Neighborhood Health Plan of Rhode Island
Senior Cyber Security Analyst (42466)
Neighborhood Health Plan of Rhode Island, Smithfield, Rhode Island, United States
Job Details
Location: Smithfield, RI
Position Type: Full Time
Education Level: Bachelor's Degree
Travel Percentage: None
Job Shift: Daytime
Job Category: Professional / Experienced
Position Overview Senior Cyber Security Analyst is an experienced cyber security individual who maintains the security of an organization's technical environment. They study existing security hardware and software, evaluate new security options and make recommendations for improvement. Senior Cyber Security Analyst also identifies weak spots in a cyber security system that may be breached and creates procedures to manage threats. Senior Cyber Security Analyst monitors networks for suspicious activity and potential cyber threats. They keep up on threat intelligence, install and maintain security software and encryption. They are responsible for aiding in the planning of security systems, implementing policy and identifying business processes that may violate intended and acceptable use policies. They monitor and remediate vulnerabilities. Senior Cyber Security Analyst works on advanced, complex technical projects or business issues requiring state of the art technical or industry knowledge.
Duties and Responsibilities
Assist in developing, operating, and evolving Cloud Access Security solutions and capabilities
Perform system security administration on designated technology platforms, including operating systems, applications, and network security devices, in accordance with the defined policies, standards and procedures of the organization, as well as with industry best practices and vendor guidelines
Perform installation and configuration management of security systems and applications, including policy assessment and compliance tools, network security appliances and host‑based security systems
Perform threat and vulnerability assessments, followed by appropriate remedial action, to ensure that systems are protected from known and potential threats and are free from known vulnerabilities. Research, recommend, and implement streamlined automation processes
Develop and maintain documentation for security systems and procedures
Conduct network monitoring and intrusion detection analysis using various computer network defense tools, such as intrusion detection/prevention systems, firewalls and host‑based security systems
Provide support to one or more projects simultaneously. Deliver projects on schedule
Deploy cloud‑centric detection to detect threats related to cloud environments and services used by the organization
Assist and train junior team members in the use of security tools, the preparation of security reports and the resolution of security issues
Apply patches where appropriate and remove or otherwise mitigate known control weaknesses, such as unnecessary services or applications or redundant user accounts, as a means of hardening systems in accordance with security policies and standards. Correlate activity across assets (endpoint, network, apps) and environments (on‑premises, cloud) to identify patterns of anomalous activity
Using threat intelligence information, research emerging threats and vulnerabilities to aid in the identification of incidents
Remains up‑to‑date in assigned area of responsibility: possesses skills and knowledge to perform job effectively; efficiently and safely; acquires, understands, and applies technical and professional information and skills; understands and adheres to policies and procedures
Supports the creation of security incident response, business continuity/disaster recovery plans, including conducting tests, publishing test results and making changes necessary to address deficiencies
Analyzes problems and alternative solutions and takes appropriate timely action to achieve desired business results. Seeks unique and novel solutions to problems and considers impact of final resolution
Perform security standards testing against computers before implementation to ensure security
Provide key performance metrics to our Risk Management team to help coordinate risk tracking
Educate internal teams on information security best practices
Assist in technical audits of IT systems and controls
Other Duties
Other duties as assigned
Corporate Compliance Responsibility As an essential function, responsible for complying with Neighborhood's Corporate Compliance Program, Standards of Business Conduct, applicable contracts, laws, rules and regulations, policies and procedures as it applies to individual job duties, the department, and the Company. This position must exercise due diligence to prevent, detect and report unlawful and/or unethical conduct by fellow co‑workers, professional affiliates and/or agents.
Qualifications Required Qualifications
Bachelor's degree in Computer Science or a related area and/or sufficient experience in IT Security to equate to the degree
Minimum 10 years' experience in Information Systems
Minimum 5 years' of Information Security Experience, working with vulnerability management tools (Application/Code vulnerability scanners)
Minimum 5 years' experience working with DNS, routing, authentication, VPN, proxies, IDS/IPS, and DDOS mitigation technologies
Strong analytical and problem‑solving skills to enable effective security incident and problem resolution
Strong knowledge of threats and common vulnerabilities associated with exploitation techniques
Hands‑on experience with Patch Management and Encryption algorithms
Proven ability to work under stress in emergencies, with the flexibility to handle multiple high‑pressure situations simultaneously
Strong team‑oriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles, including vendors and IT‑business personnel
Knowledge of Microsoft Windows AD group policy management and WSUS integration
Hands‑on experience with SIEM monitoring, Patch Management, and Encryption algorithms
Familiar with NIST, HiTrust, and CIS Critical Security Controls
Demonstrated experience implementing or operating security hardware or software
Demonstrated knowledge of Azure AD and Office 365
Ability to articulate technical risk issues in business terms
Ability to work well under minimal supervision
Security Certification (CISSP, CCSP, GIAC, CISM)
Experience scripting and automating (PowerShell, Python)
Demonstrated experience with strategic thinking and risk‑based decision making
Preferred Qualifications
Knowledge of network infrastructure including routers, switches, firewalls, wireless, and associated protocols
Knowledge of SCCM, Nutanix, VMware, Linux, Web and email content filtering, Signal Sciences, Rapid 7, CrowdStrike, CyberArk
Strong understanding of TLS, HTTPS, SFTP, SSH, IPSec
Neighborhood Health Plan of Rhode Island is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.
