Information Security Analyst II

Seattle, WA, United States

Career Opportunities: Information Security Analyst II (24290)

Requisition ID 24290 - Posted 06/21/2024 - CareOregon - Full Time - Permanent - Portland - Multi Location (9)

Job Description Print Preview

Candidates hired for remote positions must reside in Oregon, Washington, Utah, Idaho, Arizona, Nevada, Texas, Montana, or Wisconsin.

Job Title

Information Security Analyst II

Department

Information Systems

Exemption Status

Exempt

Requisition #

24290

Direct Reports

n/a

Manager Title

IS Security Manager

Pay & Benefits

Estimated hiring range $96,950 - $117,315 / year, 5% bonus target, full benefits. www.careoregon.org/about-us/careers/benefits

Posting Notes

This is a fully remote role, but you must reside in one of the listed 9 states.

Job Summary

The Information Security Analyst II position implements and maintains security solutions to protect CareOregon computer networks and data from cyberattacks. This includes influencing and recommending the selection of effective solutions that support organization strategies. This is a strategic position that works with infrastructure, service support and development teams to provide top-notch capabilities to monitor for system weaknesses, indicators of compromise and threat trends. Tools and platforms utilized to protect valuable assets and data include endpoint protection, SIEM, firewalls, vulnerability management and others. The position also spends substantial time evaluating, designing, and implementing IS policies and systems (plan, design, install, and maintain).

Essential Responsibilities

Security Design and Development

Actively participate in the design and maintenance of security technologies, including but not limited to, SIEM platforms, Intrusion Detection and Prevention systems, anti-malware platforms, vulnerability management, event logging, and other security services.

Provide advanced knowledge of security technology to the organization and participate in and consult on projects.

Participate in the development of technical infrastructure configuration standards aligned with HIPAA Security Rules, NIST Framework, and generally recognized security best practices for assigned technology domains.

Contribute to the improvement of the organization's incident response plans.

Provide input and updates for the Security Awareness Training program.

Participate in the creation of assessments to verify the security of new software, online services, third-party vendors and business partners.

Contribute to the development of standard metrics to track the effectiveness of the Security Program.

Security Management and Operations

Execute tasks related to service requests, primarily for intermediate to advanced level information security activities.

Participate in the ongoing review of systems to ensure they are designed to comply with established security standards.

Participate in cybersecurity Incident Response activities and contribute to the development of policies and procedures; participate in regular testing of and training for Incident Response plans.

Update and actively maintain security systems, including Intrusion Detection and Prevention systems, anti-malware platforms, vulnerability management, event logging and other security services.

Evaluate applications for compliance with CareOregon security standards and policies.

Analyze organization needs; identify potential risks and mitigation and research and recommend solutions.

Create, run and review reports on information security system performance and event anomalies; identify substantial gaps based on findings, and make minor and advanced internal adjustments.

Develop and maintain appropriate technology documentation, including documentation about the current system design and operation.

Contribute to the design of security assessments to compare different infrastructure options as part of platform upgrades.

Participate in regular Risk Analysis and Penetration Testing efforts.

Contribute to remediation planning.

Standards and Policy Administration

Propose requirements and standards for information security.

Participate in developing and maintaining information security policies.

Participate in the creation and support of disaster recovery and organization continuity plans and initiatives.

Respond to both internal and external security audits.

Vendor Coordination and Relations

Research and evaluate products and vendors; present recommendations to senior Information Security Analysts and/or leadership.

Establish and maintain effective relationships with vendors; coordinate installation and repair services.

Maintain service contracts and licensing; monitor adherence to SLAs with outside parties; escalate issues as needed.

Organizational Responsibilities

Perform work in alignment with the organization's mission, vision and values.

Support the organization's commitment to equity, diversity and inclusion by fostering a culture of open mindedness, cultural awareness, compassion and respect for all individuals.

Strive to meet annual business goals in support of the organization's strategic goals.

Adhere to the organization's policies, procedures and other relevant compliance needs.

Perform other duties as needed.

Experience and/or Education

Required

Minimum 3 years' experience delivering information security solutions and related services. Experience must include at least 4 of the following:

WAN firewalls

Design, configuration, and ongoing support of network security systems

Encryption methods and privacy technologies

Developing secure collaboration solutions with external partners or affiliates

Computer security technologies, such as firewalls, antivirus, and security monitoring

Risk analysis, audit, and policy compliance

Application security assessments

Third party / partner security assessments

ITIL concepts and practices

CISSP or similar certification (e.g., Security+, CySA, CASP+, etc.)

Preferred

Additional experience in related technology support and/or operational positions

Exp w/ Palo Alto Networks

Exp w/ Application Evaluation and Validation

Exp w/ SIEM Tools

Exp w/ MS Defender

Exp w/ Priviliged access

Knowledge, Skills and Abilities Required

Knowledge

Advanced knowledge and abilities in at least 3 of the following technologies: Data loss prevention (DLP)

Intrusion Detection systems (IDS)

Intrusion Prevention systems (IPS)

Anti-malware systems

Vulnerability Management systems

Network firewalls and security appliances

Cloud security

Understanding of network transport protocols and industry standards

General systems infrastructure knowledge, including Active Directory or identity management systems

Process orientation with awareness and/or knowledge of ITIL concepts

Advanced knowledge of security incident management response and procedures

Skills and Abilities

Ability to participate in risk assessments and auditing, analyze vulnerabilities, and propose proper controls to lower risks

Growing ability to interpret HIPAA Security Rule text and NIST Frameworks and apply to organization

Strong listening, oral and written communication skills

Ability to clearly articulate policies and instructions

Demonstrated progress in conveying appropriate level of detail effectively to all levels of the organization including non-technical staff

Ability to recommend policies, document risks, and propose solutions to information technology management and senior leadership

Possess a high degree of initiative and motivation

Ability to effectively collaborate with coworkers, staff, and leaders across all departments

Ability to continuously learn new technology and stay informed of the evolving environment

Ability to think creatively to find solutions

Ability to focus on and comprehend information, learn new skills and abilities, assess a situation and seek or determine appropriate resolution, accept managerial direction and feedback, and tolerate and manage stress

Ability to work effectively with diverse individuals and groups

Ability to learn, focus, understand, and evaluate information and determine appropriate actions

Ability to accept direction and feedback, as well as tolerate and manage stress

Ability to see, read, and perform repetitive finger and wrist movement for at least 6 hours/day

Ability to hear and speak clearly for at least 3-6 hours/day

Ability to lift, carry, push and pull for at least 1-3 hours/day

Working Conditions

Work Environment(s): Indoor/Office Community Facilities/Security Outdoor Exposure

Member/Patient Facing: No Telephonic In Person

Hazards: May include, but not limited to, physical and ergonomic hazards

Equipment: General office equipment

Travel: May include occasional required or optional travel outside of the workplace; the employee's personal vehicle, local transit or other means of transportation may be used.

#MULTI

Candidates of color are strongly encouraged to apply. CareOregon is committed to building a linguistically and culturally diverse and inclusive work environment.

Veterans are strongly encouraged to apply.

We are an equal opportunity employer. CareOregon considers all candidates regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, genetic information, disability, or veteran status.

Visa sponsorship is not available at this time.

Email this job to a friend

The job has been sent to

Please provide the information below

Job title:

*Your friend's email address:

Message:

Maximum character limit: 1000

*Confirm you are not a robot: