The Information Security Analyst II position implements and maintains security solutions to protect company computer networks and data from cyberattacks. This includes influencing and recommending the selection of effective solutions that support organization strategies. This is a strategic position that works with infrastructure, service support and development teams to provide top-notch capabilities to monitor for system weaknesses, indicators of compromise and threat trends. Tools and platforms utilized to protect valuable assets and data include endpoint protection, SIEM, firewalls, vulnerability management and others. The position also spends substantial time evaluating, designing, and implementing IS policies and systems (plan, design, install, and maintain).
Working condition: Eligible for remote. Candidates hired for remote positions must reside in Oregon, Washington, Utah, Idaho, Arizona, or Nevada.Responsibilities
Knowledge, Skills And Abilities Required
- Actively participate in the design and maintenance of security technologies, including but not limited to, SIEM platforms, Intrusion Detection and Prevention systems, anti-malware platforms, vulnerability management, event logging, and other security services.
- Provide advanced knowledge of security technology to the organization and participate in and consult on projects.
- Participate in the development of technical infrastructure configuration standards aligned with HIPAA Security Rules, NIST Framework, and generally recognized security best practices for assigned technology domains.
- Contribute to the improvement of the organization's incident response plans.
- Provide input and updates for the Security Awareness Training program.
- Participate in the creation of assessments to verify the security of new software, online services, third-party vendors and business partners.
- Contribute to the development of standard metrics to track the effectiveness of the Security Program.
- Execute tasks related to service requests, primarily for intermediate to advanced level information security activities.
- Participate in the ongoing review of systems to ensure they are designed to comply with established security standards.
- Participate in cybersecurity Incident Response activities and contribute to the development of policies and procedures; participate in regular testing of and training for Incident Response plans.
- Update and actively maintain security systems, including Intrusion Detection and Prevention systems, anti-malware platforms, vulnerability management, event logging and other security services
- Propose requirements and standards for information security.
- Participate in developing and maintaining information security policies.
- Participate in the creation and support of disaster recovery and organization continuity plans and initiatives.
- Respond to both internal and external security audits.
- Research and evaluate products and vendors; present recommendations to senior Information Security Analysts and/or leadership.
- Establish and maintain effective relationships with vendors; coordinate installation and repair services.
- Maintain service contracts and licensing; monitor adherence to SLAs with outside parties; escalate issues as needed.
Experience And/or Education
- Advanced knowledge and abilities in at least 3 of the following technologies:
- Data loss prevention (DLP)
- Intrusion Detection systems (IDS)
- Intrusion Prevention systems (IPS)
- Anti-malware systems
- Vulnerability Management systems
- Logging and/or SIEM systems
- Network firewalls and security appliances
- Cloud security
- Understanding of network transport protocols and industry standards
- General systems infrastructure knowledge, including Active Directory or identity management systems
- Process orientation with awareness and/or knowledge of ITIL concepts
- Advanced knowledge of security incident management response and procedures
- Ability to participate in risk assessments and auditing, analyze vulnerabilities, and propose proper controls to lower risks
- Growing ability to interpret HIPAA Security Rule text and NIST Frameworks and apply to organization
Equal Employment Opportunity Policy
- Minimum 3 years' experience delivering information security solutions and related services. Experience must include at least 4 of the following:
- WAN firewalls
- Design, configuration, and ongoing support of network security systems
- Encryption methods and privacy technologies
- Developing secure collaboration solutions with external partners or affiliates
- Computer security technologies, such as firewalls, antivirus, and security monitoring
- Risk analysis, audit, and policy compliance
- Application security assessments
- Third party / partner security assessments
- Managing vendor relationships
- ITIL concepts and practices
- CISSP or similar certification (e.g., Security+, CySA, CASP+, etc.)
- Must be a US Citizen
- Additional experience in related technology support and/or operational positions (Preferred)
Talent Advisory Group provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.