Job ID: 72367

Department: IS&T Cyber Security

Location: Richfield, MN

Location: HP - Richfield 7601 Penn Ave Bldg

Position Type: Full-Time

Anticipated Work Schedule: M-F; DaysPosition may work remotely but will prefer local/regional candidates for occasional onsite needs.

Hrs/Pay Period: 80

HealthPartners is currently hiring for a Senior Application Security Analyst. We are a nonprofit integrated care delivery and financing system based in Bloomington, MN. At HealthPartners, you'll find a culture where we live our values of excellence, compassion, integrity, and partnership. By working together, we will improve health and well-being, create exceptional experiences for those we serve and make care and coverage more affordable. We seek colleagues who wish to help advance diversity, equity and inclusion and foster an environment where everyone feels welcome, included, and valued.
This position provides technical consultation for system and data security and assists in the coordination, development, and implementation of security controls to reduce and manage risk to computer-stored information assets. The analyst will audit and identify weakness and vulnerabilities to HealthPartners' data and systems, provide analysis concerning resolution to risks and consult with IT groups to ensure compliance of established security processes and controls. The analyst will also participate in the application development/major enhancement process to ensure that new systems are developed with a correct level of internal and external security; delegate implementation tasks to lower level analysts; and promote security awareness throughout the company.
Required Qualifications:

• Bachelor's degree or equivalent
• 5 years' experience in Information Technology
• 3 years' experience in Information Security
• 3 years of programming experience (Client and Server-side, in one or more of the following: Java, JavaScript, .NET, Python)
• Experience with Rapid 7 and Flash Nexpose
• Experience with Windows Server and/or Unix Server
• Excellent desktop tool proficiency including Microsoft products (e.g., Word, Excel, Access, and PowerPoint)
• Knowledge of the security aspects of multiple system platforms, operating systems, software communications, and network protocols.
• Experience coordinating projects.
• Knowledge of structured methodologies and standards such as ISO 27000, NIST, PMI, ITIL, CMMI, OWASP, and CoBit
• Knowledge of federal and state security-related legislation including HIPAA, PCI, JCAHO, NCQA

Preferred Qualifications:

• Experience with Git
• CISSP or CISA certification is highly preferred.
• Experience with ServiceNow.
• Experience with automation (e.g., PowerShell, XSOAR).
• Fortify and other SAST offerings.
• Kubernetes
• CI/CD Technologies (Tekton, Argo, Jenkins Pipelines)
• RDBMS & NoSQL DBs
• RESTful APIs

Hours/Location:

• M-F; Days
• Position may work remotely but will prefer local/regional candidates for occasional onsite needs.

Accountabilities:

• Promotes and implements IT's security program to ensure the confidentiality, integrity and availability of HealthPartners' network and infrastructure.
• Performs security forensic services; gathering and consolidating data artifacts.
• Partner with development teams to educate and review secure coding practices.
• Monitors security event reports and actions; ensuring the appropriate response is performed and coordinated.
• Provides IT security control guidance and interpretation to IT Application, IT Technical Infrastructure, and HealthPartners' staff and management.
• Provides security consultation on small to midsize projects.
• Updates Security Program documentation and recommends changes to the infrastructure to the Security Architect
• Promotes and educates staff on security principles and HealthPartners' policy and process.
• Assists with the coordination and development of system security enhancements.
• Documents vulnerability finding trends and provides recommendations for root cause resolution.
• May coordinate changes to the security infrastructure; ensuring change management processes are followed and the appropriate documentation is gathered.
• Assesses and documents security deviation requests to ensure the appropriate risk, impact, and approvals are captured.
• Assess third party alignment to HealthPartners' Security Standards.
• Gathers documentation and provides subject matter expertise for audit, regulatory requirements, and third parties.
• Maintains awareness of the latest developments in key areas of responsibility and presents opportunities that might benefit the organization.

HealthPartners is recognized nationally for providing outstanding care and experience for patients and members. We offer an excellent salary and benefits package. For more information and to apply go to www.healthpartners.com/careers and search for Job ID #72367.