Fulltime Information Security Analyst openings in Boston on September 10, 2022

Senior Information Security Analyst at Wells Fargo

Location: Boston

About This Role

Wells Fargo is seeking a Senior Information Security Analyst. IAM Ops audit support team is currently heavily involved in the control testing and documentation of controls for Segregation of Duties. This team are also heavily engaged in source file validation testing which is an on-going effort in Certification Completeness and Accuracy Testing.

In This Role, You Will
• Provide information security consultation to improve awareness and compliance with Enterprise Information Security policy, processes and standards
• Perform remediation of security assessment review issues, complex ad hoc data, and reporting to support information security risk management
• Provide guidance and direction in reviewing assessment findings and mitigating controls to optimize information security
• Identify and direct information asset portfolio reconciliations and certifications
• Provide advanced data aggregation and data of information security risk exposure
• Develop and deliver Information Security Education Awareness and Training in accordance with the Enterprise Information Security Program standards
• Review draft and proposed control standards for business impact and recommend modifications or clarifications as required
• Conduct security control testing and consultation with stakeholders
• Evaluate and interpret internal and Enterprise Information Security policies, processes and standards, and provide recommendations to improve them
• Collaborate and consult with peers, colleagues, and managers to resolve issues and achieve goals
• Interact with internal customers
• Serve as a mentor to less experienced staff
Required Qualifications, US:
• 4+ years of Information Security Analysis experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
Desired Qualifications:
• Strong verbal, written, and interpersonal communication skills.
• 3+ years of IAM (Identity and Access Management) experience.
• Ability to work effectively in a team environment and across all organizational levels, where flexibility, collaboration, and adaptability are important
• Demonstrated ability to work in a fast-changing team environment
• 3+ years of experience working with database queries
Job Expectations:
• Ability to think both conceptually and detailed as needed.
• Ability to work independently.
• Ability to negotiate to achieve desired goals with a successful outcome for all parties.
• Ability to identify challenges, anticipate obstacles, influence and set direction, and resolve issues.
• Excellent documentation and communication skills (written and spoken) including Senior Management.
We Value Diversity

At Wells Fargo, we believe in diversity, equity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran or any other status protected by applicable law.

Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit’s risk appetite and all risk and compliance program requirements.

Candidates applying to job openings posted in US: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Candidates applying to job openings posted in Canada: Applications for employment are encouraged from all qualified candidates, including women, persons with disabilities, aboriginal peoples and visible minorities. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process.

Reference Number

R-201418-1
Apply Here
For Remote Senior Information Security Analyst roles, visit Remote Senior Information Security Analyst Roles

********

Cybersecurity: Data Privacy Analyst at BFP Group

Location: Boston

Cybersecurity Analyst responsibilities include:
Monitoring computer networks for security issues
Investigating security breaches and other cybersecurity incidents
Installing security measures and operating software to protect systems and information infrastructure, including firewalls and data encryption programs
Job brief
We are looking for a Cybersecurity Analyst to join our team to protect our organization from cyberattacks by monitoring our systems and evaluating threats as they arise.

A Cybersecurity Analyst’s responsibilities include reviewing computer networks and identifying any potential vulnerabilities, installing the necessary software in order to protect it from unauthorized access, and documenting detections so that future breaches can be mitigated efficiently.

Ultimately, you will defend an organization’s computer hardware, software and other systems from theft, loss and other cyberattacks.
Responsibilities
Document security breaches and assess the damage they cause
Work with the security team to perform tests and uncover network vulnerabilities
Fix detected vulnerabilities to maintain a high-security standard
Stay current on Information Technology (IT) security trends and news
Develop company-wide best practices for IT security
Perform penetration testing
Help colleagues install security software and understand information security management
Requirements and skills
Proven work experience as a Cybersecurity Analyst or similar role
Experience in information security or related field
Experience with computer network penetration testing and techniques
Understanding of firewalls, proxies, SIEM, antivirus and IDPS concepts
Ability to identify and mitigate network vulnerabilities and explain how to avoid them
Bachelor’s degree in computer science or related field is preferred

Job Type: Full-time

Pay: $80,000.00 – $120,000.00 per year

Schedule:
Monday to Friday

Experience:
Linux: 1 year (Preferred)
Cybersecurity: 1 year (Preferred)
Information security: 1 year (Preferred)

Work Location: Remote
Apply Here
For Remote Cybersecurity: Data Privacy Analyst roles, visit Remote Cybersecurity: Data Privacy Analyst Roles

********

Lead Information Security Analyst – IAM Controls at Wells Fargo

Location: Boston

About this role:

Wells Fargo is seeking a Lead Information Security Analyst. This role is an individual contributor position that’s part of a team responsible for the assessment and adoption of Information Security Identity and Access Management (IAM) controls. The IAM organization owns and operates manual and automated controls to manage enterprise risk and reduce inappropriate access for organizational users. Frequent changes and updates to leveraged technology requires regular review of controls to confirm effectiveness as well as relevancy.

