Job Details

ID #45955127
State Minnesota
City Minneapolis / st paul
Job type Contract
Salary USD TBD TBD
Source Tanson Corp
Showed 2022-09-24
Date 2022-09-24
Deadline 2022-11-22
Category Healthcare
Create resume

C2H - Application Security Analyst (CSSLP, Penetration Testing, CICD, Jenkins, GitHub, AWS) - Remote

Minnesota, Minneapolis / st paul, 55401 Minneapolis / st paul USA

Vacancy expired!

Description: APPLICATION SECURITY ANALYST This position is responsible for performing security architecture assessments of applications developed in house and working with development teams to adopt application security tools and processes. General Position Summary As part of 'defense in depth,' an organization's technology resources must be evaluated to ensure they are designed, deployed, and operated in a manner that secures the organization's data. This role performs technology assessments from an IT security perspective, while ensuring the outcome supports business goals and processes. Position leverages deep IT infrastructure operations and IT security knowledge to identify security risks in a complex enterprise environment. Client's health care delivery organization is expanding rapidly, and this position has a unique opportunity to impact the organization's risk posture. This position collaborates with IT, business partners, and third parties to protect the company's information assets consistent with the HIPAA Security Rule and company policies. Primary Responsibilities Perform security assessments for new hardware and software being introduced into client, according to IT risk framework. Examples of technologies in scope include medical devices, IoT devices, web applications, locally installed software, and APIs. Identify and assess legacy technologies and collaborate with business partners to create remediation plans for identified gaps. Collaborate with requesters and vendors to complete required documentation, providing context for requested information where needed. Create architectural diagrams when needed to understand the environment in which the hardware or software will operate. Create standard configurations for products used by multiple care delivery organizations (CDOs). Synthesize information from various sources such as architectural diagrams, data flow diagrams, MDS2's, certifications, Statements of Work (SOWs), User Installation guides, and questionnaires to produce a cohesive assessment. Clearly communicate findings to IT and business partners, including implementation and operational requirements. Partner with project managers to ensure assessment requirements are included in project plans. Monitor project progress for changes which may impact the original assessment. Partner with vendor to determine appropriate remediation steps for unacceptable risk. Help risk owner submit a risk acceptance request, if needed. Provide peer review of assessments for other team members. Advocate for technology assessment, providing context to business and IT partners for criticality of the process. Employ influencing skills to obtain buy-in and participation from various groups and stakeholders without direct control. Keep accurate records to maximize efficiency of assessment process. Contribute to improvement of assessment tools and processes. On occasion, perform vendor assessments to ensure third parties maintain security controls in proportion to data they may use or disclose. Stay current on security topics and technology developments to identify emerging vulnerabilities and threats. Research unfamiliar technologies and help develop assessment standards to be included in risk framework. Serve as security Subject Matter Expert (SME) in ad hoc security discussions and change approval boards. Required Qualifications: Bachelor's degree; prefer computer- or technology-related field. Strong understanding of fundamental information security concepts and infrastructure operations. Experience identifying and assessing technology risks. Understanding of third-party risk assessment processes. Familiarity with IT risk management concepts and risk assessment procedures. Familiarity with creating architectural diagrams. Understanding of Information Security frameworks including HITRUST, NIST, and ISO. Experience working in a regulated environment, prefer familiarity with HIPAA Privacy and Security Rules. Critical thinking and problem-solving skills. Ability to balance security and business needs. Ability to build and maintain collaborative relationships with partners, clients, and peers Ability to communicate technical information to non-technical associates, inside and outside the company, at all levels of the organization. Ability to multitask and manage multiple complex assignments. Ability to work effectively in a large, fast-paced and rapidly changing organization. Ability to work independently and as part of a team. Committed to continuous improvement and innovation. Strong work ethic with attention to detail. Proficient verbal and written communication skills. Preferred Qualifications IT Certification such as CISSP, HCISPP, or CEH; or must be completed within six months of hiring. Job Keywords: Application Security Analyst, Application Security Engineer, Security Engineer, CSSLP, OCSP, CEH, SAST, DAST, IAST, SCA, Penetration Testing, CICD, Jenkins, GitHub, AWS, Azure, Google Cloud Platform, Salesforce, OWASP, Agile, SDLC, SSDLC, Healthcare, Security Assessments, LOCATION: Remote Cannot provide sponsorship upon conversion.

Vacancy expired!

Subscribe Report job