing remediation action plans.

•         Document, communicate, collaborate and transition incident details to other members and other support groups.

•         Perform Advanced Persistent Threat correlation between multiple security event sources such as firewall logs, threat intelligence feeds, AV, Endpoint Analysis, IDS\IPS, and other sources.

•         Communicate and provide manager with incident updates, work and project statuses that include concerns and risks in a timely manner.

•         Evaluate configurations related to IDS/IPS, Firewall systems, endpoint security, Web Security Proxies, Email Security Systems, SIEM, automation, orchestration, and other tools as necessary.

•         Works closely with Team Lead or Manager when researching, planning, building, and implementing approved projects. Partners with Team Lead or Manager to oversee the delivery of solutions and appropriately manages and escalates risks and issues.

•         Performs other duties as assigned.



•         Enterprise Domain experience is a must.

•         Ability to write and recommend security policies procedures, and related processes

•         Technical knowledge of infrastructure assets, including classical routing, switching, firewalls, IDS\IPS, web proxies, and load-balancer technologies.

•         Strong understanding of Enterprise log management and SIEM solutions.

•         Strong understanding of security vulnerability assessment and exploit toolsets, i.e. Nessus, Nexpose, Qualys, and Metasploit frameworks.

•         Analytical and problem-solving skills and the ability to "think-out-of-the-box."

•         Intermediate troubleshooting skills, including protocol analysis and decoding via Wireshark, TcpDump, WinDump, and similar PCAP capturing and protocol decoding technologies.

•         A broad understanding of information technology methodologies in multiple disciplines; comfortable with complex undocumented requirements and independent task research.

•         Strong skill in parsing and analyzing Firewall, IDS\IPS, web proxy, system and security logs.

•         Moderate understanding of network protocols.

•         Extensive knowledge of Active Directory, Windows and Linux client and server operating systems; including an understanding of process interactions, inter-process communications and system configuration files (i.e. registry, config files, etc.).

•         Moderate understanding of Encryption, both Asymmetric and Symmetric technologies

•         Familiar with information sharing specifications for cybersecurity

•         Ability to perform multiple roles within Incident Response Procedures

•         Excellent time management skills to accomplish multiple concurrent tasks

•         Strong interpersonal skills with a positive and enthusiastic attitude

•         Ability to work well with people of varying levels of technical abilities

•         Excellent oral and written communication skills

•         Ability to receive calls and text messages 24 hours a day, seven days per week

•         Mentoring of Threat Management and Security Operations Junior analysts.

•         Advanced Malware Analysis skills, utilizing commercial and open source tools and techniques such as

behavioral analysis in sandbox environments.

•         Understanding of obfuscation techniques.


•         Knowledge of Volatility framework, Redline, Tripwire, SEP, SDCS, STIX and TAXII, Cisco Security Technologies: Sourcefire IDS\IPS, AMP for Endpoints, IronPort Suites, and ASA Firewalls.

•         Knowledge of Checkpoint Firewalls and DLP

•         Knowledge of HIPAA, HITRUST, NIST, FISMA, FedRAMP, 27001, PCI, SOC audit

•         Knowledge of scripting languages (i.e. JavaScript, PowerShell, Perl, Python, PHP)

•         Ability to write SQL queries, parsing, and correlating data from databases

•         Memory analysis of suspect systems to detect active and dormant malware

•         File System level forensics analysis of Microsoft and Linux file systems, using tools such as Encase, FTK, SIFT and\or open source equivalent toolsets.

•         Reverse Engineering and code analysis of suspect x86 Windows and Linux binaries, DLL’s, using static disassemblers such as IDA Pro, and dynamic analysis with debuggers, such and WinDbg, and OllyDbg, to ascertain and validate malware and determine severity.

•         Working knowledge of healthcare or clinical physician clinical practice


•         Associate degree OR substitute 5+ years of Information Technology experience

•         3 years of Information Security experience



•         3+ years of Information Security experience

•         5+ years of Information Technology experience



•         CISSP or equivalent knowledge


Security certifications (i.e. EnCE; SANS-GIAC: GCIA, GREM, GPEN, GCFA\E, or GNFA, GPPA, GXPN or related, OSCP; CEH, IINS, CCNP-Security)




The Threat Management Analyst is part of the Information Security Threat Management Team (ISTMT) that will assist in the definition, maintenance, and execution the Computer Security Incident Response Plan. (CSIRP). The CSIRP defines the policies, processes, methodologies, resources, roles, and responsibilities required to investigate and remedy any computer or network security events or incidents within the networks, as well as any networks or entities that interface with the network. The ISTMT analyst will execute the appropriate coordination required to apprise the applicable stakeholders, technical, managerial, and administrative decision makers of incident mitigation requirements in a timely manner. The ISTMT analyst will provide governance and guidance, oversight of, and recommendations concerning, all aspects of the CSIRP. This includes best practices, investments, incident management systems, policies, procedures, definitions of roles and responsibilities, and coordination needed for the effective and efficient mitigation of computer security incidents that impact the organization.

This facility is an equal opportunity employer and complies with federal, state and local anti-discrimination laws, regulations and ordinances.

Location | Organization | Category | Job Function