We are looking for a versatile candidate who will help design, implement, and maintain cyber security technology solutions and procedures in a fast growing company. This position involves adhering to and implementing processes and technology to achieve and maintain security and compliance. XIFIN manages health care financial information, requiring compliance with both the HIPAA and PCI-DSS regulations. The position reports directly to the Director of Cyber Security.
The Security Analyst is responsible for ensuring the effective and appropriate use of security technology solutions and processes that reduce risk and increase the security of the company and its data. Security Analysts participate in recommending, creating and deploying new ways to solve security issues and therefore must possess and continue to advance their understanding of identifying and mitigating Cyber Security threats and attack techniques. These individuals possess exceptional detection, incident handling and response skills with a conceptual understanding of computer forensics.
The majority of time the Security Analyst will actively tune proactive defenses as a result of performing continuous monitoring, threat hunting, and frequent security checks that test the security posture of XIFIN applications, security solutions, controls and procedures. The Security Analyst will also participate in utilizing active defense strategies.
The Security Analyst will assess actual application, encryption and system configurations against Cyber Security frameworks and hardening standards. As a result, the analyst will work with XIFIN’s application developers, IT operations and other professionals to deploy changing and evolving configurations to mitigate and prevent Cyber Security threats and vulnerabilities.
• Continuous monitoring of security information systems and their events to identify Cyber Security incidents and violations
• Continuous use of security tools to check the security posture of XIFIN applications, security solutions, controls and procedures
• Respond to network intrusions and perform incident handling and response procedures preparing for forensic investigation
• Configure and set up firewalls, proxies, active defense tools, and intrusion prevention systems
• Actively seeking indicators of compromise through threat hunting procedures
• Review and assess system configurations against best practices and regulatory standards
• Participate in XIFIN’s vulnerability management program
• Assist in the tracking privacy and security incidents throughout the company and ensuring they are satisfactorily resolved
• Develop and execute test plans that properly evaluate the security of new hardware and software
• Identify and evaluate security solutions that contribute to a defense in depth security strategy to protect the company
• A Bachelor’s degree in Engineering, Computer Science, or related field is needed for this position
• 3+ years of work experience in a similar position
• Have a high degree of knowledge and comprehension in the core principles of information security, network and security architecture, incident detection, incident response, data loss prevention, and information security policies and regulation
• Ability to manage multiple assignments and track through to completion
• Requires excellent verbal and written communication, interpersonal and customer service skills with the strong ability to interact professionally with a diverse group, executives, managers, and subject matter experts
• Familiarity with HIPAA and/or PCI-DSS a plus
• May work overtime as needed.
• Security certifications such as GCED, GCIH, GCIA, GCUX, GCWN, GMON, CISSP, CISA, or CHPS also a plus