Senior Analyst IT Security

About The Position

Requirements

• Minimum five years' work experience in information technology and/or information security, preferably in the healthcare industry.
• Must possess a highly technical and analytical background.
• Operational knowledge of current information systems technology and security assessment in a variety of platforms.
• Knowledge of networks; network operating system, firewalls, penetration testing and vulnerability assessment tools is required.
• Experience with Netflow analysis and configuration.
• Knowledge of virtualization Security Standards a plus.
• Experience with Mobile Device Management solutions.
• Solid understanding of Active Directory.
• Strong understanding of database security.
• Strong understanding of SOX, PCI-DSS and HIPAA/HITECH requirements.
• Understanding of database redaction and auditing tools is a plus.
• Familiarity with other types of auditing tools.
• Detail, task oriented and ability to work on various assignments simultaneously.
• Ability to communicate tactfully, verbally and in writing with business users, managers and coworkers.
• Linux/Unix platform knowledge is required.

Nice To Haves

• 5 years or more of relevant work experience analyzing the security of systems (penetration testing, Web Application security testing, vulnerability scanning, threat modeling, etc.).
• General security background in the use of cryptography, network/systems/physical security, authentication, authorization and usability.
• Knowledge of current threats, vulnerabilities, exploits (network-based and system-level) and mitigation methods.

Responsibilities

• Enforces authorized access by investigating improper access; revoking access; reporting violations; recommending improvements.
• Monitor and escalate security incidents discovered throughout the organization.
• Investigate and document incidents as needed to ensure the confidentiality, integrity and availability of business critical systems and data protection.
• Monitor and review user provisioning for account databases.
• Maintain, monitor and review database auditing reports.
• Configure and automate consistent security alerting and reporting capabilities for network, application and host-based security systems.
• Help protect network boundaries, keep computer systems and network devices hardened against attacks and provide security services to protect highly sensitive data like passwords and customer information.
• Work hands-on with network equipment logs and actively monitor our systems for attacks and intrusions.
• Work with software developers to proactively identify and fix security flaws and vulnerabilities.

Benefits

• Certification as a Certified Information Systems Security Professional (CISSP) and/or Systems Security Certified Practitioner (SSCP) is desirable.