Neighborhood Health Plan of RI
Senior Cyber Security Analyst
Neighborhood Health Plan of RI, Smithfield, Rhode Island, us, 02917
Job Details
Job Location
Smithfield, RI - Smithfield, RI
Position Type
Full Time
Education Level
Bachelors Degree
Travel Percentage
None
Job Shift
Daytime
Job Category
Professional / Experienced
Description
Position Overview
Senior Cyber Security Analyst is an experienced cyber security individual who maintains the security of an organization's technical environment. They study existing security hardware and software, evaluate new security options and makes recommendations for improvement. Senior Cyber Security Analyst also identifies weak spots in a cyber security system that may be breached and creates procedures to manage threats. Senior Cyber Security Analyst monitors networks for suspicious activity and potential cyber threats. They keep up on threat intelligence, install and maintain security software and encryption. They are responsible for aiding in the planning of security systems, implementing policy and identifying business processes that may violate intended and acceptable use policies. They monitor and remediate vulnerabilities. Senior Cyber Security Analyst works on advanced, complex technical projects or business issues requiring state of the art technical or industry knowledge.
Duties and Responsibilities
Responsibilities include, but are not limited to the following:
Assist in developing, operating, and evolving Cloud Access Security solutions and capabilities
Performs system security administration on designated technology platforms, including operating systems, applications and network security devices, in accordance with the defined policies, standards and procedures of the organization, as well as with industry best practices and vendor guidelines
Performs installation and configuration management of security systems and applications, including policy assessment and compliance tools, network security appliances and host-based security systems
Performs threat and vulnerability assessments, followed by appropriate remedial action, to ensure that systems are protected from known and potential threats and are free from known vulnerabilities Research, recommend, and implement streamlined automation processes
Develops and maintains documentation for security systems and procedures
Conducts network monitoring and intrusion detection analysis using various computer network defense tools, such as intrusion detection/prevention systems, firewalls and host-based security systems
Provide support to one or more projects simultaneously. Delivers projects on schedule
Deploys cloud-centric detection to detect threats related to cloud environments and services used by the organization
Assists and trains junior team members in the use of security tools, the preparation of security reports and the resolution of security issues
Applies patches where appropriate and, removes or otherwise mitigates known control weaknesses, such as unnecessary services or applications or redundant user accounts, as a means of hardening systems in accordance with security policies and standards Correlates activity across assets (endpoint, network, apps) and environments (on-premises, cloud) to identify patterns of anomalous activity
Using threat intelligence information research emerging threats and vulnerabilities to aid in the identification of incidents
Job Knowledge - Remains up-to-date in assigned area of responsibility: possesses skills and knowledge to perform job effectively; efficiently and safely; acquires, understands, and applies technical and professional information and skills; understands and adheres to policies and procedures
Supports the creation of security incident response, business continuity/disaster recovery plans, including conducting tests, publishing test results and making changes necessary to address deficiencies
Analyzes problems and alternative solutions and takes appropriate timely action to achieve desired business results. Seeks unique and novel solutions to problems and considers impact of final resolution
Perform security standards testing against computers before implementation to ensure security
Provide Key Performance Metrics to our Risk Management team to help coordinate risk tracking.
Educate internal teams on information security best practices.
Assist in technical audits of IT Systems and controls.
Other duties as assigned.
Corporate Compliance Responsibility - As an essential function, responsible for complying with Neighborhood's Corporate Compliance Program, Standards of Business Conduct, applicable contracts, laws, rules and regulations, policies and procedures as it applies to individual job duties, the department, and the Company. This position must exercise due diligence to prevent, detect and report unlawful and/or unethical conduct by fellow co-workers, professional affiliates and/or agents
Qualifications
Qualifications
Required :
Bachelor's degree in Computer Science or a related area and/or sufficient experience in IT Security to equate to the degree.
Minimum 10 years' experience Information Systems
Minimum 5 years' of Information Security Experience, working with vulnerability management tools (Application/Code vulnerability scanners).
Minimum 5 years' experience working with DNS, routing, authentication, VPN, proxies, IDS/IPS, and DDOS mitigation technologies
Strong analytical and problem-solving skills to enable effective security incident and problem resolution
Strong knowledge of threats and common vulnerabilities associated with exploitation techniques.
Hands on experience with Patch Management, and Encryption algorithms
Proven ability to work under stress in emergencies, with the flexibility to handle multiple high-pressure situations simultaneously
Strong team-oriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles, including vendors and IT-business personnel
Knowledge of Microsoft Windows AD group policy management and WSUS integration
Hands on experience with SIEM monitoring, Patch Management, and Encryption algorithms.
Familiar with NIST, HiTrust, and CIS Critical Security Controls
Demonstrated experience implementing or operation of security hardware or software.
Demonstrated Knowledge of Azure AD and Office 365
Ability to articulate technical risk issues in business terms
Ability to work well under minimal supervision
Security Certification (CISSP, CCSP, GIAC, CISM)
Experience scripting and automating (PowerShell, python)
Demonstrated experience with strategic thinking and risk based decision making
Preferred
Knowledge of network infrastructure including routers, switches, firewalls, wireless, and associated protocols
Knowledge of SCCM, Nutanix, VMware, Linux, Web and email content filtering, Signal Sciences, Rapid 7, CrowdSrike, CyberArk
Strong understanding of TLS, HTTPS, SFTP, SSH, IPSec
Neighborhood Health Plan of Rhode Island is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.
