DIGITAL SECURITY - IAM - MFA

Information Security Analyst

Scope and Purpose of Position:

Reporting to the Senior Manager, Information Security Operations, the Information Security Analyst is a key role responsible for supporting the Information Security Operations team. This hands-on role will partner and collaborate with other technology partners/experts to provide secure solutions to resolve overall infrastructure and security challenges. This person will be directly responsible for researching, evaluating, administering (maintaining and configuring) and implementing effective network and endpoint security technologies and services to establish and keep security ahead of the curve.

The IT Security Analyst will demonstrate a passion for technical problem-solving and driving changes to increase the effectiveness of our tools. The IT Security Analyst will exhibit solid security systems administration and operations backgrounds along with a strong drive for results and continual improvement. Additionally, the IT Security Analyst will provide direct support to information security risk assessments and audits. As new tools and services are introduced to the Versant Health environment, the IT Security Analyst will play a key role in assessing the proposed tools and services and documenting the resulting risks. The IT Security Analyst will work with the GRC team to produce evidence as required for the HITRUST, etc. audit and attestations (SOC 2 Type II).

Essential Functions:

• Develops and implements information assurance/security standards and procedures to include documentation
• Identifies and applies relevant security controls to systems based on NIST 800-53 system classification
• Identifies, reports, and resolves/mitigates security violations
• Applies know-how to government common user systems, as well as to dedicated special purpose systems requiring specialized security features and procedures
• Performs analysis, design, and development of security features for system architectures
• Analyzes and defines security requirements for computer systems which may include databases, operating systems, and access devices
• Designs, develops, engineers, and implements solutions that meet security requirements
• Provides hands-on integration and implementation of enterprise system security solutions
• Analyzes general information assurance-related technical problems and provides engineering and technical support in solving these problems
• Performs vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle
• Conduct assessments of existing IT architecture for compliance with security requirements from applicable security frameworks (such as HITRUST CSF, NIST 800-53, etc.)
• Create documentation to support information system authorization/accreditation packages
• Provides continuous monitoring support for information systems and applications.
• Develop IT architecture deliverables, specific to information security countermeasure implementations, for operational systems and systems under development
• Maintains Federal IT security policies, standards, and guidance
Other duties as assigned

Education and Experience:

• Bachelor’s degree in Information Systems/Technology, Computer Science, Computer Engineering or related field preferred, or equivalent Education and Experience
• A minimum of 5 years of experience as an Information Security Engineer or Analyst with a demonstrated track record in deploying increasingly complex cybersecurity solutions
• Working knowledge of secure design and implementation of the below technologies with concentration on at least four of the areas below:
  • Network infrastructure (firewalls, switches, routers, DMZ, web application firewalls)
  • Security Infrastructure (IPS, IDS, WAF, End Point Protection, Splunk, Bro, IR)
  • Data Loss Prevention (Vontu/Symantec, CodeGreen, Netskope, etc.
  • Linux authentication / authorization methodologies, such as Kerberos, LDAP, Sudo, etc.
  • Active Directory, SSO, ADFS, ADLDS, Sailpoint, TPAM , Okta, CASB, etc.
  • Some automation and scripting experience (PowerShell, SQL, Python)
• Ability to script/automate using PowerShell, SQL or Python
• Thorough understanding of network technologies, TCP/IP networking, DHCP, DNS, network security tools, secure engineering principles and security testing methodologies
• Working knowledge of threats to cybersecurity and understanding of the tools and tactics utilized by threat actors
• Extensive Windows, Mac, Linux and Unix experience
• Desktop, server, application, database, and network security hardening principles and practices for threat prevention
• Knowledge of common attack methodologies; common types of security vulnerabilities
• Proficiency in the use of manual and automated techniques for scanning, vulnerability, and penetration testing of networks, applications, operating systems, databases, and email systems
• Strong knowledge of security controls in industry-standard frameworks including SOC 2 Type II, and NIST CSF
Virtual machine hardening and/or cloud security experience is a plus

Competencies:

• Analytical
• Business acumen
• Coaching/development of direct reports
• Collaboration
• Customer/client service focused
• Drive for results
• Leadership
• Managerial courage
• Prioritization/organization
• Problem solving/analysis
• Teamwork/ building effective teams
• Technical capacity

Essential Responsibilities related to Physical Demands/Work Environment:

The physical demands described here are representative of those that must be met by an associate to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions. While performing the duties of this job, the associate is required to stand, use hands and fingers to handle, feel, pick or pinch, and talk or hear most of the time. The associate is occasionally required to stand, walk, and reach with hands and arms. The associate must frequently lift and/or move up to 20 pounds. The noise level in this location is moderate (use of computers, printers and machines). Ability and willingness to travel as required.

HIPAA & Security Requirements

All Associates must comply with the Health Insurance Portability Accountability Act of 1996 (HIPAA) as it pertains to disclosures of protected health information (PHI) as described in the Notice of Privacy Practices and HIPAA Privacy Policies and Procedures. As a component of job roles and responsibilities, Associates may have access to covered information, cardholder data or other confidential customer information which must be protected at all times. As a result, Associates must explicitly adhere to all data security guidelines established within the Company’s Privacy & Security Training Program .

We provide equal employment opportunities (EEO) to all associates and applicants for employment without regard to race, color, religious beliefs, sex, gender identity, sexual orientation, age, marital status, national origin, ancestry, physical or mental disability or history of disability, genetic information, status as a protected veteran or disabled veteran, or any other status protected by Federal, state or local law.

Job description must be reviewed and approved by a Senior HR Leader.