Information Technology Security Analyst

Healthesystem

(Tampa, Florida)
Full Time Travel Required
Job Posting Details
About Healthesystem
Healthesystems is a specialty provider of innovative medical cost management solutions for the workers’ compensation industry. Our diverse suite of services includes a leading Pharmacy Benefit Management (PBM) program and Clinical Review Services as well as a revolutionary Ancillary Benefits Management (ABM) program for managing and adjudicating ancillary medical services.
Summary
The IT Security Analyst works with the IT Security Lead to provide in-place security solutions to identify, investigate and resolve security issues detected by those systems. This position will assist in the selection and implementation of new security solutions, promote secure-by-default designs, provide guidance and recommendations in support of secure application development and sustainment, ensure information systems and infrastructure will be secured throughout the software/system development life cycle (SDLC). The IT Security Analyst will perform continuous monitoring of all network resources, carryout in-depth analysis of security risks and develop mitigation solutions, conduct regular vulnerability audits and risk assessments, as well as participate in the creation and/or maintenance of policies, standards, baselines, guidelines and procedures.
Responsibilities
**Key Responsibilities - To simplify complexities for each customer:** * Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines and procedures). * Participate in the planning and design of enterprise security architecture. * Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors. * Participate in the design and execution of defense in-depth security measures, data loss prevention (DLP), digital forensics, vulnerability assessments, penetration tests, hardware and software mitigation strategies, malware prevention, security audits and remediation activities. Will also handle IT security incident responses. * Partner with internal training organization to ensure privacy protections are built into employee training programs. * Provides guidance for security activities in the software/system development life cycle (SDLC) and application development efforts. **Additional Responsibilities:** * Strategic Initiatives: Actively engages in driving strategic initiatives, and the related goals, to ensure the most optimal outcome. * Communication: Effectively communicates using written, oral, non-verbal, and active listening skills. Has the ability to clearly present an idea or concept so others understand, lets others speak, and engages productively in difficult conversations while upholding our ethical values.
Ideal Candidate
**Qualifications/Education/Certifications:** * Bachelor's degree from four-year college or university (in information technology, business administration or a related field preferred); or equivalent combination of education and experience. * 4+ years of experience working in an enterprise architecture, information security, information technology or information risk management related field. * 3+ years of experience designing technical security controls (e.g. AAA, multi-factor authentication, network or host based firewalls, network or host based intrusion detection/prevention systems, anti-virus, encryption, VPNs, web application firewalls, configuration management, host hardening, continuous monitoring, incident response, or data loss prevention administration within an organization or in a consulting capacity. * 3+ years of experience conducting security and IT control audits assessments. * 2+ years of experience working with vulnerability scanners (Retina, Tenable Nessus, and Rapid7 Nexpose) * 2+ years of experience working with penetration testing tools (Metasploit, Nmap, and Burp Suite) * Currently hold one or more of the following certifications: CISSP, CISM, CISA, CEH, CompTia Security+, GCIA, GPEN or GSEC. **Knowledge, Skills and Abilities:** * Understanding of infrastructure and application security requirements and architecture. * Demonstrated experience in defining security architecture solutions for large, mission critical systems comprised of multi-tier web applications, rich-client applications and batch processing. * Solid understanding of Information Security standards, frameworks/methodologies and best practice (NIST, ISO 2700x, CIS, ITIL, CoBIT, OCTAVE). * Knowledge of industry regulations, e.g., Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act of 1996 (HIPAA) * Applications Security Architecture experience with a good understanding of Threat Modeling, Security Patterns and Security Methodologies (e.g., OWASP). * Demonstrated experience of participating in the SDLC process with detailed knowledge of typical security requirements and solutions for mission critical applications and infrastructure. * Understanding of host security architecture best practices. * Understanding of network security architecture best practices. * Ability to work well under pressure and to meet tight deadlines. Demonstrate a high level of motivation, confidence, integrity and responsibility. * Possess excellent written and verbal communication skills, presentation, and problem solving skills and be able to interact well with peers and internal customers. **Job Competencies:** * Action Orientation * Customer Engagement * Flexibility * Interpersonal Effectiveness * Character * Results Focus * Collaboration **Physical Demands/Working Conditions:** Duties are performed primarily in an office setting. Travel to attend meetings and visit locations throughout the country may be required. Operates computer and standard office equipment, such as telephone and copier/printer.

Questions

Answered by on
This question has not been answered
Answered by on

There are no answered questions, sign up or login to ask a question

Want to see jobs that are matched to you?

DreamHire recommends you jobs that fit your
skills, experiences, career goals, and more.