Cloud Security Analyst
Company Northwestern Medicine
Location Chicago, IL (Remote)
Preferred GIAC Certifications GCIA, GCIH, GCTD, GCLD
Travel 0%
Salary Not provided
Contact Name CJ Miller
Contact Email clarence.miller.jr/at/
Expires 2023-05-16

Job Description

Location Remote work from Illinois, Wisconsin, Indiana, Missouri, Iowa, or Ohio


$10,000 Tuition Reimbursement per year ($5,700 part-time)
$6,000 Student Loan Repayment ($3,000 part-time)
$1,000 Professional Development per year ($500 part-time)
$250 Wellbeing Fund per year($125 for part-time)
Annual Employee Merit Increase and Incentive Bonus
Paid time off and Holiday pay


The Cloud Security Analyst reflects the mission, vision, and values of NM, adheres to the organization’s Code of Ethics and Corporate Compliance Program, and complies with all relevant policies, procedures, guidelines and all other regulatory and accreditation standards.

The Cloud Security Analyst is responsible for providing security for cloud-based digital platforms and plays an integral role in protecting NMHC's data. The security analyst will be extensively involved with security event monitoring, evaluating and reporting on information security that supports risk posture. Responsibilities also include investigate, create, and recommend innovative technologies or other methods that will enhance the security of cloud-based environments.


Cloud Security Skills:
Threat and Vulnerability Management - Continuously acquire, assess, and take action on new information in order to identify vulnerabilities, remediate, and minimize the window of opportunity for attackers throughout our cloud service

Malware protection - Prevent, detect and respond to the installation, spread, and execution of malicious code at multiple points in the enterprise, while optimizing the use of automation to enable rapid updating of defense, data gathering, and corrective action

System hardening - Establish, implement, and actively manage (track, report on, correct) the security configuration cloud resources using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings

Data protection - Define and manage processes and tools used to prevent data exfiltration, mitigate the effects of exfiltrated data, and ensure the privacy and integrity of sensitive information (DLP, GASB…)

Log management/Security Analysis - Collect, manage, and analyze audit logs of events that could help detect, understand, or recover from an attack

Incident Response - Protect the organization's information, as well as its reputation, by developing and implementing an incident response infrastructure (e.g., plans, defined roles, training, communications, management oversight) for quickly discovering an attack and then effectively containing the damage, eradicating the attacker's presence, and restoring the integrity of the network and systems

Penetration Tests and Red Team – coordinate testing the overall strength of an organization's defense (the technology, the processes, and the people) by simulating the objectives and actions of an attacker

General Technical Skills:

Maintains solid technical competence for assigned services and systems while grasping the integration and interaction of all supported services and systems

Provides technical support for computing systems security

Strong operations experience focused on public cloud security

Maintains a broad working knowledge of the full range of NMHC IT security policies and controls

Understanding of cloud infrastructure security and networking, governance, maintaining compliance, creating security policies and blueprints, security in layers concepts, key vaults, intrusion protection, risk mitigation and automated security remediation (SecOps)

Works directly with project managers to understand application objectives, develop scope of project, outline effort projections, determine schedules, and finalize plans

Establishes and enforces standards and procedures in accordance with NMHC’s security policies
Provides technical leadership including the identification and implementation of NMHC best practice standards

Code using modern scripting languages (Python, Ruby, PowerShell, JavaScript)

Customer Service:
Develops reports, monitoring dashboards, workflows, and metrics within cloud and hybrid environments

Responds thoroughly and promptly to customer needs as defined in conjunction with our customers

Manages customer relationships and follows issues through to closure

Includes all aspects of customers (NMHC technology users, IS team members, etc.)

Works effectively in supporting the Information Service team with project and support activities

Actively participates and communications with the project teams

Understands the business and clinical processes at NMHC and the operational environments of assigned customers

Additional Functions
Providing on-call support is required.



3+ years technical experience
Excellent verbal and written communications skills

Bachelor's degree in computer science or related field
3+ years of experience in core discipline in the healthcare industry

Equal Opportunity

Northwestern Medicine is an affirmative action/equal opportunity employer and does not discriminate in hiring or employment on the basis of age, sex, race, color, religion, national origin, gender identity, veteran status, disability, sexual orientation or any other protected status.