Senior Security Operations Center (SOC) Analyst

HealthPartners is currently hiring for a Senior Security Operations Center (SOC) Analyst. We are seeking a dedicated and detail-oriented Senior Cyber Security Analyst to join our information security team. The analyst is responsible for investigating potential threats detected by our information security tools, such as firewalls, endpoint detection and response (EDR) systems, and other monitoring technologies. This investigation process includes alert investigation, log analysis to build a timeline of events both before and after the event, malware analysis in a dedicated lab environment, and forensic analysis of impacted devices. This role also plays a critical role in enhancing HealthPartners’ threat detection capabilities by creating custom detections tailored to the evolving threat landscape. The analyst leverages SOAR (Security Orchestration, Automation, and Response) tools to design and implement automated playbooks to streamline incident response and improve operational efficiency. 

The SOC Analyst educates HealthPartners leadership on potential risks and vulnerabilities by staying up to date with emerging threats and cyber threat intelligence. The analyst also supports company-wide initiatives which includes risk assessments and red team tabletop exercises. Through these processes, HealthPartners can ensure a proactive security posture. 

Required Qualifications: 

• Bachelor’s degree or equivalent
• Five (5) years’ experience in Information Technology
• Three (3) years’ experience in Information Security
• Knowledge of the security aspects of multiple system platforms, operating systems, software communications, and network protocols.
• Experience coordinating projects.
• Knowledge of structured methodologies and standards such as ISO 27000, NIST, PMI, ITIL, CMMI, OWASP, and CoBit
• Knowledge of federal and state security-related legislation including HIPAA, PCI, JCAHO, NCQA

Preferred Qualifications:

• Relevant security certification (OSCP, GCIH, GCIA, CISSP, Security +, etc.)
• Experience with Palo Alto Networks and Microsoft Security solutions
• Experience with host, network and email-based investigations & security tools.
• EDR\XDR and NGFW experience
• Experience working in a SOC or incident response team.
• Malware analysis or experience reviewing static and dynamic analysis findings.
• Forensics experience using open source or licensed tools such as Magnet AXIOM
• Experience with PowerShell, Python, JavaScript, or other relevant languages leveraged by adversaries.
• Experience with SOAR solutions or other automation experience
• Experience with threat intelligence platforms and indicator gathering & processing.
• Excellent critical thinking skills, attention to detail, logic, and analytical mindset
• The ability to stay calm and work under pressure.
• The ability to independently investigate security events and follow leads.
• Excellent written and verbal communication skills
• The ability to present security event findings to other analysts and leadership.

Hours/Location:

• M-F; Days
• Position may work remotely but will prefer local/regional candidates for occasional onsite needs.
• The analyst will be part of an on-call rotation that averages once every six (6) weeks.

Accountabilities:

• Primary function will consist of investigating and responding to security events as detected by endpoint, network and email based security solutions leveraged by HealthPartners.
• Documentation of security event findings as part of the incident response process.
• Threat hunting and custom rule development.
• Management and support of tools and security solutions owned and maintained by CTU.
• Participation in an on call rotation providing 24/7 investigation and response to security events which meet certain criteria.
• Work within the Cyber Threat Unit to develop new automation playbooks.
• Promotes IS&T’s security program to ensure the confidentiality, integrity and availability of HealthPartners’ network and infrastructure.
• Performs security forensic services, gathering and consolidating data artifacts.
• Monitors security event reports and actions; ensuring the appropriate response is performed and coordinated.
• Assists with the coordination and development of system security enhancements.
• Maintains awareness of the latest developments in key areas of responsibility and brings forward opportunities that might benefit the organization.

At HealthPartners we believe in the power of good – good deeds and good people working together. As part of our team, you’ll find an inclusive environment that encourages new ways of thinking, celebrates differences, and recognizes hard work.

We’re a nonprofit, integrated health care organization, providing health insurance in six states and high-quality care at more than 90 locations, including hospitals and clinics in Minnesota and Wisconsin. We bring together research and education through HealthPartners Institute, training medical professionals across the region and conducting innovative research that improve lives around the world.

At HealthPartners, everyone is welcome, included and valued. We’re working together to increase diversity and inclusion in our workplace, advance health equity in care and coverage, and partner with the community as advocates for change.

Benefits Designed to Support Your Total Health
As a HealthPartners colleague, we’re committed to nurturing your diverse talents, valuing your dedication, and supporting your work-life balance. We offer a comprehensive range of benefits to support every aspect of your life, including health, time off, retirement planning, and continuous learning opportunities. Our goal is to help you thrive physically, mentally, emotionally, and financially, so you can continue delivering exceptional care.

Join us in our mission to improve the health and well-being of our patients, members, and communities.

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant because of race, color, sex, age, national origin, religion, sexual orientation, gender identify, status as a veteran and basis of disability or any other federal, state or local protected class.