Senior Analyst - Information Security

As a Sr. Analyst - Information Security, you will be responsible for the day-to-day administration of information security tools and devices. You will analyze new/existing security threats and implement security measures to safeguard against them. You will be tasked with establishing and updating actionable security metrics, monitoring information security service requests and associated ticket queues, and triaging response to suspected phishing attacks, security incidents, etc.

The individual in this position will at times interact closely with product vendors, service providers, and personnel from various IT and business departments - including application development, operations and network, privacy/compliance and business teams. This role requires a core working knowledge of operating system security, basic network protocols, and the security toolsets and applications utilized by the CareCentrix Information Security team.

In this role you will:

• Develop, with some direction, strategies and plans to achieve security requirements and address identified security risks
• Assist in security control and vulnerability assessments, assess the effectiveness of existing controls, and recommend remedial actions
• Report residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance, to CareCentrix management
• Lead accurate, timely, and accountable quarterly user access reviews to ensure completeness of security compliance audits
• Assist with analysis and response to suspicious reported emails and suspected email phishing attacks
• Monitor and resolve information security mailbox inquires, ticket queues, service requests, and blocked access reviews
• Manage employee phishing assessments and remediation training program
• With some direction, develop security processes and procedures and support service-level agreements (SLAs) to ensure successful security control management and improvement
• Utilize security incident and event management (SIEM) and XDR/EDR platforms to lead incident investigations and perform threat hunting
• Monitor security industry headlines and threat disclosure feeds for known and new zero day attacks that may affect the organization
• Continually train and improve in the use of security tools, the preparation of security reports and the resolution of security issues
• Participate in security investigations and compliance reviews as requested by internal or external auditors
• Research and assess new threats and security alerts and recommend remedial action

This is the role for you if:

• You are more on the "technical" side of information security vs. GRC/Compliance (60/40% mix)
• You have exposure to firewalls (Palo Alto)
• You have prior experience/knowledge in Network Administration or Systems Administration
• You have extensive experience with User Access Reviews (related to SOC 1)

You should get in touch if:

• You have a Bachelor's Degree in Computer Science, Information Security, or equivalent work experience
• You have industry certifications (highly desired): CISSP, CCSP, GSEC, CEH, CASP, AWS Security, Azure Security
• You have a minimum of 6 years' experience in a role applying information risk concepts and principles as a means of relating business needs to security controls
• You have exposure to common information security management frameworks, such as International Standards Organization (ISO) 17799/27001 and the IT Infrastructure Library (ITIL), Control Objectives for Information and Related Technology (COBIT) and National Institute of Standards and Technology (NIST) cybersecurity frameworks
• You have technical knowledge or exposure to mainstream operating systems (Microsoft Windows and Linux) and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, coordinated detection and response platforms, automated policy compliance and desktop security tools
• You have general knowledge of network infrastructure, including routers, switches, firewalls and associated network protocols and concepts
• You have general knowledge of industry-standard IaaS and PaaS solutions (Azure, AWS, etc.) and associated hardening best-practices
• You have exposure to audit, compliance or governance experience (preferred)

What we offer:

• Annual salary of $120000 - $130000 / year plus corporate bonus incentive
• Full range of benefits including Health, Dental and Vision with HSA Employer Contributions and Dependent Care FSA Employer Match
• Generous PTO, 401K Savings Plan, Paid Parental Leave, free on-demand Virtual Fitness Training and more
• Advancement opportunities, professional skills training, and tuition Reimbursement
• Great culture with a sense of community

*This role can be worked remote within the United States only

CareCentrix maintains a drug-free workplace.

#IDCC

We are an equal opportunity employer. Employment selection and related decisions are made without regard to age, race, color, national origin, religion, sex, disability, sexual orientation, gender identification, or being a qualified disabled veteran or qualified veteran of the Vietnam era or any other category protected by Federal or State law.

PI218730941