Information Security Analyst

Job Description

WebMD is the most recognized and trusted brand of health information and the leading provider of
health information services, serving consumers, physicians, healthcare professionals, employers
and health plans through our public and private online portals and WebMD the Magazine. The
WebMD Health Network includes WebMD, Medscape, MedicineNet, eMedicine, RxList, theheart.org
and Medscape Education. Our consumer portals and mobile health applications provide engaging,
relevant and credible health and wellness information, personalized health assessment tools and
access to online communities. All qualified applicants will receive consideration for employment without regard to race,
color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran
status. The Information Security Analyst, as a member of WebMD’s Information Security Office is
responsible for ensuring the continued adoption of security best practices and, assist in the
implementation of processes and security technologies to protect the confidentiality of information. Responsibilities include:● Create and track security metrics to enable trend reporting to senior management
● Identify security threats through the monitoring and correlation of various security
systems and event sources including antivirus, vpn, host intrusion detection, proxy, and
system logs
● Participate in the Vulnerability Management program; that is identifying patches, rating
patch criticality, monitoring patch process and tracking vulnerabilities through their
lifecycle
● Completion of daily requests requiring security review (e.g. requests for access)
● Perform security due diligence of third party tools, vendors and systems
● Assist in the resolution of security incidents through technical analysis (e.g. forensics, log
review)
● Provide guidance as needed to IT and Business partners to ensure secure
implementation of processes, systems and services
● Development of documentation with respect to security standards and guidelines Requirements● BS in Computer Science or related field● 3+ years of experience in an Information Security, or IT related role with security
exposure. Including backgrounds in site reliability engineering, operations, and
networking.
● Strong knowledge of threats, vulnerabilities, attack methods and countermeasures
● Technical knowledge of Operating Systems (Windows/Linux), Networking, and Web
technologies
● Industry certifications such as Security+, Associate CISSP are a strong plus
● Knowledge of OWASP vulnerabilities and mitigation strategies
● Scripting experience with Python, Ruby, BASH, or PowerShell is a plus
● Familiarity with industry standard frameworks such as NIST, FISMA, HiTrust, HIPAA, or
SOC I & II
● Experience with any of the following tools is a plus: Palo Alto XDR, Carbon Black, Splunk and Security Onion