Listing Description

About EASE:
EASE's explosive success in the healthcare management industry is a result of the company's disruptive SaaS innovation and unparalleled service model, forever changing the way employers, brokers, insurance carriers, and general agents think about benefits and HR administration. The company's flagship benefits administration solution - built by brokers for brokers - is widely adopted and reputed, praised for its simplicity and reliability, and already shaping the future of medical benefits technology.

Job Overview: As a Cybersecurity Analyst II at Ease you will be part of a growing team focused on maturing security and compliance best practices within a thriving organization. This position will provide the opportunity to enhance your breadth of experience in the Cybersecurity field to include performing multiple functions in a fast-paced environment. In addition to being a Cybersecurity Analyst, you’ll be responsible for assisting in the security compliance functions such as risk assessments, vendor risk assessments and due diligence, defining and implementing policy, and developing and maintaining key metrics as part of the continuous monitoring program.

Responsibilities:
- Utilizing Security Incident Event Management (SIEM) system; respond to security incidents, conduct remediation activities, provide root cause and postmortem analysis, as required
- Assist Managed Security Services Provider (MSSP) in improving SIEM alerting and reporting
- Monitor, manage, and coordinate the maintenance and operation of the Security Incident and Event Management System (SIEM)
- Experience with managing and/or developing an Identity Access Management (IAM) system
- Monitor and respond to Endpoint Detection and Response (EDR), Antivirus/Anti Malware alerts
- Monitor and maintain policies related to Mobile Device Management (MDM) solutions
- Lead Incident Response activities for potential system breaches and/or data exposure events
- Expertise in utilizing a Secure Web Gateway to manage URL and Cloud Application policies
- Review current system security measures; identify potential risks and recommend actionable plans to implement enhancements and protect the organization
- Implement system and network security policies and procedures
- Support cybersecurity projects by gathering security requirements and benchmarking potential security solutions for implementation of security controls
- Working with Corporate IT and Engineering to implement policies, technologies, and security best practices
- Aide in the development and sustainment of a security continuous monitoring program
- Verify user and system security configurations for compliance with internal and external requirements; collect and maintain appropriate evidence and supporting documentation
- Assist with due diligence inquiries and requests for information related to information technology controls and security
- Manage Business Continuity Planning (BCP)/Disaster Recovery (DR) and Incident Response (IR) programs

Qualifications:
- Extensive experience in operational cybersecurity policy, processes, and procedures
- Experience with managing or working with Endpoint Detection and Response (EDR), Antivirus/Anti-Malware, and SIEM platforms/systems
- Understanding of Zero Trust models, technologies, and implementation practices
- Data Loss Prevention (DLP) program development and/or technology deployment
- Knowledge in Cloud Security best practices; preferably Amazon Web Services (AWS)
- Ability to oversee organizations Business Continuity/Disaster Recovery, and Incident Response programs with a focus on Red/Blue Team exercises
- A working knowledge of current IT risks and experience in implementing security solutions
- Ability to understand and apply the MITRE ATT&CK Framework
- Experience with web application security tools for static and dynamic scanning, preferred
- An understanding of regulatory compliance standards such as SOC, HITRUST, and HIPAA
- Bachelor’s Degree in Information Systems, Management of Information Systems, Cybersecurity, or other related IT Security related fields, preferred
- CISSP or CISA certification preferred
- Ability to communicate effectively both verbally and in written communications

Must have proof of legal authority to work in the U.S.

EASE is an equal employment opportunity employer for all applicants and employees. We do not discriminate on the basis of race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), gender identity, national origin, ancestry, citizenship, age, physical or mental disability, legally protected medical condition, family care status, veteran status, marital status, domestic partner status, sexual orientation, or any other basis protected by applicable local, state, or federal laws. When necessary, we also make reasonable accommodations for disabled employees and for pregnant employees who request an accommodation, with the advice of their health care providers, for pregnancy, childbirth, or related medical conditions.