Healthesystems offers workplace flexibility with our Work-From-Home model, and a competitive compensation and benefits package including healthcare coverage, PTO, paid holidays, 401(k), company-provided life insurance/disability coverage, wellness options, and more.
Note: we are unable to hire in every state
Summary: The Information Security Analyst, Associate works with the Information Security team to identify, protect, detect, respond, and recover from security related events through the implementation of all applicable mitigation solutions to eliminate the risk. This position will perform continuous monitoring of all network resources, carryout in-depth analysis of security risks and assist with the development of mitigation solutions, while conducting regular vulnerability audits, and risk assessments. The Information Security Analyst, Associate will also be required to actively participate in the management and administration of information security related requests, as well as participate in the administration creation and/or maintenance of policies, standards, baselines, guidelines, and procedures. Where applicable, the Information Security Analyst, Associate will work with Application Security Test Engineers in the selection and implementation of new security solutions, to promote secure-by-default designs, in support of secure application development and sustainment, ensuring information systems and infrastructure will be secured throughout the software/system development life cycle (SDLC).
Key Responsibilities: "To simplify complexities for each customer."
- Participate in the monitoring of defense in-depth security measures, Data Loss Prevention (DLP), digital forensics, vulnerability assessments, penetration tests, hardware and software remediation strategies, malware prevention, security audits and remediation activities. Will also assist with the handling of security incident responses.
- Actively participate in the monitoring and administration of all information security requests to ensure they receive proper verification, validation, and authorization prior to being approved.
- Maintain up-to-date detailed knowledge of the Information security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
- Provide support for security activities in the software/system development life cycle (SDLC) and application development efforts.
- Assist with the administration creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures).
Qualifications/Education/Certifications:
Bachelor's degree from four-year college or university (in Information Technology, Computer Science, or a related field preferred) plus 0-2 years of related experience; or equivalent combination of education and experience.
Prefer one or more of the following active certifications: CISSP, CISM, CISA, CEH, CompTia Security+, GCIA, GPEN or GSEC.
Knowledge, Skills and Abilities:
- Experience working in an enterprise architecture, information security, information technology or information risk management related field.
- Experience with technical security controls (e.g. AAA, multi-factor authentication, network or host based firewalls, network or host based intrusion detection/prevention systems, anti-virus, encryption, Virtual Private Networks (VPN), web application firewalls, configuration management, host hardening, continuous monitoring, incident response, or data loss prevention administration) within an organization or in a consulting capacity.
- Experience conducting security and IT control audits assessments.
- Experience working with vulnerability scanners.
- Experience working with penetration testing tools (Metasploit, Nmap, and Burp Suite)
- Must demonstrate understanding of infrastructure and application security requirements and architecture.
- Demonstrated experience with security architecture solutions for large, critical systems and an understanding of Information Security standards, frameworks/methodologies, and best practice (NIST, ISO 2700x, CIS, ITIL, CoBIT, OCTAVE, GLBA).
- Understanding of host security architecture best practices.
- Understanding of network security architecture best practices.
- Ability to work well under pressure and to meet tight deadlines.
- Demonstrate a high level of motivation, confidence, integrity, and responsibility.
- Possess excellent written and verbal communication skills, presentation, and problem-solving skills and be able to interact well with peers and internal customers.
Physical Demands/Working Conditions:
Duties are performed primarily in a home office setting utilizing computer equipment. Travel to attend meetings and visit locations throughout the country may be required. While performing the duties of this job, the employee is regularly required to sit and talk or hear. The employee is frequently required to use hands. The employee is occasionally required to stand and walk.*** Job descriptions will be reviewed and are subject to changes of business necessity. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
To facilitate working from home, and as a requirement for this role, candidates must provide their own reliable, high speed internet access with sufficient bandwidth to execute all job functions. Company laptop will be provided.
Healthesystems California Prospective Employee Privacy Notice