Information Security Analyst I
New York, NY 
Share
Posted 7 days ago
Email Job 
Email Job
Job Description
Position: Information Security Analyst I
Location: Remote
Job Id: 2156
# of Openings: 1
Position Title: Analyst I, Information Security
Salary Range: $78,000 - $90,000
Department: Information Technology
Reports to: Information Security Manager
Location: Remote
Schedule: M-F; 9am-5pm EST

Formerly the Mental Health Association of New York City (MHA-NYC), Vibrant Emotional Health's groundbreaking solutions have delivered high quality services and support, when, where and how people need it for over 50 years. Through our state-of-the-art technology-enabled services, community wellness programs, and advocacy and education work, we are building a society in which emotional wellness can be a reality for everyone.

Position Summary:

Vibrant is looking for an Information Security Analyst I to join our Cybersecurity team as it grows. You will report directly to the Information Security Manager. The primary emphasis of this role will be on cloud, infrastructure and application security, incident response, auditing, and other relevant aspects of the program, as required. This role will be involved in day-to-day operations of the in-place security solutions. You will be responsible for playing a key role in protecting the confidentiality, integrity, and availability of all company data and systems. This may include the identification, investigation, and resolution of security incidents detected by those systems. Projects may include the implementation of new security solutions, participation in the creation and/or maintenance of policies, standards, baselines, guidelines, and procedures, as well as conducting vulnerability audits and assessments, and working with technology teams to update and maintain system security. The Security Analyst is expected to be fully aware of the enterprise's security goals as established by its stated policies, procedures, and guidelines and to actively work towards upholding those goals.

Duties/Responsibilities:
Operational Management
  • Review existing cloud, on-prem, and end-user system configurations, and make recommendations to improve security posture
  • Monitor all in-place security solutions for efficient and appropriate operations.
  • Review logs and reports of all in-place devices, whether they be under direct control (i.e. security tools) or not (e.g. workstations, servers, network devices). Interpret the implications of that activity and devise plans for appropriate resolution.
  • Respond to tickets for addressing security concerns, vulnerabilities, and end-user reported issues.
  • Participate in investigations into problematic activity.
  • Participate in the design and execution of vulnerability assessments, penetration tests, and security audits.
  • Maintain up-to-date baselines using industry standard frameworks such as CIS and CSA for the secure configuration and operations of all in-place devices, whether they be under direct control (i.e. security tools) or not (e.g. workstations, servers, network devices).
  • Maintain operational configurations of all in-place security solutions as per the established baselines and industry best practices.
  • Provide on-call support for end users for all in-place security solutions.
  • Partner with AppDev to identify and remediate vulnerabilities in applications
Strategy & Planning
  • Participate in the planning and design of enterprise security architecture.
  • Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures).
  • Participate in the planning and design of an enterprise business continuity plan and disaster recovery plan.
  • Acquisition & Deployment
  • Maintain up-to-date detailed knowledge of the Cybersecurity industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors.
  • Assist with recommending additional security solutions or enhancements to existing security solutions to improve overall enterprise security.
  • Perform the deployment, integration, and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise's security documents specifically.
Position Requirements:
Formal Education & Certification
  • College diploma or university degree in Cybersecurity or other computer technology degree and/or two years equivalent work experience.
  • One or more of the following certifications:
  • Any AWS Certified Associate level certifications
  • AWS Certified Security - Specialty
  • GIAC Cloud Security Essentials (GCLD)
  • CompTIA Security+
  • GIAC Security Essentials (GSEC)
Knowledge & Experience
  • Minimum 2 years of technical experience working in cloud, application, infrastructure, and/or network security required
  • Minimum 1 year of experience with AWS required
  • Minimum 1 year of experience with Cloud-based security technologies required
  • Minimum 1 year of experience with Linux operating systems required
  • Familiar with cloud security principles and best practices.
  • Experience working with AWS IAM, infrastructure, security services, logging, and other serverless services.
  • Familiar with AWS Security Hub
  • Experience working with and implementing security controls and system configurations for technologies such as: AWS, Azure, GCP, Microsoft AD, Linux.
  • Working technical knowledge of Cloud and SaaS security solutions and tools.
  • Familiar with DevSecOps, Application Security, or other secure software development lifecycle methodologies.
  • Some scripting experience with bash or Python
  • Some experience with Incident Response or Penetration Testing as a nice to have
  • Familiar with threat modeling methodologies
  • General knowledge of security frameworks and controls such as: NIST (CSF, SP 800-53, SP 800-171), CIS, CSA, ISO27000.
  • Some experience with security systems and tools that may include: Firewalls, WAF, SIEM, SOAR, MDR, IAM, PAM/PIM, Network Packet sniffers, Nmap, IDS/IPS, Vulnerability Management tools, SAST/DAST Burp Suite.
  • Some experience with Encryption, Antivirus/Malware, Penetration Testing, Source Code Scanning.
  • Basic understanding of IP, TCP/IP, and other network administration protocols.
Personal Attributes
  • Proven analytical, troubleshooting and problem-solving abilities.
  • Ability to effectively prioritize and execute tasks in a high-pressure environment.
  • Good written, oral, and interpersonal communication skills.
  • Ability to conduct research into IT security issues and products as required.
  • Ability to present ideas in business-friendly and user-friendly language.
  • Highly self-motivated and directed.
  • Keen attention to detail.
  • Team-oriented and skilled in working within a collaborative environment.
Excellent comprehensive benefits, including medical, dental, vision, supplemental income insurance, pre-tax transit/parking, pre-tax FSA for medical and dependent care, and 401K available. 4 weeks' vacation, plum benefits, etc.
Studies have shown that women and people of color are less likely to apply for jobs unless they believe they are able to perform every task in the job description. We are most interested in finding the best candidate for the job, and that candidate may be one who come from a less traditional background. Vibrant will consider any equivalent combination of knowledge, skills, education and experience to meet minimum qualifications. If you are interested in applying, we encourage you to think broadly about your background and skill set for the role.
Vibrant Emotional Health is an equal opportunity employer. Applicants are considered for positions without regard to veteran status, uniformed service member status, race, creed, color, religion, gender, gender identity, sex, sexual orientation, citizenship status, national origin, marital status, age, physical or mental disability, genetic information, caregiver status or any other category protected by applicable federal, state or local laws.
"Please be aware that fictitious job openings, consulting engagements, solicitations, or employment offers may be circulated on the Internet in an attempt to obtain privileged information, or to induce you to pay a fee for services related to recruitment or training. Vibrant does NOT charge any application, processing, or training fee at any stage of the recruitment or hiring process. All genuine job openings will be posted on our careers page and all communications from the Vibrant recruiting team and/or hiring managers will be from an @vibrant.org email address"
Apply for this Position
Apply with Indeed

 

Read More
Job Summary
Company
Vibrant Emotional Health
Start Date
As soon as possible
Employment Term and Type
Regular, Full Time
Required Education
Bachelor's Degree
Required Experience
1 to 2 years
Email this Job to Yourself or a Friend
Indicates required fields