Keeping abreast of changing risk, internal policy and regulatory landscape is critical to this role as well. Engaging with internal lines of defense, key business and technology stakeholders, and control owners/operators is part of the daily routine for this position. As a Lead Information Security Analyst – IAM Controls resource, you will be responsible for the assessment, adoption and oversight of IAM operated controls related to IAM products and services.

You must be able to demonstrate in-depth knowledge of IAM controls and supported processes/procedures, risk assessment and controls testing methodologies across 3 lines of defense, and compliance and operational processes which includes successfully facilitating and completing associated deliverables. Knowledge of IT/IS control frameworks such as COSO, CoBIT, FFIEC and NIST is strongly encouraged as part of the benchmarking process that must also be supported by this role.

This role is also responsible for the identification and escalation of emerging risks resulting from controls test findings, including providing input to control design/execution along with control administration changes. Partnership and collaboration with enterprise Risk and Control System (SHRP) administrators is necessary to ensure that controls are kept up-to-date, testing results are recorded and any findings are validated and have requisite remediation action plans.

Familiarity with Risk and Control Self-Assessment (RCSA) processes and practices is foundational to ensure that IAM Controls resource has thorough understanding of how operational risks and the effectiveness of controls are assessed and examined.

In this role, you will:
• Maintain an advanced awareness of bank security policies and government regulations pertaining to information security
• Formulate and implement information security solutions and controls
• make decisions and resolve issues regarding changes to information security policy, standards, and procedures as needed for systems, applications and tool
• Provide advanced information security consultation for all aspects of information security compliance policy, risk management, and remediation
• Direct information security risk assessment and research, and recommend remediation plans and strategies
• Influence stakeholders on net new or on material changes to an asset to influence control decisions
• Provide consulting on security risk assessment and research, and recommend remediation plans and strategies
• Act as more experienced lead to the organization to develop security risk awareness and mitigating actions
• Consult the organization on complex security issues and findings
• Manage the most complex and critical information assets
• Evaluate and interpret internal and companywide information security policies, processes, standards, and participate with more experienced leaders in decision making on information security
• Serve as information security lead to advise on the development and delivery of Information Security

Education and Awareness
• Collaborate and consult with peers, colleagues, and mid-level to more experienced managers to resolve issues and achieve goals
• Lead projects and teams
• Coordinate with vendor manager on third party assets to manage information security risks
• Serve as a mentor to less experienced staff

Required Qualifications , US:
• 5+ years of Information Security Analysis experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 3+ years of IAM (Identity and Access Management) experience
• 2+ years of process improvement experience
Desired

Qualifications:
• 3+ years of Microsoft office suite experience such as PowerPoint, Excel, Outlook and Word
• 5+ years of experience working with information security controls and deployments in a production environment
• 3+ years of IAM (Identity and Access Management) experience with application on-boarding, certifications gement.
• 1+ years of information security architectural design and consulting experience
• Experience communicating and presenting complex information to multiple levels of the organization
• Strong time management skills and ability to meet deadlines
• Ability to work effectively, as well as independently, in a team environment
• Experience with synthesizing data from multiple sources and presenting it in appropriate formats
• Knowledge and understanding of information security management, audit, compliance and risk.
• Knowled…
Apply Here
For Remote Lead Information Security Analyst – IAM Controls roles, visit Remote Lead Information Security Analyst – IAM Controls Roles

********

INFO SECURITY ANALYST IV at Change Healthcare

Location: Boston

INFO SECURITY ANALYST IV

Change Healthcare is a leading healthcare technology company with a mission to inspire a better healthcare system. We deliver innovative solutions to patients, hospitals, and insurance companies to improve clinical decision making, simplify financial processes, and enable better patient experiences to improve lives and support healthier communities.

