Candidates hired for remote positions must reside in Oregon, Washington, Utah, Idaho, Arizona, Nevada, Texas, Montana, or Wisconsin.

Job Summary

The Information Security Analyst II position implements and maintains security solutions to protect CareOregon computer networks and data from cyberattacks. This includes influencing and recommending the selection of effective solutions that support organization strategies. This is a strategic position that works with infrastructure, service support and development teams to provide top-notch capabilities to monitor for system weaknesses, indicators of compromise and threat trends. Tools and platforms utilized to protect valuable assets and data include endpoint protection, SIEM, firewalls, vulnerability management and others. The position also spends substantial time evaluating, designing, and implementing IS policies and systems (plan, design, install, and maintain).

Essential Responsibilities

Security Design and Development

• Actively participate in the design and maintenance of security technologies, including but not limited to, SIEM platforms, Intrusion Detection and Prevention systems, anti-malware platforms, vulnerability management, event logging, and other security services.
• Provide advanced knowledge of security technology to the organization and participate in and consult on projects.
• Participate in the development of technical infrastructure configuration standards aligned with HIPAA Security Rules, NIST Framework, and generally recognized security best practices for assigned technology domains.
• Contribute to the improvement of the organization's incident response plans.
• Provide input and updates for the Security Awareness Training program.
• Participate in the creation of assessments to verify the security of new software, online services, third-party vendors and business partners.
• Contribute to the development of standard metrics to track the effectiveness of the Security Program.

Security Management and Operations

• Execute tasks related to service requests, primarily for intermediate to advanced level information security activities.
• Participate in the ongoing review of systems to ensure they are designed to comply with established security standards.
• Participate in cybersecurity Incident Response activities and contribute to the development of policies and procedures; participate in regular testing of and training for Incident Response plans.
• Update and actively maintain security systems, including Intrusion Detection and Prevention systems, anti-malware platforms, vulnerability management, event logging and other security services.
• Evaluate applications for compliance with CareOregon security standards and policies.
• Analyze organization needs; identify potential risks and mitigation and research and recommend solutions.
• Create, run and review reports on information security system performance and event anomalies; identify substantial gaps based on findings, and make minor and advanced internal adjustments.
• Develop and maintain appropriate technology documentation, including documentation about the current system design and operation.
• Contribute to the design of security assessments to compare different infrastructure options as part of platform upgrades.
• Participate in regular Risk Analysis and Penetration Testing efforts.
• Contribute to remediation planning.

Standards and Policy Administration

• Propose requirements and standards for information security.
• Participate in developing and maintaining information security policies.
• Participate in the creation and support of disaster recovery and organization continuity plans and initiatives.
• Respond to both internal and external security audits.

Vendor Coordination and Relations

• Research and evaluate products and vendors; present recommendations to senior Information Security Analysts and/or leadership.
• Establish and maintain effective relationships with vendors; coordinate installation and repair services.
• Maintain service contracts and licensing; monitor adherence to SLAs with outside parties; escalate issues as needed.

Organizational Responsibilities

• Perform work in alignment with the organization's mission, vision and values.
• Support the organization's commitment to equity, diversity and inclusion by fostering a culture of open mindedness, cultural awareness, compassion and respect for all individuals.
• Strive to meet annual business goals in support of the organization's strategic goals.
• Adhere to the organization's policies, procedures and other relevant compliance needs.
• Perform other duties as needed.

Experience and/or Education

Required

• Minimum 3 years' experience delivering information security solutions and related services. Experience must include at least 4 of the following:
  • WAN firewalls
  • Design, configuration, and ongoing support of network security systems
  • Encryption methods and privacy technologies
  • Developing secure collaboration solutions with external partners or affiliates
  • Computer security technologies, such as firewalls, antivirus, and security monitoring
  • Risk analysis, audit, and policy compliance
  • Application security assessments
  • Third party / partner security assessments
  • ITIL concepts and practices
• CISSP or similar certification (e.g., Security , CySA, CASP , etc.)

Preferred

• Additional experience in related technology support and/or operational positions
• Exp w/ Palo Alto Networks
• Exp w/ Application Evaluation and Validation
• Exp w/ SIEM Tools
• Exp w/ MS Defender
• Exp w/ Priviliged access

Knowledge, Skills and Abilities Required

Knowledge

• Advanced knowledge and abilities in at least 3 of the following technologies:
  • Data loss prevention (DLP)
  • Intrusion Detection systems (IDS)
  • Intrusion Prevention systems (IPS)
  • Anti-malware systems
  • Vulnerability Management systems
  • Network firewalls and security appliances
  • Cloud security
• Understanding of network transport protocols and industry standards
• General systems infrastructure knowledge, including Active Directory or identity management systems
• Process orientation with awareness and/or knowledge of ITIL concepts
• Advanced knowledge of security incident management response and procedures

Skills and Abilities

• Ability to participate in risk assessments and auditing, analyze vulnerabilities, and propose proper controls to lower risks

• Growing ability to interpret HIPAA Security Rule text and NIST Frameworks and apply to organization
• Strong listening, oral and written communication skills
• Ability to clearly articulate policies and instructions
• Demonstrated progress in conveying appropriate level of detail effectively to all levels of the organization including non-technical staff
• Ability to recommend policies, document risks, and propose solutions to information technology management and senior leadership
• Possess a high degree of initiative and motivation
• Ability to effectively collaborate with coworkers, staff, and leaders across all departments
• Ability to continuously learn new technology and stay informed of the evolving environment
• Ability to think creatively to find solutions

• Ability to focus on and comprehend information, learn new skills and abilities, assess a situation and seek or determine appropriate resolution, accept managerial direction and feedback, and tolerate and manage stress
• Ability to work effectively with diverse individuals and groups

• Ability to learn, focus, understand, and evaluate information and determine appropriate actions
• Ability to accept direction and feedback, as well as tolerate and manage stress
• Ability to see, read, and perform repetitive finger and wrist movement for at least 6 hours/day
• Ability to hear and speak clearly for at least 3-6 hours/day

• Ability to lift, carry, push and pull for at least 1-3 hours/day

Working Conditions

Work Environment(s): Indoor/Office Community Facilities/Security Outdoor Exposure

Member/Patient Facing: No Telephonic