Senior Security Analyst

Company Profile:

Consortium Health Plans (www.consortiumhealthplans.com) is an independent company that focuses exclusively on its member large employer market growth efforts.

Today, Consortium helps clients tackle their unique challenges through a wide range of tools and resources related to actuarial analytics, sales and marketing strategies, consultant relations, and clinical solutions.

Consortium Health Plans is proud of its team of experts in healthcare, technology, software development, data and analytics, actuarial science, underwriting, sales and marketing, and communications. Consortium’s executive leadership team encompasses a broad range of expertise from strategic planning, benefits consulting, clinical delivery and data analytics to sales and account management, marketing, and staff development.

The Role: 

As a member of the Information Security Team, you will be an integral part of the team responsible for maintaining and enhancing the safety and security of Consortium’s ecosystem. You will work closely with the InfoSec Director and team to implement policies and procedures to ensure compliance with various frameworks such as HITRUST and NIST. You will serve as a key member of the team responsible for analyzing current security protocols to identify gaps or vulnerabilities that could be exploited.

The Candidate:

The Senior Security Analyst will support designing, testing, implementing, supporting technical security infrastructure solutions, packaged applications for server and desktop environments as well as providing escalation for our Managed Services Security Provider (MSP).

This position provides security technology expertise to all areas of the company by engineering, implementing, and administering security related technology for all end points including servers, desktops, laptops, firewalls, web application firewalls, etc.

Essential Responsibilities (must be performed with or without reasonable accommodation):

·         Support designing and implementing security measures based on business needs and industry best practices

·         Monitoring networks for potential threats using security tools such as firewalls, SIEM, EDR and antivirus software

·         Creating security policies, procedures, and plans to safeguard data and systems from cyber attacks

·         Performing risk assessments to identify potential security threats in an organization’s computing environment

·         Analyzing the impact of emerging technologies on existing security systems and identifying potential risks

·         Providing recommendations on new security measures to strengthen existing security systems

·         Conducting security audits to identify potential vulnerabilities in computer networks and applications

·         Conducting a forensic analysis of cyber-attacks to determine the source of the attack and how to prevent similar attacks in the future

·         Developing and executing basic project plans for Information Security Projects

·         Reviewing and maintaining IT security policies and procedures in conjunction with the Director of Information Security.

·         Working closely and cooperatively with other staff members involved with information security and privacy issues.

·         Adhering to corporate information security guidelines and promoting information security among coworkers.

·         Administering and maintaining healthy security infrastructure, interacting with vendors and management to execute proper support processes to meet the company’s needs.

·         Maintaining implementation and change control documentation for system changes

·         Comply with all information privacy and security policies as specified in the “Consortium Health Plans Information Privacy & Security Policy Manual”

Qualifications and Skills: 

·         Bachelor’s degree in computer science, Information Technology, or related field required.

·         Extensive exp working with Splunk to include the following:

·         developing and maintaining dashboards, writing queries and reports

·         platform integration and management of infrastructure components, alerting and monitoring

·         configuration experience working with different web applications and flat files

·         experience with Splunk Architecture (indexer, Heavy & Universal forwarder, search, deployment server)

·         Splunk Administration and troubleshooting.

·         Real world experience with at least 3 of the following (implementation experience a plus):

o    Crowdstrike Falcon

o    SecureWorks

o    Beyond Trust

o    Proofpoint CASB

o    Tenable

o    O365 Admin

·         Skilled with scripting in python, bash, and PowerShell

·         Skilled with regex

·         Familiar with pen testing concepts

·         Hands-on experience with 4 of the following

o    HITRUST framework

o    Data Loss Prevention

o    Vulnerability Management

o    Identity and Access Management

o    Vulnerability Assessment

o    Security Awareness (phishing, training, etc.)

Attributes and Competencies (refer to Core and Functional Competencies of Career Development Framework):

·         Team-oriented and collaborative mindset with ability to work within a team or independently as needed

·         Strong written and verbal communication skills, with ability to keep leadership in the loop

·         Project management

·         Able to present to large groups

·         Ability to self-manage priorities, commitments, and deadlines

·         Strong problem-solving, critical thinking, analytical ability with keen eye for detail

·         Strong organization and process improvement skills

Physical Demands:

·         Ability to travel locally and nationally (<5% of time per year)

·         Primarily sedentary. Position requires extensive phone and computer work

 Sponsorship:

·         Consortium does not participate in visa sponsorship, including the transfer of sponsorship from another employer.