Title/Position: IT Security Analyst
Department or Business Unit: Enterprise Shared Services
Reporting Structure: VP of IT
Employment Type: FTE
Exemption Status: Exempt, Administrative and Executive
Travel Required: Some
We are actively and excitedly searching for an experienced IT Security Analyst to join our team. This individual will play a vital role in keeping an organization’s proprietary and sensitive information secure. He/she/they will work inter-departmentally to identify and correct flaws in the company’s security systems, solutions, and programs while recommending specific measures that can improve the company’s overall security posture. Furthermore, the Security Analyst is responsible for working with the Security and Technology team to keep the company's security systems up to date and creating documentation and planning for all security-related information, including incident response and disaster recovery plans. In addition the security analyst will assist in creating Policies & Procedures.
As a member of the architecture team the individual should demonstrate Advanced/Expert proficiency in at least 3 knowledge domains.
- Advanced Security knowledge of Cloud Collaboration Platforms Google G-Suite or Microsoft Office 365
- Advanced understanding of how to secure mail flow from multiple applications including MX, SPF, DKIM, DMARC, Secure Email, SMTP Routing
- Experience with G-Suite or Google cloud prefered
- Advanced knowledge of securing server operating systems including Windows & Linux
- Advanced Understanding of storage platforms and SAN concepts, including RAID levels, IOPS, performance considerations of SATA vs. SAS vs. Flash, storage optimization, and capacity planning.
- Hyper-converged experience in Nutanix, Cisco UCS, etc.
- Advanced knowledge of the healthcare regulatory frameworks including the HIPAA Security Rule, NIST, and PCI.
- Experience with the CIS Control Set is a plus
- Advanced experience building policies in a regulated environment
- Advanced experience working on securing Network Infrastructure including Routers, Switches, and Firewalls equipment; Meraki & Cisco experience a plus
- Basic knowledge of IDS and IPS devices and their role in securing an organization
- Expert hands on experience securing windows server and desktop environments including but not limited to Group Policy, Security Policies and Bitlocker encryption.
- Advanced of encryption standards and how they apply across multiple platforms
- Advanced experience using audit tools to perform audits and produce audit reports.
APPLICATION (Applications, Database, Interfaces)
- Advanced knowledge on securing a three tier application architecture
- Expert knowledge of cloud based security architecture, including modern mutli cloud architectures, the difference between cloud and a virtual desktop or application environment hosted in a Citrix or VDI environment
- Advanced understanding of securing web browser platforms and their configuration like Google Chrome or Microsoft Internet Explorer
- Advanced experience with Anti-Virus platforms like Symantec, Sophos or McAfee
- Experience with Connectwise a plus
- Experience with Google ChromeBooks a plus
NETWORKING (Networking & Voice)
- Demonstrated knowledge of LAN/WAN networking, including TCP/IP, VLANs, DNS, DHCP and VPNs
- Experience installing, configuring, and managing network devices (routers, firewalls and switches)
- Background working with multiple VPN’s including site to site, vendor to vendor, NAT, and VPN port filtering
- Basic knowledge of SIP Trunking and VoIP technologies and their security implications
- Collaborate with the other members of the security team and operations to maintain security
- Conduct security assessments through vulnerability testing & risk analysis
- Perform internal and external security audits
- Respond to security audits from outside parties
- Continuously update the companies incident response and disaster recovery plans
- Monitor security access
- Assist with the development of policy and procedures
- Work with the team to implement security controls
- Participate and lead security incident response
Leadership, Mentorship & Project Engagement
- An architect position functions as the highest level technical talent on a team and should act as a thought leader and provide technical leadership and mentorship to the team
- Function as a senior member of project teams, providing active advisory, lead smaller projects.
- Actively look for opportunities to provide guidance or identify gaps and escalate them to leadership with potential solutions
- Advise on priorities and priority changes in the project portfolio
- Act as a critical team member on many projects simultaneously
- Responsible for actively identifying necessary process improvements, suggesting them to leadership
- Actively document processes and gaps
- Bachelor's Degree in Computer Science or commensurate experience
- 5+ years experience in a Technical IT role;
- Experience in a healthcare environment preferred
- Security Skills (as described above)
- Experience with enterprise-class technologies (as described above)
- Strong people management and leadership skills
- Must comply with all HIPAA rules and regulations
- CISSP a big plus
Interpersonal Skills & Attributes:
- Skilled in establishing and maintaining effective working relationships
- Excellent communication skills (in person, telephonic, and written)
- Excellent analytical skills
- Ability to interact with employees and vendors in a professional manner
- Ability to run and motivate geographically separated teams
- Ability to work independently and with a team in a fast-paced and high volume environment with emphasis on accuracy and timeliness
- Positive Attitude
- Ability to think strategically and implement iteratively
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. While performing the duties of this job, the employee is occasionally required to stand; walk; sit; use hands to finger, handle, or feel objects, tools or controls; reach with hands and arms; climb stairs; balance; stoop, kneel, crouch or crawl; talk or hear; and taste or smell. The employee must occasionally lift or move up to 25 pounds. Specific vision abilities required by the job include close vision, distance vision, color vision, peripheral vision, depth perception and the ability to adjust focus.