Job Information
CareOregon Information Security Analyst II in Portland, Oregon
Candidates hired for remote positions must reside in Oregon, Washington, Utah, Idaho, Arizona, Nevada, Texas, Montana, or Wisconsin.
Job Title
Information Security Analyst II
Department
Information Systems
Exemption Status
Exempt
Requisition #
24290
Direct Reports
n/a
Manager Title
IS Security Manager
Pay & Benefits
Estimated hiring range $96,950 - $117,315 / year, 5% bonus target, full benefits. www.careoregon.org/about-us/careers/benefits
Posting Notes
This is a fully remote role, but you must reside in one of the listed 9 states.
Job Summary
The Information Security Analyst II position implements and maintains security solutions to protect CareOregon computer networks and data from cyberattacks. This includes influencing and recommending the selection of effective solutions that support organization strategies. This is a strategic position that works with infrastructure, service support and development teams to provide top-notch capabilities to monitor for system weaknesses, indicators of compromise and threat trends. Tools and platforms utilized to protect valuable assets and data include endpoint protection, SIEM, firewalls, vulnerability management and others. The position also spends substantial time evaluating, designing, and implementing IS policies and systems (plan, design, install, and maintain).
Essential Responsibilities
Security Design and Development
Actively participate in the design and maintenance of security technologies, including but not limited to, SIEM platforms, Intrusion Detection and Prevention systems, anti-malware platforms, vulnerability management, event logging, and other security services.
Provide advanced knowledge of security technology to the organization and participate in and consult on projects.
Participate in the development of technical infrastructure configuration standards aligned with HIPAA Security Rules, NIST Framework, and generally recognized security best practices for assigned technology domains.
Contribute to the improvement of the organization’s incident response plans.
Provide input and updates for the Security Awareness Training program.
Participate in the creation of assessments to verify the security of new software, online services, third-party vendors and business partners.
Contribute to the development of standard metrics to track the effectiveness of the Security Program.
Security Management and Operations
Execute tasks related to service requests, primarily for intermediate to advanced level information security activities.
Participate in the ongoing review of systems to ensure they are designed to comply with established security standards.
Participate in cybersecurity Incident Response activities and contribute to the development of policies and procedures; participate in regular testing of and training for Incident Response plans.
Update and actively maintain security systems, including Intrusion Detection and Prevention systems, anti-malware platforms, vulnerability management, event logging and other security services.
Evaluate applications for compliance with CareOregon security standards and policies.
Analyze organization needs; identify potential risks and mitigation and research and recommend solutions.
Create, run and review reports on information security system performance and event anomalies; identify substantial gaps based on findings, and make minor and advanced internal adjustments.
Develop and maintain appropriate technology documentation, including documentation about the current system design and operation.
Contribute to the design of security assessments to compare different infrastructure options as part of platform upgrades.
Participate in regular Risk Analysis and Penetration Testing efforts.
Contribute to remediation planning.
Standards and Policy Administration
Propose requirements and standards for information security.
Participate in developing and maintaining information security policies.
Participate in the creation and support of disaster recovery and organization continuity plans and initiatives.
Respond to both internal and external security audits.
Vendor Coordination and Relations
Research and evaluate products and vendors; present recommendations to senior Information Security Analysts and/or leadership.
Establish and maintain effective relationships with vendors; coordinate installation and repair services.
Maintain service contracts and licensing; monitor adherence to SLAs with outside parties; escalate issues as needed.
Organizational Responsibilities
Perform work in alignment with the organization’s mission, vision and values.
Support the organization’s commitment to equity, diversity and inclusion by fostering a culture of open mindedness, cultural awareness, compassion and respect for all individuals.
Strive to meet annual business goals in support of the organization’s strategic goals.
Adhere to the organization’s policies, procedures and other relevant compliance needs.
Perform other duties as needed.
Experience and/or Education
Required
Minimum 3 years’ experience delivering information security solutions and related services. Experience must include at least 4 of the following:
WAN firewalls
Design, configuration, and ongoing support of network security systems
Encryption methods and privacy technologies
Developing secure collaboration solutions with external partners or affiliates
Computer security technologies, such as firewalls, antivirus, and security monitoring
Risk analysis, audit, and policy compliance
Application security assessments
Third party / partner security assessments
ITIL concepts and practices
CISSP or similar certification (e.g., Security+, CySA, CASP+, etc.)
Preferred
Additional experience in related technology support and/or operational positions
Exp w/ Palo Alto Networks
Exp w/ Application Evaluation and Validation
Exp w/ SIEM Tools
Exp w/ MS Defender
Exp w/ Priviliged access
Knowledge, Skills and Abilities Required
Knowledge
Advanced knowledge and abilities in at least 3 of the following technologies:
Data loss prevention (DLP)
Intrusion Detection systems (IDS)
Intrusion Prevention systems (IPS)
Anti-malware systems
Vulnerability Management systems
Network firewalls and security appliances
Cloud security
Understanding of network transport protocols and industry standards
General systems infrastructure knowledge, including Active Directory or identity management systems
Process orientation with awareness and/or knowledge of ITIL concepts
Advanced knowledge of security incident management response and procedures
Skills and Abilities
Ability to participate in risk assessments and auditing, analyze vulnerabilities, and propose proper controls to lower risks
Growing ability to interpret HIPAA Security Rule text and NIST Frameworks and apply to organization
Strong listening, oral and written communication skills
Ability to clearly articulate policies and instructions
Demonstrated progress in conveying appropriate level of detail effectively to all levels of the organization including non-technical staff
Ability to recommend policies, document risks, and propose solutions to information technology management and senior leadership
Possess a high degree of initiative and motivation
Ability to effectively collaborate with coworkers, staff, and leaders across all departments
Ability to continuously learn new technology and stay informed of the evolving environment
Ability to think creatively to find solutions
Ability to focus on and comprehend information, learn new skills and abilities, assess a situation and seek or determine appropriate resolution, accept managerial direction and feedback, and tolerate and manage stress
Ability to work effectively with diverse individuals and groups
Ability to learn, focus, understand, and evaluate information and determine appropriate actions
Ability to accept direction and feedback, as well as tolerate and manage stress
Ability to see, read, and perform repetitive finger and wrist movement for at least 6 hours/day
Ability to hear and speak clearly for at least 3-6 hours/day
Ability to lift, carry, push and pull for at least 1-3 hours/day
Working Conditions
Work Environment(s): ☒ Indoor/Office ☐ Community ☐ Facilities/Security ☐ Outdoor Exposure
Member/Patient Facing: ☒ No ☐ Telephonic ☐ In Person
Hazards: May include, but not limited to, physical and ergonomic hazardsEquipment: General office equipment
Travel: May include occasional required or optional travel outside of the workplace; the employee’s personal vehicle, local transit or other means of transportation may be used.
#MULTI
Candidates of color are strongly encouraged to apply. CareOregon is committed to building a linguistically and culturally diverse and inclusive work environment.
Veterans are strongly encouraged to apply.
We are an equal opportunity employer. CareOregon considers all candidates regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, genetic information, disability, or veteran status.
Visa sponsorship is not available at this time.