Information Security Analyst
The Information Security Analyst will proactively monitor the enterprise security and risk posture of production systems and infrastructure, while identifying and escalating potential incidents or anomalies for further investigation. The ideal candidate must be able to work independently and have project management skills.
Desired areas of knowledge include vulnerability assessment, intrusion prevention and detection, access control and authorization, firewall rulesets, encryption, web-filtering, advanced threat protection and infrastructure security.
It is expected that the Information Security Analyst will be experienced in HIPAA regulations, HITRUST and SOC2 audit requirements, control frameworks and other technology processes.
- Review and analyze alerts and logs from firewalls (FW), intrusion detection/protection systems (IDS/IPS), antivirus (AV), SIEM/logging and event solutions and other security threat data sources to gain awareness and report on potentially suspicious and anomalous activity.
- Work closely with internal technology, application, legal and business teams to identify requirements for NIST/CMS, HIPAA/HITECH, HITRUST and other regulatory compliance requirements, develop implementation approaches and monitoring of their progress.
- Assist with formulation and distribution of information weekly/monthly/quarterly metrics and event reports.
- Following up on outstanding security audit and penetration testing findings
- Document new or changed applications and/or technology infrastructure elements with a security impact managing the lifecycle through a change management process.
- Participate in the design and execution of vulnerability assessments, penetration tests and security audits.
Skills and Requirements
- Minimum of 3-5 years of IT security experience, at least one security certification preferred (CISSP, CISA, etc.).
- 3-5+ years of relevant experience with vulnerability scanners and web application testing tools such as Nessus, Kali Linux/Nmap, NeXpose, Metasploit, Wireshark, etc.
- Advanced experience of OWASP top 10 and SANS 25 vulnerabilities and how to mitigate these vulnerabilities from an architecture/coding perspective.
- Advanced experience of APT, botnets and associated tools, tactics and procedures.
- 2+ years of relevant audit, information risk, security, or compliance experience with a firm understanding of risk assessment and analysis techniques.
- Knowledge of IT data security compliance programs including HITRUST, SOC 2, HIPAA/HITECH, NIST/CMS.
- Efficient with OS Security, Windows & Linux.
- Hands on technical knowledge of network security, current information security threats and incident management concepts and practices.
- Bachelor’s degree (pref. computer science or related field).
- Strong critical thinking and problem solving skills.
- Excellent written and oral communications skills.
Additionally, candidate should have excellent communication skills and the ability to partner with employees and customers.
Interested candidates should submit their resume to firstname.lastname@example.org. Please include “Security Analyst” and your last name in the subject line.
FAIR Health, Inc. is an equal opportunity employer and an e-verify participant.