DESCRIPTION

This is a position in the Health Information Security Operations team as an Information Security Analyst. The primary responsibility includes processing security change requests, responding to alerts generated by security monitoring tools, investigating security related anomalies, protecting and maintaining the security of data, systems and networks as well as defining the security requirements that must be implemented in IT solutions. Team members plan, configures, designs, develops, implements and maintains tools, systems and procedures to insure the integrity, reliability and security of data, systems and networks.

Technical leader with a high degree of knowledge in the overall field and recognized expertise in specific areas; problem-solving frequently requires analysis of unique issues/problems without precedent and/or structure. May manage programs that include formulating strategies and administering policies, processes, and resources; functions with a high degree of autonomy. Seeking candidates with experience defining the security requirements for safeguarding an Active Directory domain and utilizing best practices for securing cloud solutions in Azure, AWS and Google Docs.

MINIMUM QUALIFICATIONS

• Nine (9+) years or more of related experience, education/training i.e defining the security requirements for cloud solutions, OR a Bachelor's degree in related area plus five (5+) years or more of related experience/training i.e defining the security requirements for cloud solutions.

• Thorough understanding of the risk assessment requirements and demonstrated skills to conduct, analyze and document risk assessments at the enterprise level as defined in HIPAA andHITECH.

• Advanced knowledge of IT security. Extensive expertise in security policy creation and compliance monitoring, auditing methodology, and conducting technology risk assessments.

• Advanced experience with web application and network/endpoint vulnerability scanning and remediation, pen testing, sensitive data discovery and data loss prevention systems.

• Demonstrated skill at administering complex security controls and configurations to computer hardware, software and networks.

• Understanding of network/host firewalls, application gateways/proxies, anti-malware, patch management, disk encryption, centralized configuration, log management, system hardening practices, etc.

• Proven skills applying security controls to computer software and hardware. Solid understanding of information security policies, standards, industry best practices, and frameworks (ISO 27K, NIST 800-115, PCI DSS, HIPAA, FERPA, etc.).

• Advanced experience in incident response and digital forensics including reporting. Expert knowledge of forensic processes, standards and tools.

• Demonstrated knowledge of networking technology.

• Advanced knowledge of data encryption technologies and experience selecting and applying appropriate data encryption technologies.

• Expert understanding of cryptography and strengths/weaknesses of various encryption ciphers and hash functions.

• Proven knowledge of secure hardware, software and network design techniques.

• Strong skill at analyzing and preventing security incidents of high complexity.

• Experience with defining security requirements for an Active Directory enterprise domain.

• Solid interpersonal skills sufficient to work effectively with both technical and non-technical personnel at various levels in the organization. Ability to quickly develop knowledge of department processes and procedures.

PREFERRED QUALIFICATIONS

• Experience with SEIM and security log analysis tools such as Splunk, Stealth Watch, Fireye, Log Insight or similar tools.
• Healthcare experience.
• Information Security certification such as CISSP, CISA, CISM, CCSFP, etc.

SPECIAL CONDITIONS

• Must be able to work various hours and locations based on business needs.
• Employment is subject to a criminal background check and pre-employment physical.