Akron, OH 44310
Seeking a Mid-Level and Senior Information Security Analyst to perform core information security functions for the enterprise. This includes the day-to-day operations of information security solutions as well as the identification, investigation, and resolution of security breaches detected by those systems. The Information Security Analyst will design and lead the implementation of new security solutions, lead the creation and/or maintenance of policies, standards, baselines, guidelines and procedures, as well as conduct vulnerability assessments and compliance activities. The Senior Information Security Analyst will have a strong background and experience in all areas of information security.
- Lead the design and execution of vulnerability assessments, penetration tests, and security audits.
- Serve as the Information Security subject matter expert in the planning, design, and implementation of enterprise security architecture for technical, operational, and administrative activities. Participate in the identification, containment, eradication, and resolution of security issues.
- Perform the deployment, integration and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise’ s security documents specifically Operational Management
- Maintain up-to-date baselines for the secure configuration and operations of all in-place devices, whether they be under direct control (i.E., security tools) or not (i.E., workstations, servers, network devices, etc.).
- Maintain operational configurations of all in-place security solutions as per the established baselines.
- Monitor all in-place security solutions for efficient and appropriate operations.
- Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines and procedures) under the direction of the IT Security Manager, where appropriate.
- Participate in the planning and design of an enterprise Business Continuity Plan and Disaster Recovery Plan, under the direction of the CISO, where appropriate.
- Perform security audits and technical analysis of network activity and monitor and evaluate network flow data, signature-based Intrusion Detection System (IDS) events, and full packet capture (PCAP) data.
- Triage IDS alerts, collect related data from various network analysis systems, review available open and closed source information on related threats & vulnerabilities, and prepare initial summary
- Participate in HIPAA and NIST controls and controls monitoring activities.
- Bachelor’ s Degree, Information Systems, Computer Science, Information Security or related field required.
- Certified Information Systems Security Professional (CISSP) or related certification preferred.
- 5-10 years Information security experience with a proven ability to engage with Senior Management and regulators.
- 4+ years’ experience in administering Information security controls and Governance, Risk and Compliance in an large organization.
- Knowledge of technical infrastructure, networks, databases, and systems.
- Experience with Intrusion Prevention System (IPS)/IDS and Security Incident and Event Manager (SIEM) technologies.
Experience in Healthcare System Environment a plus.