Receive alerts when this company posts new jobs.
Analyst - Information Security (REMOTE)
- Job ID
As an Analyst-Information Security, you will be responsible for the day-to-day administration of information security tools and devices, analyzing new/existing security threats and security measures to safeguard against them, establish/updating actionable security metrics, monitoring and review of the information security mailbox and associated ticket queues, which includes the analysis and appropriate response to suspected phishing attacks, security incidents, etc.
The individual in this position will at times interact closely with product vendors and service providers, with personnel from various IT departments — including the application development, operations and network, and privacy/compliance teams — and with business departments. Knowledge of CareCentrix’s operating systems and security applications, as well as develop a working knowledge of basic network protocols and tools, will be required.
- Scan, evaluate and report on vulnerabilities across CareCentrix’s infrastructure environments. Assist infrastructure teams in validating results and developing remediation plans
- Conduct dynamic and manual penetration tests against CareCentrix’s web applications
- Works with the CareCentrix business units and with other risk functions to identify security requirements, using methods that may include risk and business impact assessments
- Develops, with some direction, strategies and plans to achieve security requirements and address identified risks
- Monitors control and vulnerability assessments to identify control weaknesses and assess the effectiveness of existing controls, and recommends remedial action
- Reports to CareCentrix management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance
- Collaborates on critical IT projects to ensure that security issues are addressed throughout the project life cycle
- Under direct supervision, will assist in the development of security architecture and security policies, principles and standards
- With some direction, develops security processes and procedures and supporting service-level agreements (SLAs) to ensure that security controls are managed and maintained
- Takes direction from Lead on security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems
- Assists in validating baseline security configurations for operating systems, applications, networking and telecommunications equipment
- Assists with the resolution of negative audit findings reported by CareCentrix's internal or external auditors
- Assists security administrators and IT staff in the resolution of reported security incidents
- Trains on the use of security tools, the preparation of security reports and the resolution of security issues
- May participate with direction in security investigations and compliance reviews as requested by internal or external auditors
- Researches, evaluates, designs, tests, makes recommends and plans the implementation of new or updated information security technologies
- Researches and assesses new threats and security alerts and recommends remedial action
- Monitors the information security mailbox and ticket queues, responding to inquiries and addressing issues in a timely manner.
- Bachelor’s Degree in Computer Science or similar required
- GIAC Web Application Penetration Tester (GWAPT) certification required
- Minimum of 2 years’ experience in information risk concepts and principles, as a means of relating business needs to security controls
- Prior experience in Network Administration or Systems Administration required.
- Exposure with common information security management frameworks, such as International Standards Organization (ISO) 17799/27001 and the IT Infrastructure Library (ITIL), Control Objectives for Information and Related Technology (CobiT) and National Institute of Standards and Technology (NIST) frameworks
- Technical knowledge or exposure of mainstream operating systems (for example, Microsoft Windows and Sun Solaris) and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance and desktop security tools
- General knowledge of network infrastructure, including routers, switches, firewalls and associated network protocols and concepts
- Exposure to Audit, compliance or governance experience preferred
*This role can be worked remote from home.
CareCentrix maintains a drug-free workplace in accordance with Florida’s Drug Free Workplace Law.
We are an equal opportunity employer. Employment selection and related decisions are made without regard to age, race, color, national origin, religion, sex, disability, sexual orientation, gender identification, or being a qualified disabled veteran or qualified veteran of the Vietnam era or any other category protected by Federal or State law.