THIS IS A FULLTIME JOB : NOT A CONTRACT OPPORTUNITY
MUST LIVE OR RELOCATE TO OR, WA, ID, UT, NV, AZ
Experience and / or Education
Required
Minimum 3 years’ experience delivering information security solutions and related services. Experience must include at least 4 of the following : WAN firewalls Design, configuration, and ongoing support of network security systems Encryption methods and privacy technologies Developing secure collaboration solutions with external partners or affiliates Computer security technologies, such as firewalls, antivirus, and security monitoring Risk analysis, audit, and policy compliance Application security assessments Third party / partner security assessments Managing vendor relationships ITIL concepts and practices CISSP or similar certification (e.
g., Security+, CySA, CASP+, etc.)
Job Summary
The Information Security Analyst II position implements and maintains security solutions to protect client computer networks and data from cyberattacks.
This includes influencing and recommending the selection of effective solutions that support organization strategies. This is a strategic position that works with infrastructure, service support and development teams to provide top-notch capabilities to monitor for system weaknesses, indicators of compromise and threat trends.
Tools and platforms utilized to protect valuable assets and data include endpoint protection, SIEM, firewalls, vulnerability management and others.
The position also spends substantial time evaluating, designing, and implementing IS policies and systems (plan, design, install, and maintain).
Essential Responsibilities
Security Design and Development
- Actively participate in the design and maintenance of security technologies, including but not limited to, SIEM platforms, Intrusion Detection and Prevention systems, anti-malware platforms, vulnerability management, event logging, and other security services.
- Provide advanced knowledge of security technology to the organization and participate in and consult on projects.
- Participate in the development of technical infrastructure configuration standards aligned with HIPAA Security Rules, NIST Framework, and generally recognized security best practices for assigned technology domains.
- Contribute to the improvement of the organization’s incident response plans.
- Provide input and updates for the Security Awareness Training program.
- Participate in the creation of assessments to verify the security of new software, online services, third-party vendors and business partners.
- Contribute to the development of standard metrics to track the effectiveness of the Security Program.
- Security Management and Operations
- Execute tasks related to service requests, primarily for intermediate to advanced level information security activities.
- Participate in the ongoing review of systems to ensure they are designed to comply with established security standards.
- Participate in cybersecurity Incident Response activities and contribute to the development of policies and procedures;
participate in regular testing of and training for Incident Response plans.
- Update and actively maintain security systems, including Intrusion Detection and Prevention systems, anti-malware platforms, vulnerability management, event logging and other security services.
- Evaluate applications for compliance with Client’s security standards and policies.
- Analyze organization needs; identify potential risks and mitigation and research and recommend solutions.
- Create, run and review reports on information security system performance and event anomalies; identify substantial gaps based on findings, and make minor and advanced internal adjustments.
- Develop and maintain appropriate technology documentation, including documentation about the current system design and operation.
- Contribute to the design of security assessments to compare different infrastructure options as part of platform upgrades.
- Participate in regular Risk Analysis and Penetration Testing efforts.
- Contribute to remediation planning.
- Standards and Policy Administration
- Propose requirements and standards for information security.
- Participate in developing and maintaining information security policies.
- Participate in the creation and support of disaster recovery and organization continuity plans and initiatives.
- Respond to both internal and external security audits.
- Vendor Coordination and Relations
- Research and evaluate products and vendors; present recommendations to senior Information Security Analysts and / or leadership.
- Establish and maintain effective relationships with vendors; coordinate installation and repair services.
- Maintain service contracts and licensing; monitor adherence to SLAs with outside parties; escalate issues as needed.
- Organizational Responsibilities
- Perform work in alignment with the organization’s mission, vision and values.
- Support the organization’s commitment to equity, diversity and inclusion by fostering a culture of open mindedness, cultural awareness, compassion and respect for all individuals.
- Strive to meet annual business goals in support of the organization’s strategic goals.
- Adhere to the organization’s policies, procedures and other relevant compliance needs.
- Perform other duties as needed.
- Experience and / or Education
Required
- Knowledge, Skills and Abilities Required
- Advanced knowledge and abilities in at least 3 of the following technologies : Data loss prevention (DLP) Intrusion Detection systems (IDS) Intrusion Prevention systems (IPS) Anti-malware systems Vulnerability Management systems Logging and / or SIEM systems Network firewalls and security appliances Cloud security
- Understanding of network transport protocols and industry standards
- General systems infrastructure knowledge, including Active Directory or identity management systems
- Process orientation with awareness and / or knowledge of ITIL concepts
- Advanced knowledge of security incident management response and procedures