Information Security Analyst

Under general guidance from the Information Security Officer or designated Senior Security Engineer the incumbent performs system administration functions, investigations and remediation efforts for the Intermedix network.
Essential Duties:
Effective monitoring and use of information security related tools and systems in order to ensure compliance with information security policies and to protect the confidentiality, integrity, and availability of corporate and customer information.
• Assist in the deployment of corporate information security strategy, as well as administration, configuration and support of security related systems.
• Systems Vulnerability testing – leverage existing and open source tools to perform EVA/IVA/Penetration testing, as well as ensure that all findings are fully remediated.
• Log Management / Event Management - leverage existing log management tool to perform investigations surrounding triggered and suspected events and ensure that all findings are fully remediated. Manage log sources as required to ensure accuracy. Escalate issues to other teams as required.
• Data Loss Prevention – Leverage existing web and email filtering tool and findings to prevent the intentional or accidental loss of data through various channels. Work with other business units to remediate findings and improve business processes.
• Policy and Procedure Management - You will support the ISO in developing and maintaining the corporate Information Security Policies and Procedures as well as support independent review and testing of control effectiveness
• Reporting - You will provide timely and accurate reporting to leadership and stakeholders concerning platform effectiveness, trends, issues and problems.
• Assist in the delivery of the security awareness training program to ensure that information security best practices are fully implemented and staff trained.
• Performs basic administration for enterprise–level security systems including (but not limited to):
 Completes security service requests as required.
 Troubleshoots basic technical issues with IT Security software tools.
 Review reports from various IT Security systems for the purpose of monitoring critical activities and responding to inappropriate or suspicious activities.
 Supports audit activities by fulfilling documentation requests.
 Maintains documentation for IT Security practices and procedures.
 Keeps abreast of current IT Security best practices. Provides input for improvements to IT Security program.

Essential Skills :
• Strong knowledge of standard COTS systems including: vulnerability management, penetrations testing, data loss prevention, SIEM, IPS, application security, RBAC, firewall analysis, 2 factor authentication, encryption and malware.
• Experience with Microsoft Active Directory and Windows permissions as it pertains to controlling access and domain structures.
• Excellent customer service skills.
• Strong troubleshooting skills.
• Excellent oral and written communication skills, including technical writing.
• Good understanding of TCP/IP and LAN network topography.
• Ability to function independently and as a team member.
• Baseline understanding of HIPAA / HITECH regulations (PCI is a plus)
• Application security best practices
• Database security best practices
• Linux and Windows operating systems
• Cisco network switches and routers
• Web servers and related services
• OWASP Top 10 critical web application flaws
• SANS 20 Critical Security Controls

Requirements:
• Bachelor’s degree; 5 years’ experience in Information Technology; 2 years’ experience in security system administration – or a combination of education and experience which meet the requisite skill level.
• Professional security certifications such as Security +, CISSP, CISM, GIAC – or the ability to apply equivalent knowledge and skills. CISSP certification strongly preferred.
• Must accommodate after hours incident response and rotational on-call support.
• Ability to physically operate and occasionally move computer equipment.
• Great attitude and the desire to grow into an Information Security Subject Matter Expert