Overview of Position

Change Healthcare is looking for a Senior Information Security Analyst with a focus on Insider threats, for the Cyber Insider Threat Management team to assist with all aspects of the Insider Threat Program in order to protect Change Healthcare’s critical data and assets. The individual will have a solid understanding of the modern cyber security landscape with a strong background in intelligence gathering, data loss risks, and process documentation. Effectively defending Change Healthcare in this environment requires an in-depth knowledge of the tools, processes, and regulations surrounding investigations, forensics, data handling, and insider threat techniques.

What will be my duties and responsibilities in this job?
• Identifying operational and technical gaps that may result in data loss or compromise.
• Develop playbooks and operational guidelines for CITM and Incident Response.
• Provide in-depth analysis of assigned investigations or investigative leads resulting from monitoring tools.
• Present investigation finds in a concise and easily understandable format
• Automate process to more efficiently determine insider threats
• Evaluate DLP alerts for potential insider threats and create policies and rules to identify potential threats.
• Support the overall operational effort for CITM and incident response.
• Provide expert in-depth knowledge in collecting, analyzing, and escalating security events; responding to insider incidents, and/or collecting, analyzing, and disseminating insider threat intelligence

What are the requirements needed for this position?
• Bachelors degree or equivalent working experience
• Minimum of six years relevant in cybersecurity and Insider Threats technologies
• Minimum of three years in use and system administration of insider threat tools such as Splunk, Tanium, McAfee DLP, ZScaler.
• Proficient with Splunk, Tanium, ZScaler, McAfee, Windows, MAC, Server environments, Network topology, or Palo Alto firewalls,
• Familiar with insider threat indicators and how to monitor for them
• Familiar with data classification and discovery tools
• Ability to qualify for DoD clearance

What other skills/experience would be helpful to have?
• Ability to Interaction with all levels of leadership including C-level executives
• Familiarity with cloud technologies such as Microsoft Azure and Amazon Web Services, Google Cloud
• Proficient with Python or other relevant programing tools
• Proficient in Data Loss Prevention and DLP tools
• Proficient in dealing with ambiguity where all the pieces of an investigation are not revealed.
• Proficient with end point protection as it pertains to insider threats
• Ability to develop and track security metrics
• Proficient in handling highly sensitive situations with discretion and employ high ethical standards.
• Security Certifications a plus ( CISSP etc)
• Knowledge of other tools pertaining to Data Loss Prevention a plus.
• Hands on analysis for insider threat investigations to include evidence collection, forensics, evidence custody, leveraging DLP, UBA, SIEM, EDR and other tools.
• Self starter with the ability to work independently and interdependently with other team members or groups.
• Utilizing advanced knowledge of tools, techniques and the environment, represent CITM in incident response triage meetings.

li-remote

Diversity and Inclusion:

•At Change Healthcare, we include all. We celebrate diversity and inclusivity, respect each other and value our unique experiences. By being our authentic selves, we bring different perspectives into our work and relationships.•Business Resource Groups (BRGs) play a central role in advancing diversity and inclusion at Change Healthcare. They deepen our understanding of different cultures, people, and experiences, and help foster an inclusive workplace. Change offers eight (8) BRGs. Learn more at ~~~ Feeling Inspired? Ready to #MakeAChange? Apply today!

COVID Vaccination Requirements

We remain committed to doing our part to ensure the health, safety, and well-being of our team members and our communities. As such, we require all employees to disclose COVID-19 vaccination status prior to beginning employment and, when j ob-related and consistent with business necessity , we may require periodic testing for certain roles. Some roles require full COVID-19 vaccination as an essential job function. Change Healthcare adheres to COVID-19 vaccination regulations as well as all client COVID-19 vaccination requirements and will obtain the necessary information from candidates prior to employment to ensure compliance.

Equal Opportunity/Affirmative Action Statement

Change Healthcare is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, genetic information, national origin, disability, or veteran status. To read more about employment discrimination protections under federal law, read EEO is the Law at ~~~ and the supplemental information at ~~~.

If you need a reasonable accommodation to assist with your application for employment, please contact us by sending an email to ~~~ with “Applicant requesting reasonable accommodation” as the subject. Resumes or CVs submitted to this email box will not be accepted.

Click here ~~~ to view our pay transparency nondiscrimination policy.

California (US) Residents: By submitting an application to Change Healthcare for consideration of any employment opportunity, you acknowledge that you have read and understood Change Healthcare’s Privacy Notice to California Job Applicants Regarding the Collection of Personal Information (~~~) .

