Junior Information Security Analyst
Certilytics offers a suite of innovative analytic solutions including Big Data Services, Total Population Health Management, Financial Risk Intelligence and Customized Prediction Models. These solutions are configured upon our open source Hadoop Platform, with the underlying philosophy of providing analytics as a service and moving beyond predictions to deliver actionable intelligence.
Our team represents a dynamic infusion of multidiscipline which includes actuarial, data and behavioral scientists, IT engineers, software developers, nurse clinicians, as well as experts in public health and the health insurance industry. Certilytics has extensive experience working with a diverse set of customers including large self-insured employers, health plans, pharmacy benefit managers, government programs, care management companies and health systems. These relationships with various data providers and customers allows for rapid data ingestion, validation and enrichment as well as streamlined delivery of analytic dashboards, outputs and visualizations to our customers.
Our unique approach allows for the development of the most accurate financial, clinical and behavioral models in the industry.
Certilytics offers a wide range of benefits, including medical, dental, 401k and flexible PTO
BENEFITS EFFECTIVE ON DATE OF HIRE
Automatic Payroll Deposit: Paychecks can be automatically deposited into a maximum of three different accounts at no cost to the associate.
401(k) Retirement Plan: Associates may contribute up to 100% of base salary on a pre -tax basis. Personal contributions are 100% vested. Certilytics will match 33.3% of the first 6%. The company match is vested over a three year period.
Employee Assistance Program (EAP): When you or your immediate family members need a hand balancing work, life and personal issues, Certilytics provides professional assistance, at no cost to you.
Paid Time Off (PTO): PTO is designed for the professional associate to be able to take PTO as necessary based on meeting deliverables, departmental needs, and staffing, allowing for work life balance.
Paid Holidays: New Year’s Day, Martin Luther King Jr Day, Memorial Day, July 4th, Labor Day, Thanksgiving Day, Day after Thanksgiving, Christmas Day.
Medical Coverage – Anthem High Deductible with HRA (Health Reimbursement Account) OR High Deductible with HAS (Health Saving Account)
Life Insurance and Accidental Death and Dismemberment (AD&D): company paid
term life insurance and AD&D coverage equal to 2X your annual base salary. In addition, each dependent will receive coverage of $2,000.
Group Term Life Insurance (GTL): This benefit provides optional employee life insurance.
Flexible Spending Accounts: (Healthcare and Dependent Care): Associates may contribute up to $3,050 annually on a pre-tax basis for Healthcare and up to $5,000 annually for Dependent Care.
LegalCare®: This benefit includes coverage for legal office work, buying and selling a home, adoption, administrative hearings, debt collection defense and more.
Voluntary Accident: This benefit provides coverage for a variety of accidents including lacerations, fractures, emergency treatment, etc.
Voluntary Critical Illness Insurance: This benefit includes coverage for major illnesses. You may select a base policy of $10,000 or $15,000.
BENEFITS EFFECTIVE AFTER 90 DAYS OF EMPLOYMENT
The Information Security Analyst is responsible for monitoring alerts, logs, dashboards, and tools to identify indicators of compromise, threats, and vulnerabilities. Upon identification of such events, the information is triaged, information gathered, and assigned out for follow-up by appropriate personnel. This role is also responsible for protecting the organization by executing tasks and activities such as reviewing tools or configurations, training, performing risk assessments, monitoring threat intelligence feeds, administering change and problem management, and other such operational activity. The IS Analyst also identifies out of parameter measures of metrics from audit and review results, taking remedial action and engaging the appropriate stakeholders.
The Information Security Analyst processes requests for assistance with security issues, and requests for security exception.
- Monitor alerts, logs, and tools to identify indicators of compromise, threats, and vulnerabilities.
- Triage suspicious activity or findings, escalating when necessary, and track to ensure follow-up and resolution.
- Execute the organizational information security plan, performing tasks and activities prescribed by policy and process, allowing the organizations to take a proactive information security stance. This includes a variety of activity such as administering security awareness training and testing, performing telecommuter risk management assessments, ensuring acceptance to the acceptable use agreement, processing requests for security exceptions, and other similar tasks.
- Perform risk management internally to the organization. Identify and prioritize risks, identifying options for remediation, assessing costs and levels of risk, and make recommendations to leadership regarding final risk mitigation plans.
