Job Opening
Information Security Analyst
Job Summary
The Currance Information Security Analyst role evaluates, plans, implements, upgrades and monitors information security controls to protect and maintain the effective confidentiality, integrity, and availability of all Currance information systems, networks, data, and other information assets.
The Information Security Analyst is responsible for evaluating and properly documenting all security events, following up on suspicious activities, and triaging information security events and incidents as a member of the Cybersecurity Incident Response Team. This role also engages in information security implementations and security-level support of all platforms at Currance.
The ideal candidate will have a bachelor’s degree in Computer Science with a minimum of 5 years of Information Security experience and must be proficient in a wide variety of technologies including various operating systems (Windows, MAC, Linux), networking, security appliances like firewalls and intrusion detection and prevention systems, and experience with anti-malware/antivirus, SIEM, and Vulnerability Management System platforms. In addition, ideal candidates have experience with the HIPAA Security Rule (safeguarding PHI), NIST Cybersecurity Framework (CSF), NIST Risk Management Framework (RMF), the HITRUST Common Security Framework (CSF), and SOC 2 certification processes.
Information Security Analysts are expected to be constantly learning and evaluating new technologies, new security tools, and new and/or emerging threats, i.e., keeping up on security intelligence and helping to recommend and develop effective countermeasures or controls to mitigate risk.
Information Security Analysts are expected to be constantly learning and evaluating new technologies, new security tools, and new and/or emerging threats, i.e., keeping up on security intelligence and helping to recommend and develop effective countermeasures or controls to mitigate risk.
Job Requirements
- 5+ years experience in information security.
- 7+ years of system, network and/or application security experience.
- 10+ years’ experience in supporting Windows server required
- Knowledge of and experience with Kali Linux and Penetration Testing tools required.
- Firm expertise of Windows Operating Systems, MAC OS, Linux, and Networking required.
- Solid proficiency of VMware virtualized environments and cloud services like Azure and AWS.
- Strong problem solving, and logic skills required.
- Solid organizational skills required.
- Monitors system and security logs, statistics, and event notifications and takes appropriate measures to mitigate risks and vulnerabilities.
- Recommends security enhancements and purchases; implements new security products and releases.
- Plans, implements, monitors, and supports security measures to protect information systems, networks, data, and other information assets.
- Prevents any impacts to the confidentiality, integrity, and availability of information assets by evaluating and mitigating risks.
- Ensures all access is authorized access by investigating improper access, revoking access, reporting policy violations, and monitoring all information asset changes.
- Recommends computer physical and logical access controls by helping to develop policies, standards, guidelines, and procedures
- Performs testing of internal and external networks and applications for vulnerabilities (OWASP Top 10).
- Excellent written and verbal communication skills.
- Writes, reviews and/or maintains technical documentation.
- Recommends improvements to enhance security posture, performance, and reliability.
- Collaborate with Currance leadership and staff on all assigned projects, where appropriate.
- Work with Currance CITO, where needed, in investigations and/or audits of systems.
- Conjointly work with staff and any required 3rd party vendors to complete projects or troubleshoot issues, as assigned.
- Report weekly status on projects to designated Currance IT management.
- Attend weekly staff meetings.
- Follow all Change Management Policies and Procedures.
- Other duties as assigned.
Desired Qualifications
- B.S. in Computer Science, Computer Information Systems, or similar technical degree preferred.
- Security Certifications desired like CISSP and CEH – must obtain CEH within 120 days of being hired if not already certified.
- Information Security roles with healthcare experience preferred.
- Experience with control design, implementation, and monitoring regarding HIPAA Security Rule, NIST CSF, and HITRUST CSF.