Job Description

Our client is seeking an Information Security Analyst proficient with a wide range of security frameworks, technologies, and disciplines.

The Information Security Analyst will manage existing security monitoring, training and awareness, and data protection programs, and will work to mature these programs over time.� This role is critical for leading the real-time detection and mitigation of cyber threats.� This individual will assess risk and facilitate remediation of identified vulnerabilities.

Job Responsibilities Include

Qualifications:

The ideal candidate will possess proven, in-depth experience working with the following:

• Monitor network and firewall activity for anomalous activity, intrusion attempts, and potential security concerns
• Analyze security events from multiple sources, including SIEM, IPS/IDS, firewalls, etc. and identify the cause of incidents
• Detect cybersecurity incidents in real time through centralized monitoring, and respond to incidents by applying containment and eradication strategies
• Identify and assess internal IT controls, evaluating operational effectiveness, determining risk exposures, and developing remediation plan
• Lead development and maintenance of IT Security and Risk Management program and Standard Operating Procedures (SOPs) related to security tasking
• Assess vendors against security requirements and execute periodic vendor security reviews
• Bachelor's degree or higher in Computer Science, Information Technology, Cyber Security, and at least five (5) years of related experience in information security
• Security+ and/or Certified Ethical Hacker certification strongly preferred
• Knowledge of healthcare, privacy, and financial compliance regulations, including HIPAA and HITRUST
• Experience providing risk mitigation directives for projects with components in IT, including the mandatory application of controls
• High degree of initiative, dependability, and the ability to work with little supervision
• Good understanding of the Software Development Life Cycle including unit testing, and code scanning
• Familiarity with static analysis (source code review), open source analysis, and dynamic pen-testing techniques
• Foundational information security tools/systems, such as SIEM, DLP, IDS/IPS, etc.
• Vulnerability Assessment solutions such as Tenable Nessus, Rapid7 Nexpose, Qualys, Accunetix, etc.
• Widely-accepted security standards, such as ISO 27002, NIST, Shared Assessments, etc.
• Automation tools using a scripting language such as Python, PowerShell
• Data classification, access control, and security models