Listing Description
All interviewing and on-boarding are done virtually due to COVID-19. This position will continue to work from home until it’s safe to return to office. When our offices re-open, this position will be required to work from the Burlingame office.
We are seeking an Information Security Analyst to join AcuSPHERE Data and Information Security (ADIS) Team. Our team strives to keep our networks and users safe from constantly emerging threats. As a critical part of this team, you will work with business leads, application developers, and system and network engineers to apply security best practices and solutions to protect proprietary information, sensitive healthcare data, and the overall network environment.
This position performs several core functions to support and monitor the company’s Information Security Program.
As an Information Security Analyst your primary responsibilities will include:
- Security impact assessments
- assess tools, applications, systems and infrastructures to ensure compliance with the latest government regulations and security best practices, and that established baselines are maintained,
- assist with the design and execution of vulnerability assessments on applications, system designs and infrastructure, and security compliance assessments,
- improve enterprise security architecture, designing and implementing remediation technologies, techniques, and processes,
- Auditing and monitoring
- design, integrate monitoring tools/capabilities with and maintain the SIEM application,
- monitor information security alerts and collaborate with other technical teams to respond, triage, and escalate as needed. Alerts include logs from firewalls, IDS, OS, Antivirus, databases, web application firewalls, and web servers.
- audit the system environment and provide actionable information pertaining to risk discovery and create and maintain complex event alerts and summary reports
- coordinate and assist with responses and evidence collection for external audits,
- Other duties as assigned (not limited to:)
- draft information security policies, processes, and procedures, using security best practices, compliance requirements, and contractual obligations,
- Develop and report key security metrics.
- promote security awareness and practices throughout the company and provide support and guidance to employees with security questions and concerns,
Qualifications:
- Bachelor’s degree in Computer Science, security, compliance, or related field or commensurate experience
- 2-5 years’ experience in the data security principles needed to implement security controls and oversee data security practices
- In-depth knowledge of the security assessment lifecycle
- Experience with integrating security into development lifecycles and providing advice on secure product design
- Good understanding of hacking techniques and defensive countermeasures
- Have excellent organizational, analytical, and problem-solving skills
- Strong interpersonal, oral and written communication skills and ability to advise IT system architects, technical project teams, and high-level business managers
- Self-driven education to stay abreast of security developments and threats
- Detail-focused, adherent to procedures
- Proficiency in one or more programming languages (Python, Java, .NET)
- SIEM experience – log aggregation and event notification tool
- Strong Linux fundamentals preferred
- Experience with Vulnerability Assessment tools and applications
- Understanding of NIST, DISA STIG and CIS frameworks and security best practices
PREFERRED QUALIFICATIONS:
- Proficiency in one or more programming languages (Python, Java, .NET)
- SIEM experience – log aggregation and event notification tool
- Strong Linux fundamentals preferred
- Experience with Vulnerability Assessment tools and applications
- Understanding of NIST, DISA STIG and CIS frameworks and security best practices
Listing Details
- Citizenship: Us Citizen
- Incentives: Not Provided
- Education: Bachelors Degree
- Travel: No Travel
- Telework: Not Provided