ARUP Laboratories, Inc
IT Info Security Anlst III
ARUP Laboratories, Inc, Salt Lake City, Utah, United States, 84193
Schedule
Monday - Friday (40 hrs/wk)
8:00 AM - 5:00 PM
Department : IT General - 210
Primary Purpose
:
The Information Security Analyst is responsible for monitoring, detecting, and responding to security threats across the organization’s IT environment. Working within the Security Operations Center (SOC), this role ensures the confidentiality, integrity, and availability of information systems. The analyst collaborates with IT and business teams to protect sensitive data and maintain regulatory compliance.
About ARUP ARUP Laboratories is a national clinical and anatomic pathology reference laboratory and an enterprise of the University of Utah and its Department of Pathology. Based in Salt Lake City, Utah.
ARUP proudly hires top talent to create a work environment of diversity, professional growth and continuous development. Our workforce is committed to the important service we provide to over one million patients each month. We always strive for excellence and have a strong desire to have involvement with the advances in medicine and the role laboratory services plays within each patient’s life. We never forget that there is a patient behind every specimen we receive.
We are looking for individuals who want to contribute to ARUP's culture of accountability, integrity, service, and excellence. Consider joining our dynamic team.
Essential Functions
Advanced Threat Monitoring and Analysis: Lead threat monitoring activities to detect and analyze complex security incidents using SIEM tools, IDS/IPS, EDR, and other advanced security platforms.
Triage, investigate, and respond to security incidents in accordance with established procedures, including containment, eradication, and recovery.
Analyze logs from firewalls, IDS/IPS, endpoint protection platforms, SIEM, and other sources to detect and assess security events.
Incident Response and Coordination: Direct and manage incident response actions, from identification through containment, eradication, and recovery.
Participate in on-call as required to ensure 24/7 monitoring and response coverage.
Document investigations, actions taken, and outcomes in case management systems with accuracy and clarity.
Collaborate with SOC analysts, IT teams, and other departments (quality, compliance, legal, finance, executive) to resolve incidents, share threat intelligence, and support audits or legal holds.
Follow and contribute to the improvement of SOC playbooks, workflows, and standard operating procedures.
Identify, test, implement, and administer technologies that protect the organization’s information infrastructure.
Track, monitor, and report on key performance indicators (KPIs) and metrics (such as MTTD and MTTR) to measure the effectiveness of security operations and drive continuous improvement.
Perform periodic risk assessments, security reviews, and audits to ensure regulatory and security requirements are met; assist with remediation planning and follow-up.
Support malware analysis, containment efforts, and forensic investigations as directed, including responding to security emergencies during and after business hours.
Participate in ongoing corporate information security awareness training, notifications, and updates.
Communicate findings and recommendations clearly to technical and non-technical stakeholders.
Maintain confidentiality and integrity of sensitive information encountered during investigations.
Stay current with emerging threats, attack techniques, regulatory requirements (e.g., HIPAA, PCI), and security technologies through continuous learning and training.
Assist in the implementation, maintenance, and improvement of the organization-wide information security program.
Perform project leadership tasks on select security projects as assigned.
Mentorship and Training: Provide guidance, training, and mentorship to junior and mid-level analysts, fostering a culture of continuous improvement and knowledge sharing within the team.
Lead IR efforts.
Perform other duties as assigned.
Physical and Other Requirements
Stooping: Bending body downward and forward by bending spine at the waist
Reaching: Extending hands and arms in any direction
Mobility: Occasionally move between work sites and inside the office to access file cabinets, office machinery, etc.
Communication: Frequently and effectively communicate with others
PPE: Biohazard laboratory environment requiring use of personal protective equipment in accordance with CDC and OSHA regulations and company policies
ARUP Policies and Procedures: Conduct self in compliance with all ARUP Policies and Procedures
Medium Work: Exerting up to 50 pounds of force occasionally, up to 30 pounds frequently, and up to 10 pounds constantly to move objects
Fine Motor Control: Picking, pinching, typing, or otherwise working primarily with fingers
Vision: Close, far, and peripheral visual acuity to perform a variety of tasks
Color Vision: Ability to distinguish colors
Continuing Education: Continual assessment of current literature and best practices
Qualifications Education
Required: High School Diploma or Equivalent or better in Gender Studies or related field.
Preferred: Associates Degree or better in Information Systems or related field.
Preferred: Bachelor's Degree or better in Information Systems Security or related field.
Experience
Required: Bachelor’s degree in information security, information systems, or related field and four years of applicable work experience
Required: Associate’s degree and six years of applicable work experience
Required: High School diploma and eight years of applicable work experience
Required: Experience supporting desktop and server OS devices
Preferred: Additional security certificates (e.g., Security+, SSCP, CySA+)
Preferred: Experience with PCI, NIST, and CIS regulatory requirements, risk assessments, and required controls
Preferred: Intermediate understanding of network, server, storage, database and desktop operations and interrelationships
Preferred: Experience with HIPAA/HITECH regulatory requirements, risk assessments and required controls
Preferred: Experience implementing and administering systems such as SIEM, Anti-Virus, MFA, Threat Hunting, Detection Engineering, SOAR etc.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities This employer is required to notify all applicants of their rights pursuant to federal employment laws.For further information, please review the Know Your Rights notice from the Department of Labor.
