This is an exciting opportunity with one of Pittsburgh’s most innovative companies at the forefront of advanced imaging technology for healthcare, law enforcement, defense, and safety and security. We pioneered the advancement of Molecular Chemical Imaging into the patented technology that is used in our solutions today.
Established in 1994, ChemImage has developed technology that incorporates hyperspectral imaging, proprietary software and algorithms, machine learning, and liquid crystal filters. Our technology helps clinicians perform their jobs more efficiently for improved patient outcomes and helps law enforcement professionals better serve the communities they have sworn to protect. Our mission is to make the world healthier and safer by enabling these professionals to see things that were previously unseen in order to bring an Awareness of Things® that wasn’t possible before.
In 2020 we established our People First program that focuses on employees and their importance to the success of our organization. While we work hard, we also have fun, and give back to our community through company events. Our HR strategy is to attract and retain top talent in all functional areas.
We are seeking a talented Information Security Analyst to join our expanding team.
In this role, monitor the organization's information systems and information assets to immediately detect, verify and respond swiftly to cyber threats. Identify and correct flaws in the information security systems, solutions and programs while recommending measures that can improve the company's overall security posture.
Principal (Essential Duties):
Responsible for monitoring the information security environment to immediately detect, verify and respond swiftly to cyber threats, e.g. vulnerability exploitation, malware, cyber-attacks, etc.
Support security architecture and guiding principles and apply to information technology initiatives
Deliver technical guidance related to enhancing the security posture of information systems solutions • Participate in the security governance model, establishing policies, standards, and best practices
Contribute by addressing changes in the external threat landscape that have an impact on the use of on-premises and cloud computing technologies
Assist with the design and implementation of security architecture controls to meet compliance requirements
Manage the life-cycle of vulnerabilities from discovery, triage, advising, remediation, and validation
Assist with incident response through the life cycle including following up with lessons learned and remediation measures to prevent similar future incidents
Generate reports for IT Manager and business manager to evaluate the efficacy of the security policies in place
Conduct routine and ad hoc security assessments of IT infrastructure, enterprise applications, and production systems
Conduct risk assessments, vulnerability assessments, and defense planning on an ongoing basis
Perform regular gap analysis and auditing/monitoring of activities for anomalous or security relevant events; participates in the identification of root causes to determine and implement corrective actions/preventive actions
Monitor and test the deployment of security infrastructure to ensure its full deployment and effectiveness
Act as a champion to promote information security awareness within the organization, as well as, developing and facilitating internal training programs to elevate awareness on information security practices
Assists with product evaluations; recommend and helps implement enterprise security products/services
Assists with the installation, configuration, and deployment of cybersecurity infrastructure across workstations, servers and system platforms
Assists with the development, planning and performance of penetration tests; interprets results, and develops and communicates recommendations for improvement to management
Assists with the ongoing management of compliance audit strategy and program; works with the key compliance stakeholders to identify and remediate cybersecurity risks in a timely fashion
Provides guidance and training to other members of the IT team, as required
Knowledge, Skills & Abilities:
Must be a critical thinker, problem-solver with great attention to detail and the ability to thrive under pressure
Must have a proactive mindset and also be highly responsive when required to be reactive
Possesses an unrelenting drive to achieve and maintain optimal levels of security
Possesses strong analytical, interpersonal, verbal/written communication and problem-solving skills
Demonstrated collaborative skills and ability to work well within a team
Self-motivated with critical attention to detail, deadlines and reporting
Working Conditions/Physical Demands:
While performing the duties of this job, the employee must be able to:
Travel up to 20% representing ChemImage.
Perform medium work - exerting up to 50 pounds of force occasionally and up to 20 pounds of force frequently.
See and perform tasks requiring manual dexterity; standing, walking, climbing, balancing, stooping kneeling, crouching, reaching and other similar tasks requiring physical activity and repetitive motions.
Use of general tools and cleaning supplies. Routine exposure to dust and cleaning supplies.
Work setting is primarily office based but conditions may involve limited exposure to chemicals, emitted radiation, fumes, dust, odors, gases and other substances when in a laboratory environment. Must adhere to all Personal Protective Equipment (PPE) policies as required.
Two plus years of related work experience in performing a cybersecurity role or duties combined with a professional cybersecurity certification such as; Certified Information Systems Security Professional (CISSP), Certification in Certified Intrusion Analyst (GIAC), Continuous Monitoring (GMON), Certified Ethical Hacker (CEH), CompTIA Network+ or equivalent
Experience in security technologies such as; vulnerability assessment tools, SIEM, firewalls, proxies, network, and host-based intrusion prevention, DLP, Endpoint detection and response (EDR), Anti-Virus, Sandboxing, Threat Intelligence, Penetration Testing, etc.
Knowledge of Advanced Persistent Threats (APT) tactics, techniques and procedures
Understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity, etc.
Understanding of common network infrastructure devices such as routers and switches
Understanding of basic networking protocols such as TCP/IP, DNS, HTTP
Basic knowledge in system security architecture and security solutions
Basic knowledge of Windows and Linux command line interface (CLI)
Experience using industry standard or open source vulnerability scanning or security patching tools
Strong working knowledge of operating system and network security principles
Interest in structured approaches to system configuration management