Change Healthcare maintains a drug free workplace and conducts pre-employment drug-testing, where applicable, in accordance with federal, state and local laws.

Change Healthcare is an equal opportunity employer. All qualified applicant will reveive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, genetic information, national origin, disability, or veteran status.
Apply Here
For Remote INFO SECURITY ANALYST IV roles, visit Remote INFO SECURITY ANALYST IV Roles

********

Information Security Analyst at Boston IT Services

Location: Boston

Job DescriptionBoston IT Services (BITS) is a premier information technology and security firm with offices in Boston and San Francisco.We are a tightly knit team of passionate professionals with big career goals. If you think differently, solve creatively, and love to connect with people, we want you to join our mission of digging deep and proving how meaningful IT services can be. An ideal candidate will be highly motivated to master the foundational elements of information technology and grow into a leadership role with many avenues for success.Core Responsibilities:Staying current with all matters relating to application, database, and network securityEnsuring data privacy and securityVulnerability managementEvaluating output from various security monitoring toolsPlanning and implementing remediation and/or mitigating controlsCarrying out security-based risk assessmentsPlanning and implementing remediation and/or mitigating controlsAdvising on any potential risk acceptanceIdentity and access managementImplementing controls and working with other teams to ensure appropriate access to corporate assetsMaintaining knowledge of security/regulatory concepts such as least privilegeIncident response and managementProviding security feedback and expertiseImplementing any controls needed to end the current incident and protect against future occurrencesMaintaining security-related documentation, processes, and proceduresDesigning, implementing, and maintaining secure system configurationsAddressing the security questions and concerns of both external and internal stakeholdersRequirements2 years of applicable work experienceSecurity specific certifications preferred: Security+, GISF/GSEC, etc.Knowledge and awareness of applicable information security standards, guidelines, regulations, and industry standard best practices: CIS Controls, NIST 800-53A, COBIT, etc.Experience with information security tools and techniquesAbility to identify and work with application and system experts from around the company to help identify and remediate vulnerabilitiesAbility to work with various monitoring resources to understand current security threats and engineer solutionsStrong analytical, reasoning, and problem-solving skills and technical aptitudeExceptional written and verbal communication skillsAbility to work well with stakeholders and interested parties of varying position and tenureDemonstrated experience implementing security initiatives that require partnership with other IT areas and business unitsAbility to use discretion when handling confidential informationExceptional project management and organizational skillsAbility to learn new tools and technology quicklyPhysical Requirements:Work is primarily knowledge-worker oriented using computer systems. Occasional exertion and lifting of up to 20 pounds to move office or computer equipment. Occasional crawling, kneeling, and squatting. Constant use of computer (keyboard/mouse), and phone. Occasional travel (car). Occasional exposure to outdoor environmental conditions as a result of travel.Some of the things our team members enjoy:Competitive wages | The salary range is expected to start 20% higher than market. Our offer will be determined by multiple factors including candidate experience and expertise and may vary from the amount listed above.Generous benefits for you and your family including Health, Dental, Vision, Life, Disability Insurance, HSA & 401(k) employer contributionsMaternal and paternal leaveGenerous paid time off programSustainable work-life balance and flexibilityYearly work anniversary rewardsFun company events, including monthly happy hours, ping pong night, and more! We are proud to be recognized as one of the top workplaces in Boston. In fact, it’s BITS team members themselves who say our company is a great place to work. We’ve created an inviting workspace that fosters a culture of collaboration, inclusion, innovation, and excitement.
Apply Here
For Remote Information Security Analyst roles, visit Remote Information Security Analyst Roles

********

Senior Cybersecurity Analyst at Belden

Location: Boston

The Senior Cybersecurity Analyst role is an exciting role, where you will be able to flex your interpersonal, entrepreneurial and technical skills across an international organization. Leadership, communication and collaboration skills are key to success in this role, as is in depth cybersecurity experience. The Senior Cybersecurity Analyst is a critical member of the Information Security team. This position performs broad set of functions for the enterprise, including developing and aligning securitypolicy/programs with strategy, proactively and reactively assessing threats, and optimizing the operations of the enterprises cybersecurity solutions.

The SSA is expected to interface with and influence stakeholders, business leaders and peers to solicit their involvement in security and adoption of policies and processes through information sharing and cooperation. This a senior role that requires an individual with a strong balance of technology knowledge and communication skills, as they will work with both business management and the IT organization to align security priorities with key business objectives. Expertise in leading collaborative project teams and developing/managing projects is essential for success in this role. Must be able to prioritize work efforts and balance operational tasks with longer-term risk reduction efforts. This role reports directly to the Director of Cybersecurity.

