Senior Information Security Analyst

Our Corporate team may not provide direct care, but we still touch people's lives in a very real and substantial way. The services we provide contribute greatly to the overall patient and member experience, supporting our reputation for excellence.

The Senior Information Security Analyst will have strong technical experience and a risk evaluation mindset in all areas of security operations, including event triage, incident response, vulnerability management, penetration testing, and event management (SIEM). The ideal candidate will possess the capability to analyze malware, network traffic, and large sets of data with curiosity and passion for Cybersecurity.

• Bachelor’s Degree in IT or related discipline, or equivalent experience.
• 5+ years of Information Technology experience, with at least 3+ years in Information Security roles.
• Strong background in Windows, networking, malware analysis, and data analysis. Experience with PowerShell, Bash, or other scripting languages. Ability to prioritize and independently complete tasks. Knowledge of SOC/Security Operations, ITSM, incident handling, vulnerability management, penetration testing, security frameworks, and best practices. Familiarity with application and infrastructure security solutions such as Firewalls, IDS/IPS, Data Encryption, and Access Controls. Excellent interpersonal and communication skills.
• Relevant security certifications preferred: CEH, GIAC (GCIA, GSEC), OSCP, CISSP, CISA, CISM, CySA+.
• Understanding of legal, compliance, and regulatory requirements like HIPAA, NYDFS, and frameworks such as NIST CSF and MITRE.
• Project Management experience, Cloud Security expertise, and Risk Management skills.

• Monitor, investigate, correlate, and interpret SIEM logs and MSSP alerts across multiple platforms.
• Manage, configure, troubleshoot security systems.
• Identify opportunities to improve processes through automation.
• Enhance detection methods and accuracy.
• Perform vulnerability scans, interpret results, and coordinate remediation efforts.
• Conduct audits of information systems and controls; document findings and collaborate on remediation.
• Create and maintain documentation for policies and procedures.
• Document investigation findings and artifacts.
• Participate in Incident Response activities, coordinate with teams to mitigate threats.
• Analyze malware, exploits, and threat activities.
• Stay current with Cybersecurity Threat Intelligence, industry trends, and situational awareness.
• Develop automation and orchestration scripts for research and deployment.
• Track and complete security enhancement projects.