Information Security Analyst
Summary of Position
The Information Security Analyst will support security operations and proactively monitor the enterprise security and risk posture of production systems and infrastructure, while identifying and escalating potential incidents or anomalies for further investigation. The ideal candidate must be able to work independently and have project management skills.
Desired areas of knowledge include access control and authorization, vulnerability management, intrusion prevention and detection, network security, encryption, endpoint protections, incident response and risk mitigation.
Experience with HIPAA regulations, third-party assessments (e.g., HITRUST, SOC2), industry security frameworks and other technology processes is ideal.
- Review and analyze alerts and logs from firewalls (FW), endpoint protection tools (e.g., antivirus, DLP), SIEM and other security threat data sources in order to gain awareness and report on potentially suspicious and anomalous activity.
- Assist in the investigation and remediation of security events and/or incidents.
- Participate in the design and execution of vulnerability and risk assessments, penetration tests and security audits (e.g., HITRUST, SOC2).
- Work closely with technology and business teams to document and track remediation of known security issues.
- Perform security reviews of new systems or applications being onboarded.
- Assess the security impact of changes to systems or applications, as part of the change management process.
- Assist in the execution of ongoing security compliance activities and reviews.
- Track completion of security and privacy awareness training for existing staff and new hires.
- Research security enhancements and make recommendations to management.
- Stay current on information security trends and news.
Knowledge and Skill Requirements
- Bachelor’s degree in Computer Science, Programming or related field.
- At least 3-5 years of experience in IT security. Relevant audit, information risk, security or compliance experience with a firm understanding of risk assessments and analysis techniques. Experience with HIPAA and HITRUST security requirements strongly preferred.
- Experience managing and monitoring endpoint protection solutions and vulnerability scanners, as well as other security tools.
- Knowledge of advanced persistent threats (APTs) and associated tools and tactics used by threat actors, as well as mitigating practices.
- Knowledge of secure development practices and the OWASP Top 10.
- Experience with common security practices around relational databases and some basic knowledge of SQL queries.
- Knowledge of data security standards, regulations and compliance programs such as NIST, CMS ARS, HIPAA/HITECH, HITRUST and SOC2.
- Experience with OS Security (Windows & Linux).
- Hands-on technical knowledge of network security, current information security threats and incident management concepts and practices.
- One or more security certifications preferred (e.g., SSCP, CSX, CEH, Security+).
- Strong critical thinking and problem-solving skills.
- Excellent written and oral communications skills.
Our office is currently remote, but the candidate must be willing to work from the New York City office when needed.
Salary is commensurate with experience in the range of $79,500-$105,900
Interested candidates should submit their resume here.
FAIR Health, Inc., is an equal opportunity employer and is an E-Verify participant.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or national origin.
FAIR Health offers a competitive compensation package and includes the following benefits: Medical, Dental, Vision, Flexible Spending and Dependent Care Accounts, Life and Disability Insurance, Paid Time Off, Paid Holidays, 401(k) and Discretionary Bonus.