Junior Information Security Engineer

Certilytics offers a suite of innovative analytic solutions including Big Data Services, Total Population Health Management, Financial Risk Intelligence and Customized Prediction Models. These solutions are configured upon our open source Hadoop Platform, with the underlying philosophy of providing analytics as a service and moving beyond predictions to deliver actionable intelligence.

 Our team represents a dynamic infusion of multidiscipline which includes actuarial, data and behavioral scientists, IT engineers, software developers, nurse clinicians, as well as experts in public health and the health insurance industry. Certilytics has extensive experience working with a diverse set of customers including large self-insured employers, health plans, pharmacy benefit managers, government programs, care management companies and health systems. These relationships with various data providers and customers allows for rapid data ingestion, validation and enrichment as well as streamlined delivery of analytic dashboards, outputs and visualizations to our customers.

 Our unique approach allows for the development of the most accurate financial, clinical and behavioral models in the industry.

Certilytics offers a wide range of benefits, including medical, dental, 401k and flexible PTO 

BENEFITS EFFECTIVE ON DATE OF HIRE

 Automatic Payroll Deposit: Paychecks can be automatically deposited into a maximum of three different accounts at no cost to the associate.

 401(k) Retirement Plan: Associates may contribute up to 100% of base salary on a pre -tax basis. Personal contributions are 100% vested. Certilytics will match 33.3% of the first 6%. The company match is vested over a three year period.

 Employee Assistance Program (EAP): When you or your immediate family members need a hand balancing work, life and personal issues, Certilytics provides professional assistance, at no cost to you.

 Paid Time Off (PTO): PTO is designed for the professional associate to be able to take PTO as necessary based on meeting deliverables, departmental needs, and staffing, allowing for work life balance. 

Paid Holidays:  New Year’s Day, Martin Luther King Jr Day, Memorial Day, July 4th, Labor Day, Thanksgiving Day, Day after Thanksgiving, Christmas Day.

term life insurance and AD&D coverage equal to 2X your annual base salary. In addition, each dependent will receive coverage of $2,000.

 Group Term Life Insurance (GTL): This benefit provides optional employee life insurance.

 Flexible Spending Accounts: (Healthcare and Dependent Care): Associates may contribute up to $3,050 annually on a pre-tax basis for Healthcare and up to $5,000 annually for Dependent Care.

LegalCare^®: This benefit includes coverage for legal office work, buying and selling a home, adoption, administrative hearings, debt collection defense and more.

 Voluntary Accident: This benefit provides coverage for a variety of accidents including lacerations, fractures, emergency treatment, etc.

 Voluntary Critical Illness Insurance: This benefit includes coverage for major illnesses.  You may select a base policy of $10,000 or $15,000.

BENEFITS EFFECTIVE AFTER 90 DAYS OF EMPLOYMENT

Tuition Reimbursement

Short-term Disability

Long-term Disability

The Jr. Information Security Engineer is primarily responsible for sustaining the security tools of the organization, thus mitigating risk by supporting the design, implementation, customization, enhancements, and operations of information security solutions and services; and providing support for information security operations. This position also protects the organization through designing detailed information security designs, identification of standards, and operational tasks including but not limited to vulnerability management, red team testing, forensics analysis, and assessing technologies and vendors.

Essential Function

Sustain

• Implement, customize, maintain, and enhance security tools, countermeasures, technologies, and infrastructure.
• Automation of tasks or activity by personnel.
• Support other information security team members though the creation of reports, alerts, dashboards, and elimination of false positives and false negatives
• Respond to issues regarding security tools or technologies.
• Analyze security systems and identify improvements.

 Protect

• Vulnerability management
• Identify and define system security standards.
• Recommend and evaluate security enhancements and purchases.
• Perform security assessments of new technologies.
• Perform third party security assessments of business partners.

Respond

• Perform incident response.
• Investigate security events to identify incidents, and their degree of impact. Work through to resolution, escalating and engaging others as required.
• Perform forensics analysis.

Audit

• Perform security reviews, and audits as required.
• Participate in responding to risk assessments, requests for proposal, audits, and examinations.

 Design

• Develop Information security policy, procedures, guidelines, baselines, and standards.

Administrative

• Maintains technical currency of job knowledge.
• Generate ad hoc reports and queries in security tools as required.
• Provide reporting on the state of the organizational security profile and activity.
• Mentor other staff as required.

 Other duties as assigned

Requirements

• Bachelor’s degree in Computer Science, Information Security, or similar degree program or equivalent work experience.
• • Must possess broad general knowledge of information technology, including storage, networking, systems, databases, and firewalls.
  • Experience as a software developer, systems or network engineer, database administration, or an equivalent technical role is desirable.
  • Scripting or software development skills.
  • Knowledge of or experience supporting a wide variety of security tools, including but not limited to host and network-based intrusion prevention/detection systems, firewalls, anti-malware, and content filtering, firewalls, vulnerability management, security information and event management; network detection and response, network and host-based data loss prevention, and asset management.
  • Knowledge of or experience with HITRUST CSF, NIST CsF (SP800-171) security frameworks, the SOC 2 common criteria, or any other security frameworks is desirable.
  • Must possess excellent communication skills, with the ability to discuss technical concepts with non-technical people.
  • Proficiency with MS Office applications, such as, Excel, PowerPoint, Word, Visio, Access, and Project.
  • Ability to work an on-call rotation, some after-hours, and weekends.
  • Project management skills preferred
  • Ability to work well with others.
  Must be detail oriented.

Special Qualifications: (Licenses, certifications, etc.)

• Hold and maintain a CISSP certification (or Associate of (ISC)² certification if lacking the requisite experience).

• Cloud Computing Security Certifications (e.g., CCSP, CCSK, CompTIA Cloud+, CCA, CCP, AWS Certified Security – Specialty, etc.) highly desired.
• Other relevant Information Security certifications are desirable, including but not limited to: CISA, CISM, CEH, CRISC, ISSAP, ISSEP, SANS GSEC, and Security+.
• Knowledge of or certification in ITIL desirable.

Information Security Requirements:

Role Specific

• Hold and maintain a CISSP certification (or Associate of (ISC)² certification if lacking the requisite experience).
• Perform a minimum of 40 hours annual security training as planned with your supervisor.
• Abide by all security policies and practices defined by the organization.
• Abide by all applicable laws and regulations.
• Upon hire and annually, acceptance of:
• Acceptable Use Agreement,
• Certilytics Statement of Confidentiality,
• Certilytics Confidentiality and Invention Assignment Agreement,
• These information security requirements.
• Upon hire and annually, successful completion of training in:
• Security Awareness and Privacy,
• Code of Business Ethics,
• Conflict of Interest,
• Developer Security,
• Incident Response, and
  • Other training as directed by your manager.
  • Serve as a technical responder of the Security Incident Response Team, and the Disaster Recovery Team
  General
  • Report any security incidents, breaches, violations, or non-compliance with security policy when identified or witnessed.
  • Report any identified security risks or vulnerabilities.
  • Cooperate with Company, local, state, or federal investigators in the event of a security incident and/or breach.
  • Report any complaints concerning the information security policies and procedures or the organization's compliance with the policies and procedures program by submitting a Footprint ticket or reporting to the Information Security team.
  • Report any ideas for improvement of the organizational security program by submitting a Footprint ticket or by directly suggesting to the CISO.