Information Security Analyst II

American Specialty Health, Inc. is seeking an Information Security Analyst II to join our Enterprise Security Program department. This position will protect and defend the information security posture and information assets from cyber security threats, maintain strong regulatory compliance, and reduce cyber risks to the organization.

You are invited to learn more about American Specialty Health’s events on our events page.

Responsibilities

  • Performs day-to-day information security operations and security testing functions.
  • Administers security-related systems including but not limited to: Firewalls, intrusion detection systems, network monitoring systems, vulnerability and patch management, and monitors logs for unusual or suspicious activity and takes appropriate action.
  • Responds to security alerts and identify alerts from raw observations.
  • Optimizes and enhances existing processes and security controls, identifying areas for improvement with effectiveness, technical debt and operations.
  • Coordinates security issue and remediation efforts between different ASH teams, sets clear expectations about responsibilities, communicates outcomes and measures success, escalates and communicates to management appropriately.
  • Works directly with internal customers on security related questions, concerns, issues and new implementations.
  • Maintains updated documentation of technical controls, processes and procedures.
  • Participates in security testing and application security roles.
  • Acts as technical liaison between systems administration and ESP.
  • Ensures network security best practices are implemented through managing or reviewing configurations of assets against company policy and baselines.
  • Researches and communicates the latest trends in information security and threat environments.
  • Researches industry trends for inclusion into security operations as best practices: new technologies and security intelligence feeds.
  • Implements, manages, and enforces company information security policy and procedures.
  • Creates and maintains SOPs, run books and other operational procedures.
  • Required to be available for afterhours and weekend on-call rotation and occasional travel.
  • Assists manager and/or information security officer as needed; includes but not limited to:
  • Assists with the inclusion of new security tools and technologies into ESP processes.
  • Communicates risks with management on an ongoing basis and suggests remediation steps.
  • Conducts security audits of the computing environment.
  • Assists with maintaining HIPAA, PCI-DSS, HITRUST compliance in addition to other relevant security mandates.
  • Provides status reports regarding incidents, activity, and other supporting metrics.

Qualifications

  • Bachelor’s degree in IT related field or relevant work experience. If equivalent experience, high school diploma required.
  • 3 years of experience in IT, with a minimum of 2 years in systems and security administration roles.
  • Project management experience, ideally with Agile, preferred.
  • GIAC GSEC, CompTIA Security+ or equivalent certification required.
  • Active SSCP certification preferred.
  • Valid driver’s license with good driving record. Availability of automobile for on the job use and proof of insurance.
  • Demonstrated knowledge of network infrastructure design and operations.
  • Demonstrated experience administering security technologies including but not limited to: firewalls, remote access, IDS/IPS, vulnerability and patch management, detonation chambers, log management and SIEM.
  • Demonstrated knowledge of security incident handling processes.
  • Exposure to audit, penetration testing, configuration management and vulnerability management reports and ability to assess risk based upon such findings.
  • Able to perform multifaceted projects in conjunction with day-to-day activities.
  • Ability to work complex projects with minimal direction or supervision.
  • Ability to document complex processes.

View full description

Core Competencies

  • Demonstrated ability to interact in a positive, respectful manner and establish and maintain cooperative working relationships.
  • Ability to display excellent customer service to meet the needs and expectations of both internal and external customers.
  • Excellent listening and interpersonal communication skills to identify critical core competencies based on success factors and organizational environment.
  • Ability to effectively organize, prioritize, multi-task and manage time.
  • Demonstrated accuracy and productivity in a changing environment with constant interruptions.
  • Demonstrated ability to analyze information, problems, issues, situations and procedures to develop effective solutions.
  • Ability to exercise strict confidentiality in all matters.

Mobility

Primarily sedentary, able to sit for long periods of time. 

Physical Requirements

Ability to speak, see and hear other personnel and/or objects. Ability to communicate both in verbal and written form. Ability to travel within the facility. Capable of using a telephone and computer keyboard. Ability to lift up to 10 lbs.

Environmental Conditions

Usual office setting.

American Specialty Health is an Equal Opportunity/Affirmative Action Employer.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected Veteran Status, or any other characteristic protected by applicable federal, state, or local law. 

Please view Equal Employment Opportunity Posters provided by OFCCP here.

If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access our career center as a result of your disability. To request an accommodation, contact our Human Resources Department at (800) 848-3555 x6702.

ASH will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the Company’s legal duty to furnish information.