#J-18808-Ljbffr
Department : IT General - 210
Primary Purpose
:
The Information Security Analyst is responsible for monitoring, detecting, and responding to security threats across the organization’s IT environment. Working within the Security Operations Center (SOC), this role ensures the confidentiality, integrity, and availability of information systems. The analyst collaborates with IT and business teams to protect sensitive data and maintain regulatory compliance.
About ARUP ARUP Laboratories is a national clinical and anatomic pathology reference laboratory and an enterprise of the University of Utah and its Department of Pathology. Based in Salt Lake City, Utah.
ARUP proudly hires top talent to create a work environment of diversity, professional growth and continuous development. Our workforce is committed to the important service we provide to over one million patients each month. We always strive for excellence and have a strong desire to have involvement with the advances in medicine and the role laboratory services plays within each patient’s life. We never forget that there is a patient behind every specimen we receive.
We are looking for individuals who want to contribute to ARUP's culture of accountability, integrity, service, and excellence. Consider joining our dynamic team.
Essential Functions
Advanced Threat Monitoring and Analysis: Lead threat monitoring activities to detect and analyze complex security incidents using SIEM tools, IDS/IPS, EDR, and other advanced security platforms.
Triage, investigate, and respond to security incidents in accordance with established procedures, including containment, eradication, and recovery.
Analyze logs from firewalls, IDS/IPS, endpoint protection platforms, SIEM, and other sources to detect and assess security events.
Incident Response and Coordination: Direct and manage incident response actions, from identification through containment, eradication, and recovery.
Participate in on-call as required to ensure 24/7 monitoring and response coverage.
Document investigations, actions taken, and outcomes in case management systems with accuracy and clarity.
Collaborate with SOC analysts, IT teams, and other departments (quality, compliance, legal, finance, executive) to resolve incidents, share threat intelligence, and support audits or legal holds.
Follow and contribute to the improvement of SOC playbooks, workflows, and standard operating procedures.
Identify, test, implement, and administer technologies that protect the organization’s information infrastructure.
Track, monitor, and report on key performance indicators (KPIs) and metrics (such as MTTD and MTTR) to measure the effectiveness of security operations and drive continuous improvement.
Perform periodic risk assessments, security reviews, and audits to ensure regulatory and security requirements are met; assist with remediation planning and follow-up.
Support malware analysis, containment efforts, and forensic investigations as directed, including responding to security emergencies during and after business hours.
Participate in ongoing corporate information security awareness training, notifications, and updates.
Communicate findings and recommendations clearly to technical and non-technical stakeholders.
Maintain confidentiality and integrity of sensitive information encountered during investigations.
Stay current with emerging threats, attack techniques, regulatory requirements (e.g., HIPAA, PCI), and security technologies through continuous learning and training.
Assist in the implementation, maintenance, and improvement of the organization-wide information security program.
Perform project leadership tasks on select security projects as assigned.
Mentorship and Training: Provide guidance, training, and mentorship to junior and mid-level analysts, fostering a culture of continuous improvement and knowledge sharing within the team.
Lead IR efforts.
Perform other duties as assigned.
Physical and Other Requirements
Stooping: Bending body downward and forward by bending spine at the waist
Reaching: Extending hands and arms in any direction
Mobility: Occasionally move between work sites and inside the office to access file cabinets, office machinery, etc.
Communication: Frequently and effectively communicate with others
PPE: Biohazard laboratory environment requiring use of personal protective equipment in accordance with CDC and OSHA regulations and company policies
ARUP Policies and Procedures: Conduct self in compliance with all ARUP Policies and Procedures
Medium Work: Exerting up to 50 pounds of force occasionally, up to 30 pounds frequently, and up to 10 pounds constantly to move objects
Fine Motor Control: Picking, pinching, typing, or otherwise working primarily with fingers
Vision: Close, far, and peripheral visual acuity to perform a variety of tasks
Color Vision: Ability to distinguish colors
Continuing Education: Continual assessment of current literature and best practices
Qualifications Education
Required: High School Diploma or Equivalent or better in Gender Studies or related field.
Preferred: Associates Degree or better in Information Systems or related field.
Preferred: Bachelor's Degree or better in Information Systems Security or related field.
Experience
Required: Bachelor’s degree in information security, information systems, or related field and four years of applicable work experience
Required: Associate’s degree and six years of applicable work experience
Required: High School diploma and eight years of applicable work experience
Required: Experience supporting desktop and server OS devices
Preferred: Additional security certificates (e.g., Security+, SSCP, CySA+)
Preferred: Experience with PCI, NIST, and CIS regulatory requirements, risk assessments, and required controls
Preferred: Intermediate understanding of network, server, storage, database and desktop operations and interrelationships
Preferred: Experience with HIPAA/HITECH regulatory requirements, risk assessments and required controls
Preferred: Experience implementing and administering systems such as SIEM, Anti-Virus, MFA, Threat Hunting, Detection Engineering, SOAR etc.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities This employer is required to notify all applicants of their rights pursuant to federal employment laws.For further information, please review the Know Your Rights notice from the Department of Labor.
#J-18808-Ljbffr