Responsibilities:

(40%) Process and Program Management

Implementation and administration of enterprise cyber security projects and programs to achieve the strategic cybersecurity roadmap

Collaborate with Technology and Internal Audit partners to develop control rationalization strategies; ensuring identified control deficiencies are remediated or documented

Collaborate with Technical, Business Teams and Senior Leadership to gain agreement for enterprise adoption of Security Policies & Standards

Write procedures and guidelines as well as oversee and/or provide training required to clarify policies and standards

Collaborate with Security and IT leadership, Legal, HumanResources and law enforcement agencies to manage security issues and inquiries

Research current and futureregulatory and compliance requirements including state and international laws

Assess environment for compliance to internal policies and standards, and external compliance requirements

Escalate and communicate control deficiencies to systems and business owners as required

When necessary, lead development and publication of Information Security Policy, standards, compliance requirements, and controls

(20%) Operational and Strategic Initiatives

Create and maintain metrics/measurements to highlight the current risk management posture and security organization effectiveness

Support Director of CyberSecurity to develop Security Program messaging for broader associate community, Board of Directors, Cyber Insurance, and other security communication initiatives

Collaborate in leading a global cybersecurity governance team across the Belden ecosystem, liaising appropriately with peers in IT groups as well as various business groups to ensure understanding of security goals and to foster cooperation

(40%) Technical Management and Oversight

Oversee the vulnerability management program, drive operational improvements across scope of control

Manage exception processes as required

Oversee and administer Security Information and Event Management (SIEM) system, designing andimplementing process and technology to ensure alerts are dispositioned as defined in standard operating procedure

Select and acquire additional security solutions or enhancements to improve overall enterprise security posture as per the enterprises existing procurement processes

Ensure appropriate integration and documentation

Ensure the confidentiality, integrity and availability of the data residing on or transmitted to/from/through enterprise workstations, Servers and other systems and in databases and other data repositories

Required Skills and Experience

Strong written and verbal communication skills

Ability to influence senior management

Demonstrated ability to communicate complex problems and issues in a concise manner to a variety of audiences

Ability to handle multiple projects and tasks, make decisions and solve problems.

Strong project management skills and ability to lead cross functional teams to accomplish established goals

Extensive experience in enterprise security document creation and/or oversight

Bachelors degree in Computer Science, Information Systems or an equivalent combination of education and experience.

Minimum of 7-10 years security administration experience

Demonstrated security proficiency in applied industry security protocols and systems forensics/ability to parse logs for environment change detection

Experience in enterprise security architecture

Interpret guidelines and analyze factual information to develop and deploy, adapt, or modify processes in response to changing circumstances

Proven ability to work under stressful conditions, may require 24/7 incident supportInitiative and ability to self-direct
Apply Here
For Remote Senior Cybersecurity Analyst roles, visit Remote Senior Cybersecurity Analyst Roles

********

Security Analyst at Synergy BIS

Location: Boston

Synergy is seeking a Security Analyst. The candidate will work for the engineering division that supports developing and managing a suite of enterprise services and applications. As a member of the DevSecOps team, the candidate will focus on integrating security requirements with automated testing, code integration, and deployment processes and procedures. The candidate will work closely with our Development, DevOps, Support, and Administrative teams in an agile environment to manage a backlog of requirements, epics, stories and roadmaps for delivery.

Responsibilities:
• Execution of Risk Management Framework
• Perform Security Impact Assessment for all application and environment updates
• Counsel to ensure auditing, testing, preventive and reactive measures are being adequately implemented for systems with an active Authorization to Operate (ATO).
• Coordinate between multiple teams to ensure user stories have accurate and specific acceptance criteria that support compliance and control requirements.
• Develop an in-depth understanding of customer requirements to quantify security and application risks, and perform impact assessments
• Identification, authoring, and monitor of necessary controls to achieve and maintain compliance
• Oversight, expertise, technical security strategy, standards, and best practices for security categorizations (low, moderate and high).
• Reviews, testing and implementation of security requirements within project plan timelines.
• Research and tracking of security standards, policies, and procedures.
• Support for multiple project assignments with strong and effective communication, time management and collaboration skills.