#J-18808-Ljbffr
Location: Smithfield, RI
Position Type: Full Time
Education Level: Bachelor's Degree
Travel Percentage: None
Job Shift: Daytime
Job Category: Professional / Experienced
Position Overview Senior Cyber Security Analyst is an experienced cyber security individual who maintains the security of an organization's technical environment. They study existing security hardware and software, evaluate new security options and make recommendations for improvement. Senior Cyber Security Analyst also identifies weak spots in a cyber security system that may be breached and creates procedures to manage threats. Senior Cyber Security Analyst monitors networks for suspicious activity and potential cyber threats. They keep up on threat intelligence, install and maintain security software and encryption. They are responsible for aiding in the planning of security systems, implementing policy and identifying business processes that may violate intended and acceptable use policies. They monitor and remediate vulnerabilities. Senior Cyber Security Analyst works on advanced, complex technical projects or business issues requiring state of the art technical or industry knowledge.
Duties and Responsibilities
Assist in developing, operating, and evolving Cloud Access Security solutions and capabilities
Perform system security administration on designated technology platforms, including operating systems, applications, and network security devices, in accordance with the defined policies, standards and procedures of the organization, as well as with industry best practices and vendor guidelines
Perform installation and configuration management of security systems and applications, including policy assessment and compliance tools, network security appliances and host‑based security systems
Perform threat and vulnerability assessments, followed by appropriate remedial action, to ensure that systems are protected from known and potential threats and are free from known vulnerabilities. Research, recommend, and implement streamlined automation processes
Develop and maintain documentation for security systems and procedures
Conduct network monitoring and intrusion detection analysis using various computer network defense tools, such as intrusion detection/prevention systems, firewalls and host‑based security systems
Provide support to one or more projects simultaneously. Deliver projects on schedule
Deploy cloud‑centric detection to detect threats related to cloud environments and services used by the organization
Assist and train junior team members in the use of security tools, the preparation of security reports and the resolution of security issues
Apply patches where appropriate and remove or otherwise mitigate known control weaknesses, such as unnecessary services or applications or redundant user accounts, as a means of hardening systems in accordance with security policies and standards. Correlate activity across assets (endpoint, network, apps) and environments (on‑premises, cloud) to identify patterns of anomalous activity
Using threat intelligence information, research emerging threats and vulnerabilities to aid in the identification of incidents
Remains up‑to‑date in assigned area of responsibility: possesses skills and knowledge to perform job effectively; efficiently and safely; acquires, understands, and applies technical and professional information and skills; understands and adheres to policies and procedures
Supports the creation of security incident response, business continuity/disaster recovery plans, including conducting tests, publishing test results and making changes necessary to address deficiencies
Analyzes problems and alternative solutions and takes appropriate timely action to achieve desired business results. Seeks unique and novel solutions to problems and considers impact of final resolution
Perform security standards testing against computers before implementation to ensure security
Provide key performance metrics to our Risk Management team to help coordinate risk tracking
Educate internal teams on information security best practices
Assist in technical audits of IT systems and controls
Other Duties
Other duties as assigned
Corporate Compliance Responsibility As an essential function, responsible for complying with Neighborhood's Corporate Compliance Program, Standards of Business Conduct, applicable contracts, laws, rules and regulations, policies and procedures as it applies to individual job duties, the department, and the Company. This position must exercise due diligence to prevent, detect and report unlawful and/or unethical conduct by fellow co‑workers, professional affiliates and/or agents.
Qualifications Required Qualifications
Bachelor's degree in Computer Science or a related area and/or sufficient experience in IT Security to equate to the degree
Minimum 10 years' experience in Information Systems
Minimum 5 years' of Information Security Experience, working with vulnerability management tools (Application/Code vulnerability scanners)
Minimum 5 years' experience working with DNS, routing, authentication, VPN, proxies, IDS/IPS, and DDOS mitigation technologies
Strong analytical and problem‑solving skills to enable effective security incident and problem resolution
Strong knowledge of threats and common vulnerabilities associated with exploitation techniques
Hands‑on experience with Patch Management and Encryption algorithms
Proven ability to work under stress in emergencies, with the flexibility to handle multiple high‑pressure situations simultaneously
Strong team‑oriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles, including vendors and IT‑business personnel
Knowledge of Microsoft Windows AD group policy management and WSUS integration
Hands‑on experience with SIEM monitoring, Patch Management, and Encryption algorithms
Familiar with NIST, HiTrust, and CIS Critical Security Controls
Demonstrated experience implementing or operating security hardware or software
Demonstrated knowledge of Azure AD and Office 365
Ability to articulate technical risk issues in business terms
Ability to work well under minimal supervision
Security Certification (CISSP, CCSP, GIAC, CISM)
Experience scripting and automating (PowerShell, Python)
Demonstrated experience with strategic thinking and risk‑based decision making
Preferred Qualifications
Knowledge of network infrastructure including routers, switches, firewalls, wireless, and associated protocols
Knowledge of SCCM, Nutanix, VMware, Linux, Web and email content filtering, Signal Sciences, Rapid 7, CrowdStrike, CyberArk
Strong understanding of TLS, HTTPS, SFTP, SSH, IPSec
Neighborhood Health Plan of Rhode Island is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.
#J-18808-Ljbffr