IT Cybersecurity Analyst

Position Title:

Department:

Job Description:

The Cybersecurity Operations Analyst II is responsible for protecting the organization’s critical digital assets by monitoring networks, systems, and applications to identify and address advanced threats and vulnerabilities. You will use your expertise with security tools and frameworks to analyze and respond to complex incidents, manage threat detection processes, and lead remediation efforts. Day-to-day responsibilities include conducting thorough investigations, enforcing advanced security policies, collaborating with IT teams, and ensuring compliance with regulatory and industry standards. With 3–5 years of experience, you are expected to proactively identify and mitigate risks, provide strategic security recommendations, and contribute to shaping and improving the organization’s cybersecurity strategy. This position requires a proactive and forward-thinking approach to defending against sophisticated cyber threats and driving continuous improvement in the organization’s security posture.
 

Essential Responsibilities

Responsibilities listed in this section are core to the position. Inability to perform these responsibilities with or without an accommodation may result in disqualification from the position.

• Proactively Monitor and Analyze Threats.  Independently monitor SIEM, IDS/IPS, and other security tools to identify and prioritize complex security threats, minimizing potential risks to the organization.

• Lead Incident Response Activities.  Take ownership of incident response processes, including detection, containment, eradication, and recovery, while providing recommendations to prevent recurrence.

• Conduct Advanced Log Analysis.  Analyze logs and data from various sources, such as firewalls, servers, endpoints, and cloud environments, to detect sophisticated attacks or anomalies."

• Perform Threat Hunting.  Proactively search for undetected threats within the environment, leveraging threat intelligence, advanced techniques, and behavioral analysis.

• Optimize and Tune Security Tools.  Enhance the effectiveness of security tools by configuring alerts, fine-tuning detection rules, and identifying opportunities for automation."

• Provide Mentorship and Guidance.  Support junior analysts by sharing expertise, guiding investigations, and delivering training to improve overall team effectiveness.

• Conduct Root Cause Analysis.  Investigate the underlying causes of security incidents and provide actionable insights to mitigate risks and prevent future incidents."

• Maintain Threat Intelligence Awareness.  Stay updated on emerging threats, vulnerabilities, and attack methods, incorporating this knowledge into organizational defenses and playbooks.

• Collaborate Across Teams.  Work closely with IT, engineering, and external vendors to ensure seamless communication and effective resolution of security incidents."

• Enhance Incident Response Processes.  Refine and develop new incident response playbooks, procedures, and workflows to continuously improve the organization’s security posture."

General Responsibilities

• Performs other duties as assigned.

Minimum Qualifications

Education Requirements: Bachelor’s Degree required.

Experience Requirements: 0-3 years of experience in Cybersecurity Operations or a related IT role required.

License/Certification/Registration Requirements: Industry certifications in Cybersecurity, Incident Response, Forensics, Threat Hunting or IT security (e.g., Security+, CEH, CHFI) are desirable.

Knowledge/Skills/Abilities Required:

• Demonstrated experience using security monitoring tools such as SIEM (Security Information and Event Management) platforms, IDS/IPS (Intrusion Detection/Prevention Systems), and EDR (Endpoint Detection and Response) solutions to detect and analyze security events.

• Experience in analyzing emerging cyber threats, understanding threat intelligence feeds, and integrating threat data into security operations to enhance situational awareness and detection capabilities.

• Proven experience in handling security incidents, including triaging, investigating, and responding to alerts, identifying attack vectors, and implementing containment and remediation strategies.

• Experience working collaboratively with IT, DevOps, and other business units to integrate security into all aspects of technology and operational processes, ensuring a holistic and proactive approach to cybersecurity.

• Understanding TCP/IP, DNS, HTTP/S, and other protocols; familiarity with network topologies, routing, and switching.

• Experience with SIEM tools (e.g., Splunk, ArcSight), IDS/IPS, firewalls, antivirus, and endpoint detection and response (EDR) tools.

• Customer service orientation and prior customer service experience.

• Knowledge of NIST, ISO 27001, MITRE ATT&CK, OWASP, and regulatory compliance (e.g., GDPR, HIPAA, PCI-DSS).

• Awareness of current threats, actors, tactics, techniques, and procedures (TTPs) and ability to use threat intelligence tools.

• Ability to analyze security incidents, identify root causes, and execute incident response plans, including log analysis and packet capture.

• Effective communication with technical and non-technical stakeholders; ability to collaborate with cross-functional teams.

• Skill in troubleshooting complex security issues and applying appropriate mitigation techniques.

• Commitment to ongoing learning and research to remain up-to-date with the latest threats, vulnerabilities, and attack techniques.

Current OU Health Employees - Please click HERE to login.

OU Health is an equal opportunity employer. We offer a comprehensive benefits package, including PTO, 401(k), medical and dental plans, and many more. We know that a total benefits and compensation package, designed to meet your specific needs both inside and outside of the work environment, create peace of mind for you and your family.