- Assess risk and make recommendations regarding external third parties, and new technologies.
- Host information security-based organizational meetings, such as daily change/problem management, and tactical information security management coordination meetings.
- Remediation of control deficiencies where appropriate.
- Monitor threat intelligence feeds for information regarding potential threats against the organization, permitting a proactive stance. Escalate findings as required and make recommendations regarding actions to mitigate threats.
- Identify out of parameter measures or metrics from audit and review results, taking remedial action and engaging appropriate stakeholders.
- Serve as an incident management first-tier technical responder.
- Participate in responding to risk assessments, requests for proposal, audits, and examinations.
- Perform operational and independent information security auditing and reviews.
- Develop Information security policy, procedures, guidelines, baselines, and standards.
- Maintains technical currency of job knowledge.
- Generate ad hoc reports and queries in security tools as required.
- Provide reporting on the state of the organizational security profile and activity.
Other duties as assigned.
This is an entry-level position.
- Bachelor’s degree in Computer Science, Information Security, or similar degree program, or an equivalent combination of education and experience.
- Must possess broad general knowledge of information technology, including storage, networking, systems, databases, firewalls, and software development.
- Experience with or conceptual knowledge of a broad spectrum of security tools such as anti-malware, host and network-based data loss prevention, host and network-based intrusion prevention/detection systems, security information and event management (SIEM), and web filtering proxy.
- Conceptual knowledge of a wide variety of security tools, including but not limited to host and network-based intrusion prevention/detection systems, anti-malware, content filtering, firewalls, vulnerability management, security information and event management; network detection and response, network and host-based data loss prevention, and asset management.
- Familiarity of HITRUST CSF, NIST CsF (SP800-171) security frameworks, the SOC 2 common criteria, or any other security frameworks is desirable.
- Must possess excellent communication skills, with the ability to discuss technical concepts with non-technical people.
- Proficiency with MS Office applications, such as, Excel, PowerPoint, Word, Visio, Access, and Project.
- Ability to show initiative and take on new tasks as assigned.
- Ability to work an on-call rotation, some after-hours, and weekends.
- Ability to work well with others.
Must be detail oriented.
Special Qualifications: (Licenses, certifications, etc.)
- Associate of (ISC)2 or CISSP certification required. As a condition of employment, any candidate hired without holding one of these two certifications is expected to obtain one of these certifications during their first year of employment and maintain it thereafter. Upon achieving the Associate of (ISC)2 certification, the employee must advance to a CISSP certification after obtaining the requisite amount of work.
- Cloud Computing Security Certifications (e.g., CCSP, CCSK, CompTIA Cloud+, CCA, CCP, AWS Certified Security – Specialty, etc.) highly desired.
- Other relevant Information Security certifications are desirable, including but not limited to CompTIA Security+, CompTIA Cyber Security Analyst, Certified Intrusion Analyst (GCIA), and Certified Information Systems Auditor (CISA).
- Knowledge of or certification in ITIL desirable.
Information Security Responsibilities:
- Hold and maintain a CISSP certification (or Associate of (ISC)2 certification if lacking the requisite experience).
- Perform a minimum of 40 hours annual security training as planned with your supervisor.
- Abide by all security policies and practices defined by the organization.
- Abide by all applicable laws and regulations.
- Upon hire and annually, acceptance of:
- Acceptable Use Agreement,
- Certilytics Statement of Confidentiality,
- Certilytics Confidentiality and Invention Assignment Agreement,
- These information security requirements.
- Upon hire and annually, successful completion of training in:
- Security Awareness and Privacy,
- Code of Business Ethics,
- Conflict of Interest,
- Developer Security,
- Incident Response, and
- Other training as directed by your manager.
- Serve as a technical responder of the Security Incident Response Team, and the Disaster Recovery Team
- Report any security incidents, breaches, violations, or non-compliance with security policy when identified or witnessed.
- Report any identified security risks or vulnerabilities.
- Cooperate with Company, local, state, or federal investigators in the event of a security incident and/or breach.
- Report any complaints concerning the information security policies and procedures or the organization's compliance with the policies and procedures program by submitting a Footprint ticket or reporting to the Information Security team.