Cyber Security Operations Center Analyst- Tier 3

Join us as we work to create a thriving ecosystem that delivers accessible, high-quality, and sustainable healthcare for all.

The Information Security group at athenahealth is looking for a security analyst to join our Cyber Security Operations Center (CSOC) tea m . This is a highly technical, hands-on role that acts as a top-tier ( T ier 3) incident responder for cyber security incidents of all types, detection engineering, threat hunting, and serves as an incident coordinator during an on-call rotation for any incidents detected via automated alerting workflows or reported to the security team through several channels.

You must be someone who can debug complex problems and use methodical processes when troubleshooting a technical issue , including knowing when and how to work with team members, management, and other stakeholders in an effective and efficient manner . You must be an excellent communicator who can work with stakeholders to understand employee questions and potential concerns. You must provide strong stakeholder support and understand how and when to appropriately triage issues to completion and escalate potential issues appropriately . You are a tenacious and nimble learner who demonstrates design and engineering excellence. Being able to communicate security issues to employees in a non-technical manner is critical to success.

The Team:

The CSOC is a three-tiered structure responsible for ensuring the company's products and infrastructure are as secure as possible. The team works cross-functionally across the business with stakeholders to provide support, guidance, and technical implementations where appropriate , to include triage, containment, and remediation when applicable. Cross-functional teams in support of security threats or incidents include cyber threat intelligence, security engineering, public cloud security, risk management, and other security teams, but also dozens of technical teams in various environments .

Job Responsibilities:

Understand that as the Tier 3 (highest level) engineer, you’re expected to handle potential incidents and act as the as a subject matter expert for all security-related tickets that come into the team's various queues (including triage, containment, and remediation when necessary).

Receive incident escalations from Tier 1 and 2 analysts, assist ing with real-time advanced analysis, response, and reporting.

Mentor and assist in training Tier 1 and 2 analysts to aid in their skills development and analytical capabilities.

Proactively hunt for threats and enacting identification, containment, and eradication measures while supporting recovery efforts.

Serve as a p oint person for coordination with appropriate parties during a security incident – client, management, legal, security, operations, etc.

Create thorough reports and documentation of all incidents and procedures, presenting findings to team and leadership on a routine basis .

Incident Response: remote remediation when possible and working with onsite teams when necessary. Detailed documentation of events and remediation steps taken.

Root Cause Analysis: initiation and follow-through to ensure quality forensic materials are captured, writing reports with details and timelines of events with recommendations to avoid future occurrences .

Assist in the general maintenance and improvement of procedures, processes and playbooks.

Conduct research regarding the latest methods, tools, and trends in digital forensics analysis .

Conduct analysis using logs, previous alerts, etc. to identify trends to identify and prevent potential incidents.

Follow standard operating procedures (SOPs) to ensure tickets are triaged appropriately and in a timely manner , according to SLAs.

Excel at documentation and detailed notetaking, including SOP writing, incident reporting, e-mail and instant messag ing etiquette, and most importantly, documenting incident actions in tickets. This role is responsible for completing incident reports and forensic reports, when appropriate , so competent writing skills are necessary .

Ability to know when to appropriately escalate a potential issue to peers and/or leadership .

Desire to learn new concepts and technologies to grow and take on more responsibility over time .

Ability to communicate risk, prioritize incident response actions, and keep a cool head under pressure.

Advanced experience with security tools like Splunk, C rowdStrike EDR , Carbon Black EDR, Proofpoint tools , Microsoft Defender components , Cyberhaven DLP, Axiom Cyber and open-source forensic tools, Cylance Protect , Office 365 tools, PowerShell , and various network tools, etc.

Understanding the various stages of incident response, the importance and critical factors of an investigation, and how to contain as soon as possible.

Have experience with the incident response lifecycle, the Lockheed Martin Cyber Kill Chain, the MITRE framework, and the forensic workflows as outlined by NIST.

Work with development teams to ensure they're using best practices and company processes in their daily activities .

Drive self-organization; help determine how the team functions in collaboration with your peers

Build strong relationships with cross-functional team members between the three tiers of the CSOC.

Participate in off-hours on-call incident handler rotation , which is a requirement for this role, as incidents may be escalated outside of normal business hours by our 24/7/365 Tier 2 team. Tier 3 teammates rotate on-call responsibilities which requires each teammate to be formally on-call roughly one week a month.

Typical Qualifications:

Bachelor's degree or higher in cyber security , computer science, or related field .

6 -10 years of cyber security experience , including at least five years in an incident response role.

Completion of th e GIAC Certified Incident Handler (GCIH), GIAC Security Operations Certified (GSOC) , GIAC Certified Forensic Examiner (GCFE), GIAC Certified Forensic A nalyst (GCFA), or equivalent.

Experience with endpoint detection and response (EDR) solutions, includ ing a fundamental understanding of memory processes and memory management practices for Windows, macOS, and Linux systems.

Information Security familiarity and training , including areas such as incident response, computer forensics (host and network-based) , malware analysis, risk assessment, vulnerability testing, penetration testing , and insider threat investigations .

Experience participating in penetration tests, purple team exercises, and threat hunts, including remediation.

Experience in distributed systems and cloud-based architecture including Amazon AWS, Microsoft Azure , and the native security tools available in these environments (Data Explorer, GuardDuty , Log Analytics, etc.).

Experience with detection engineering for endpoint detection and response (EDR) solutions, Security Information and Event Management (SIEM) solutions such as Splunk and the Elastic Stack (ELK) , and log analysis for all operating systems,

Familiarity with Unix/Linux, Windows, SQL, macOS, shell scripting, PowerShell and python scripting, and various other technologies .

Familiarity with common phishing attacks, methods, and risks to look out for from a security per spective.

Basic understanding and exposure to project management and collaborative software applications such as Jira, Confluence, SharePoint, ServiceNow, MS Teams, etc.

Have s trong written and verbal communication skills and not be afraid to ask questions or for advice.

Be a strong team member , assertive , a critical thinker, and able to collaborate often and openly.

Good communication skills to interact with clients, team members, management, and support personnel .

The ability to work independently and as part of a team, be highly self-motivated .

Strong analytical and problem-solving skills .

Ability to prioritize work and complete tasks in a timely and complete manner with regular documentation along the way.

Requires being on-call during off hours .

Remote, but must be physically located within the USA .

Can reside anywhere in the USA, but must work in Eastern Standard Time (ET) (typically 8 : 30A M -5P M ET )

About athenahealth

Our vision: In an industry that becomes more complex by the day, we stand for simplicity. We offer IT solutions and expert services that eliminate the daily hurdles preventing healthcare providers from focusing entirely on their patients — powered by our vision to create a thriving ecosystem that delivers accessible, high-quality, and sustainable healthcare for all.

Our company culture: Our talented employees — or athenistas, as we call ourselves — spark the innovation and passion needed to accomplish our vision. We are a diverse group of dreamers and do-ers with unique knowledge, expertise, backgrounds, and perspectives. We unite as mission-driven problem-solvers with a deep desire to achieve our vision and make our time here count. Our award-winning culture is built around shared values of inclusiveness, accountability, and support.

Our DEI commitment: Our vision of accessible, high-quality, and sustainable healthcare for all requires addressing the inequities that stand in the way. That's one reason we prioritize diversity, equity, and inclusion in every aspect of our business, from attracting and sustaining a diverse workforce to maintaining an inclusive environment for athenistas, our partners, customers and the communities where we work and serve.

What we can do for you:

Along with health and financial benefits, athenistas enjoy perks specific to each location, including commuter support, employee assistance programs, tuition assistance, employee resource groups, and collaborative workspaces — some offices even welcome dogs.

We also encourage a better work-life balance for athenistas with our flexibility. While we know in-office collaboration is critical to our vision, we recognize that not all work needs to be done within an office environment, full-time. With consistent communication and digital collaboration tools, athenahealth enables employees to find a balance that feels fulfilling and productive for each individual situation.

In addition to our traditional benefits and perks, we sponsor events throughout the year, including book clubs, external speakers, and hackathons. We provide athenistas with a company culture based on learning, the support of an engaged team, and an inclusive environment where all employees are valued.

Learn more about our culture and benefits here: athenahealth.com/careers

athenahealth, Inc. is a private American company that provides network-enabled services for healthcare and point-of-care mobile apps in the United States.

Talentify is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.

Talentify provides reasonable accommodations to qualified applicants with disabilities, including disabled veterans. Request assistance at accessibility@talentify.io or 407-000-0000.

Federal law requires every new hire to complete Form I-9 and present proof of identity and U.S. work eligibility.

An Automated Employment Decision Tool (AEDT) will score your job-related skills and responses. Bias-audit & data-use details: www.talentify.io/bias-audit-report . NYC applicants may request an alternative process or accommodation at aedt@talentify.io or 407-000-0000.