Senior Cyber Security Analyst

Job Details Location: Smithfield, RI Position Type: Full Time Education Level: Bachelor's Degree Travel Percentage: None Job Shift: Daytime Job Category: Professional / Experienced Position Overview Senior Cyber Security Analyst is an experienced cyber security individual who maintains the security of an organization's technical environment. They study existing security hardware and software, evaluate new security options and make recommendations for improvement. Senior Cyber Security Analyst also identifies weak spots in a cyber security system that may be breached and creates procedures to manage threats. Senior Cyber Security Analyst monitors networks for suspicious activity and potential cyber threats. They keep up on threat intelligence, install and maintain security software and encryption. They are responsible for aiding in the planning of security systems, implementing policy and identifying business processes that may violate intended and acceptable use policies. They monitor and remediate vulnerabilities. Senior Cyber Security Analyst works on advanced, complex technical projects or business issues requiring state of the art technical or industry knowledge. Duties and Responsibilities Assist in developing, operating, and evolving Cloud Access Security solutions and capabilities Perform system security administration on designated technology platforms, including operating systems, applications, and network security devices, in accordance with the defined policies, standards and procedures of the organization, as well as with industry best practices and vendor guidelines Perform installation and configuration management of security systems and applications, including policy assessment and compliance tools, network security appliances and hostbased security systems Perform threat and vulnerability assessments, followed by appropriate remedial action, to ensure that systems are protected from known and potential threats and are free from known vulnerabilities. Research, recommend, and implement streamlined automation processes Develop and maintain documentation for security systems and procedures Conduct network monitoring and intrusion detection analysis using various computer network defense tools, such as intrusion detection/prevention systems, firewalls and hostbased security systems Provide support to one or more projects simultaneously. Deliver projects on schedule Deploy cloudcentric detection to detect threats related to cloud environments and services used by the organization Assist and train junior team members in the use of security tools, the preparation of security reports and the resolution of security issues Apply patches where appropriate and remove or otherwise mitigate known control weaknesses, such as unnecessary services or applications or redundant user accounts, as a means of hardening systems in accordance with security policies and standards. Correlate activity across assets (endpoint, network, apps) and environments (onpremises, cloud) to identify patterns of anomalous activity Using threat intelligence information, research emerging threats and vulnerabilities to aid in the identification of incidents Remains uptodate in assigned area of responsibility: possesses skills and knowledge to perform job effectively; efficiently and safely; acquires, understands, and applies technical and professional information and skills; understands and adheres to policies and procedures Supports the creation of security incident response, business continuity/disaster recovery plans, including conducting tests, publishing test results and making changes necessary to address deficiencies Analyzes problems and alternative solutions and takes appropriate timely action to achieve desired business results. Seeks unique and novel solutions to problems and considers impact of final resolution Perform security standards testing against computers before implementation to ensure security Provide key performance metrics to our Risk Management team to help coordinate risk tracking Educate internal teams on information security best practices Assist in technical audits of IT systems and controls Other Duties Other duties as assigned Corporate Compliance Responsibility As an essential function, responsible for complying with Neighborhood's Corporate Compliance Program, Standards of Business Conduct, applicable contracts, laws, rules and regulations, policies and procedures as it applies to individual job duties, the department, and the Company. This position must exercise due diligence to prevent, detect and report unlawful and/or unethical conduct by fellow coworkers, professional affiliates and/or agents. Qualifications Required Qualifications Bachelor's degree in Computer Science or a related area and/or sufficient experience in IT Security to equate to the degree Minimum 10 years' experience in Information Systems Minimum 5 years' of Information Security Experience, working with vulnerability management tools (Application/Code vulnerability scanners) Minimum 5 years' experience working with DNS, routing, authentication, VPN, proxies, IDS/IPS, and DDOS mitigation technologies Strong analytical and problemsolving skills to enable effective security incident and problem resolution Strong knowledge of threats and common vulnerabilities associated with exploitation techniques Handson experience with Patch Management and Encryption algorithms Proven ability to work under stress in emergencies, with the flexibility to handle multiple highpressure situations simultaneously Strong teamoriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles, including vendors and ITbusiness personnel Knowledge of Microsoft Windows AD group policy management and WSUS integration Handson experience with SIEM monitoring, Patch Management, and Encryption algorithms Familiar with NIST, HiTrust, and CIS Critical Security Controls Demonstrated experience implementing or operating security hardware or software Demonstrated knowledge of Azure AD and Office 365 Ability to articulate technical risk issues in business terms Ability to work well under minimal supervision Security Certification (CISSP, CCSP, GIAC, CISM) Experience scripting and automating (PowerShell, Python) Demonstrated experience with strategic thinking and riskbased decision making Preferred Qualifications Knowledge of network infrastructure including routers, switches, firewalls, wireless, and associated protocols Knowledge of SCCM, Nutanix, VMware, Linux, Web and email content filtering, Signal Sciences, Rapid 7, CrowdStrike, CyberArk Strong understanding of TLS, SFTP, SSH, IPSec Neighborhood Health Plan of Rhode Island is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status. #J-18808-Ljbffr