HCR ManorCare Security Analyst II in Toledo, Ohio

HCR ManorCare provides a range of services, including skilled nursing care, assisted living, post-acute medical and rehabilitation care, hospice care, home health care and rehabilitation therapy.

Information security safeguards the digital health of our Patients throughout HCR-ManorCare’s range of services, including skilled nursing care, assisted living, post-acute medical and rehabilitation care, hospice care, home health care and rehabilitation therapy.

Are you looking for a place where you can be engaged in exciting challenging work and grow your career You’ll be working in an vast and complex environment to understand the risks and to deny and disrupt attacks against critical business systems. This role ensures compliance and performs in-depth risk analysis, while assisting business groups to reducing risks of compromise.

You should have demonstrated analytic ability to assess technical environments, discover weaknesses, and analyze exploitation opportunities. Also necessary is the expertise to evaluate and recommend business-first defensive mechanisms to minimize exposures.

Candidates need business acumen to understand HCR’s different services and the threat vectors that are most dangerous to that part of the business. Expertise in writing technical risk assessments is required, not just popping shell or stealing credentials. Technical acumen includes, but is not limited to, source code scanners, vulnerability scanners, 3rd party risk identification, application and infrastructure penetration testing. Candidates must have expertise using open source tools, gathering and interpreting information, performing Internet-based research, identifying mitigation strategies, and effectively communicating the results and risk mitigation plans to non-technology business groups.

Such a person should be able to or possess (in priority):

· Curiosity about how technology works and be courageous enough to take it apart

· Team player, capability to collaborate with diverse people from a variety of areas- both technical and business - and build consensus solutions

· Ability to self-manage and prioritize complex and occasionally competing tasks

· Experience assessing technologies from a risks perspective and documenting remediation options with recommendations

· Knowledge of Android, iOS, W10, and Windows Server, and O365/Azure operating environments

· Experience with packet level analysis and forensics low-layer IP networking and have a thorough understanding of network security

· Experience with administering both Linux systems and Windows Servers

· Proficient with a programming language such as Swift, Java, Powershell, Python, PHP, C or similar

· Proficient working knowledge within the following risk domains/technologies: Database and application security, IDS/IPS technologies, System/Access Administration, Firewall technologies, Network Architecture, Security Event Logging & Monitoring , Database/Application/Network Layer Protocols, Secure Software/Code Development, Vulnerability Management.

This role has 4 major deliverables:

  • Regulation Awareness & Familiarity - To be successful one needs to understand HIPPA and how the government expects us to safeguard electronic healthcare information. The same situation applies to credit card information via the Payment Card Industry Data Security Standard (PCI DSS).

  • Governance – To be successful one will have to be able to work with Internal and External auditors. This includes the written policies, as well as the gathering of technical evidence that prove we are following the applicable Laws and Regulations.

  • Risk Assessments – To be successful one will have to be able to perform comprehensive risk analysis and author assessments. This includes penetration testing on on-premise assets, and working with Cloud and Software as a Service Providers to test their safeguards.

  • Threat Awareness – To be successful one will have to stay up-to-date on OS, application vulnerabilities, and other risks so that the Risk Assessments are timely and accurate.

In return for your expertise, you’ll enjoy excellent training, industry-leading benefits and unlimited opportunities to learn and grow. Be a part of the team leading the nation in healthcare.

000 - Corporate Office

Basic Qualifications

Experience hacking systems either formally or informally.

Two to four years of Information Security experience in 3 of the 5 following areas:

· Access Control,

· Application Development Security,

· Information Security Governance and Risk Management

· Legal regulations, investigations, and compliance, and

· Telecommunications and Network Security

Preferred Qualifications

· Prior work in Healthcare

· Experience with PCI, SOX, HIPAA, and NIST regulatory standards

· Certification: ISACA or ISC², GPEN, GCWN, GCED or ECSA a plus

· Proficient in recognized IT control frameworks and standards (e.g., COBIT, ITIL, and ISO 27000).

Job Specific Details:

Remote is not an option.