Bring your career to a community mental health provider while helping people live their best lives! Do you enjoy exploring parks, wineries, trails, rafting, and more? Join our team!!
We are hiring IMMEDIATELY for an Information Security Analyst I
The Information Security Analyst I position implements and maintains security solutions to protect computer networks and data from cyberattacks and assists in the design of solutions. This is a strategic position that works with infrastructure, service support, and development teams to provide top-notch capabilities to monitor for system weaknesses, indicators of compromise, and threat trends. Tools and platforms utilized to protect valuable assets and data include endpoint protection, SIEM, firewalls, vulnerability management, and others. The position also spends substantial time supporting, monitoring, and implementing IS policies and systems (plan, design, install, and maintain).
Security Design and Development:
- Provide maintenance for and input into the design of security technologies, including but not limited to, SIEM platforms, Intrusion Detection and Prevention systems, anti-malware platforms, vulnerability management, event logging, and other security services.
- Provide knowledge of security technology to the organization; participate in and consult on projects.
- Provide input into the development of technical infrastructure configuration standards; ensure alignment with HIPAA Security Rules, NIST Frameworks, and generally recognized security best practices for assigned technology domains.
- Contribute to the continuous improvement of the company’s incident response plans.
- Participate in the administration of the Security Awareness Training program.
- Participate in the creation of assessments to verify the security of new software, online services, third-party vendors, and business partners.
- Contribute to the development of standard metrics to track the effectiveness of the Security Program.
Security Management and Operations:
- Execute tasks related to tickets and service requests, primarily for beginning to intermediate level information security activities.
- Participate in the ongoing review of systems to ensure they are designed to comply with established security standards.
- Assist with cybersecurity incident response activities following defined policies and procedures; participate in regular testing of and training on Incident Response plans.
- Actively maintain security systems, including Intrusion Detection and Prevention Systems, anti-malware platforms, vulnerability management, event logging, and other security services.
- Evaluate systems and applications for compliance with security standards and policies.
- Analyze business needs; identify potential risks and research and recommend solutions.
- Run and review defined reports on information security system performance and event anomalies; help identify substantial gaps based on findings and make minor internal adjustments.
- Develop and maintain appropriate technical documentation, including documentation about the current system design and operation.
- Contribute to the design of security assessments to compare different infrastructure options as part of platform upgrades.
- Participate in regular Risk Analysis and Penetration Testing efforts.
Standards and Policy Administration:
- Contribute ideas for requirements and standards for information security.
- Provide input into information security policies.
- Participate in the creation and support of disaster recovery and business continuity plans and initiatives.
- Respond to both internal and external security audits.
Vendor Coordination and Relations:
- Research and evaluate products and vendors; present recommendations to senior Information Security Analysts and/or leadership.
- Develop effective relationships with vendors, including the coordination of installation and repair services.
- Maintain awareness of service contracts and licensing terms; escalate issues as needed.
- Perform work in alignment with the organization’s mission, vision, and values.
- Support the organization’s commitment to equity, diversity, and inclusion by fostering a culture of open-mindedness, cultural awareness, compassion, and respect for all individuals.
- Strive to meet annual business goals in support of the organization’s strategic goals.
- Adhere to the organization’s policies, procedures, and other relevant compliance needs.
- Perform other duties as needed.
Knowledge, Skills, and Abilities Required:
- General knowledge and abilities in at least 3 of the following technologies:
- Data loss prevention (DLP)
- Intrusion Detection systems (IDS)
- Intrusion Prevention Systems (IPS)
- Anti-malware systems
- Vulnerability Management systems
- Logging and/or security incident and event management systems
- Network firewalls and security appliances
- Cloud security
- Ability to read and understand risk assessments and vulnerability reports
- Understanding of network transport protocols and standards
- General systems infrastructure knowledge, including Active Directory and/or identity management systems
- A process-oriented individual with awareness of ITIL concepts
- Awareness of HIPAA Security Rule text and NIST Frameworks
- General knowledge of security incident management response and procedures
- Proficient oral and written communication skills; ability to articulate policies and instructions
- Ability to learn to convey the appropriate level of detail effectively to all levels of the organization including non-technical staff
- Possess a high degree of initiative and motivation
- Ability to effectively collaborate with coworkers and others
- Ability to assist in recommending policies, documenting risks, and proposing solutions
- Ability to continuously learn new technology and stay informed of the evolving environment
- Ability to think creatively to find solutions
Education and/or Experience:
- Minimum 1-year experience delivering information security solutions and/or related services. Experience must include at least 2 of the following:
- Design, configuration, and ongoing support of network security models
- Encryption methods and privacy technologies
- Developing secure collaboration solutions with external partners or affiliates
- Computer security technologies, such as firewalls, antivirus, and monitoring
- Risk analysis, audit, and policy compliance
- Application security assessments
- Third-party /partner security assessments
- ITIL concepts and practices
Security-related certifications such as Security+, CySA, CASP+, CISSP, or others and Additional experience in related technical support and/or operational positions.
“Careers and companies flourish when staff, clients, and candidates truly believe in the mission, know the role they play, and humbly reflect, evaluate, and act for the best interest of the communities served”