Job Location
Smithfield, RI - Smithfield, RI
Position Type
Full Time
Education Level
Bachelors Degree
Travel Percentage
None
Job Shift
Daytime
Job Category
Professional / Experienced
Description
Position Overview
Senior Cyber Security Analyst is an experienced cyber security individual who maintains the security of an organization's technical environment. They study existing security hardware and software, evaluate new security options and makes recommendations for improvement. Senior Cyber Security Analyst also identifies weak spots in a cyber security system that may be breached and creates procedures to manage threats. Senior Cyber Security Analyst monitors networks for suspicious activity and potential cyber threats. They keep up on threat intelligence, install and maintain security software and encryption. They are responsible for aiding in the planning of security systems, implementing policy and identifying business processes that may violate intended and acceptable use policies. They monitor and remediate vulnerabilities. Senior Cyber Security Analyst works on advanced, complex technical projects or business issues requiring state of the art technical or industry knowledge.
Duties and Responsibilities
Responsibilities include, but are not limited to the following:
Assist in developing, operating, and evolving Cloud Access Security solutions and capabilities
Performs system security administration on designated technology platforms, including operating systems, applications and network security devices, in accordance with the defined policies, standards and procedures of the organization, as well as with industry best practices and vendor guidelines
Performs installation and configuration management of security systems and applications, including policy assessment and compliance tools, network security appliances and host-based security systems
Performs threat and vulnerability assessments, followed by appropriate remedial action, to ensure that systems are protected from known and potential threats and are free from known vulnerabilities Research, recommend, and implement streamlined automation processes
Develops and maintains documentation for security systems and procedures
Conducts network monitoring and intrusion detection analysis using various computer network defense tools, such as intrusion detection/prevention systems, firewalls and host-based security systems
Provide support to one or more projects simultaneously. Delivers projects on schedule
Deploys cloud-centric detection to detect threats related to cloud environments and services used by the organization
Assists and trains junior team members in the use of security tools, the preparation of security reports and the resolution of security issues
Applies patches where appropriate and, removes or otherwise mitigates known control weaknesses, such as unnecessary services or applications or redundant user accounts, as a means of hardening systems in accordance with security policies and standards Correlates activity across assets (endpoint, network, apps) and environments (on-premises, cloud) to identify patterns of anomalous activity
Using threat intelligence information research emerging threats and vulnerabilities to aid in the identification of incidents
Job Knowledge - Remains up-to-date in assigned area of responsibility: possesses skills and knowledge to perform job effectively; efficiently and safely; acquires, understands, and applies technical and professional information and skills; understands and adheres to policies and procedures
Supports the creation of security incident response, business continuity/disaster recovery plans, including conducting tests, publishing test results and making changes necessary to address deficiencies
Analyzes problems and alternative solutions and takes appropriate timely action to achieve desired business results. Seeks unique and novel solutions to problems and considers impact of final resolution
Perform security standards testing against computers before implementation to ensure security
Provide Key Performance Metrics to our Risk Management team to help coordinate risk tracking.
Educate internal teams on information security best practices.
Assist in technical audits of IT Systems and controls.
Other duties as assigned.
Corporate Compliance Responsibility - As an essential function, responsible for complying with Neighborhood's Corporate Compliance Program, Standards of Business Conduct, applicable contracts, laws, rules and regulations, policies and procedures as it applies to individual job duties, the department, and the Company. This position must exercise due diligence to prevent, detect and report unlawful and/or unethical conduct by fellow co-workers, professional affiliates and/or agents
Qualifications
Qualifications
Required :
Bachelor's degree in Computer Science or a related area and/or sufficient experience in IT Security to equate to the degree.
Minimum 10 years' experience Information Systems
Minimum 5 years' of Information Security Experience, working with vulnerability management tools (Application/Code vulnerability scanners).
Minimum 5 years' experience working with DNS, routing, authentication, VPN, proxies, IDS/IPS, and DDOS mitigation technologies
Strong analytical and problem-solving skills to enable effective security incident and problem resolution
Strong knowledge of threats and common vulnerabilities associated with exploitation techniques.
Hands on experience with Patch Management, and Encryption algorithms
Proven ability to work under stress in emergencies, with the flexibility to handle multiple high-pressure situations simultaneously
Strong team-oriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles, including vendors and IT-business personnel
Knowledge of Microsoft Windows AD group policy management and WSUS integration
Hands on experience with SIEM monitoring, Patch Management, and Encryption algorithms.
Familiar with NIST, HiTrust, and CIS Critical Security Controls
Demonstrated experience implementing or operation of security hardware or software.
Demonstrated Knowledge of Azure AD and Office 365
Ability to articulate technical risk issues in business terms
Ability to work well under minimal supervision
Security Certification (CISSP, CCSP, GIAC, CISM)
Experience scripting and automating (PowerShell, python)
Demonstrated experience with strategic thinking and risk based decision making
Preferred
Knowledge of network infrastructure including routers, switches, firewalls, wireless, and associated protocols
Knowledge of SCCM, Nutanix, VMware, Linux, Web and email content filtering, Signal Sciences, Rapid 7, CrowdSrike, CyberArk
Strong understanding of TLS, HTTPS, SFTP, SSH, IPSec
Neighborhood Health Plan of Rhode Island is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.