Required Qualifications:
• Documented experience executing Risk Management Framework (RMF, NIST-800-53)
• Control identification, definition, implementation, and monitoring
• 3+ years of experience with agile software development
• General knowledge of security best practices and compliance requirements
• Knowledge of Risk Management Framework and other security and cyber security related frameworks
• Knowledge of NIST, FISMA, and other applicable guidance
• Excellent organizational and communication skills are mandatory for various stakeholder audiences
• Experience collaboratively establishing secure configuration baselines for technologies
• Knowledge or experience with conducting Assessment and Authorization (A&A) and Continuous Monitoring following NIST guidelines
• Knowledge or experience developing security documentation and conducting reviews for A&A packages
• Review and verify policies and procedures are developed in line with all applicable federal and LOC security standards and regulations
• Maintain, track, and communicate detailed project tasks
• Manage initial and reauthorization System Assessment and Authorization (SAA)/Security Controls Assessment (SCA) task and milestone, task dependencies for low, moderate, and high security systems
• Develop and update security documentation including but not limited to:
• Privacy Threshold Assessment (PTA)/Privacy Impact Analysis (PIA)
• Business Impact Assessment (BIA)
• Contingency Plans (CP)
• Configuration Management Plan (CMP)
• Change Management Plans, Incident Response Plans (IRP)
• Plan of Action and Milestones (POA&Ms)
• Security Assessment Reports (SAR)
• Memorandum of Understanding/Interconnection Security Agreement (ISA)
• Categorize and determine baseline IT security requirements in accordance with FIPS 199
• Identify and visually demonstrate system boundaries, select security controls, and ensure implemented controls are adequate for COTS or proprietary web applications. Provide recommendations as necessary to meet or improve controls
• Ensure security policies are developed, maintained and updated to meet IT security best business practices and standards, including Federal Info Security Management Act (FISMA), and National Institute of Standards and Technology (NIST) 800-53 – IPS federal info processing standard
• Be able to review security scans, advise on triaging vulnerabilities, and be able to provide recommendations on mitigating security risks
• Assist with testing and training functional teams, and advise them on providing security implementation evidence as necessary
• Assists with documenting and managing artifacts in Atlassian Suite (JIRA, Confluence) and CSAM security repositories, including but not limited to writing implementation statements
• Assists Information Systems Security Managers (ISSMs) in generating ATO packages
• Conduct continuous monitoring and reporting of security control implementations
• Must evaluate business strategies and requirements to develop security strategies, assess risk, research standards, and determine security requirements as necessary
• Track and coordinate POA&M remediation activity with different functional teams across multiple systems
• Experience with security tools such as (but not limited to) SIEMs and Static Code Analyzers
• Other duties as assigned
• Must have active certification in at least one of the following:
• CAP
• CASP CE
• CISM
• CISSP
• GSLC
• Must be clearable to a Secret clearance
• Must be a U.S. citizen or foreign citizen authorized to legally work in the United States
• Must pass a background investigation

Preferred Qualification:
• 5+ years’ experience in an enterprise security role
• Experience in DevSecOps
• Familiarity with FISCAM Audit Process and FIAR Compliance
• Proficient in the Atlassian suite of agile tools: Confluence and Jira
• Working with BPM (Business Process Management) application
• Working with API services
• Experience with security tools such as STIG Viewer and vulnerability scanners
• Experience with Java and other programming languages
• Experience with Federal Government systems
• DoD experience preferred
Apply Here
For Remote Security Analyst roles, visit Remote Security Analyst Roles

********

Sr. Lead Information Security Analyst – File Integrity Monitoring at Wells Fargo

Location: Boston

At Wells Fargo, we are looking for talented people who will put our customers er of everything we do. We are seeking candidates who embrace diversity, equity and inclusion in a workplace where everyone feels valued and inspired. Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.

About this role:

Wells Fargo Information and Cyber Security (ICS) File Integrity Monitoring is looking for a Sr. Lead Information Security Analyst. Learn more about the career areas and lines of business .

Wells Fargo is seeking a Senior Lead Information Security Analyst that will be responsible for leading the design and adoption of File-Integrity Monitoring/Unauthorized Change Detection capabilities within the Information & Cyber Security organization. The individual will engage with teams across Technology to understand the requirements, identifying appropriate tooling, and define a roadmap for adoption. The individual will work to tailor engagement based on needs and measure and report adoption to senior management.

In this role, you will:
• Define a process to on-board ins-cope assets to File Integrity Monitoring/Unauthorized Change detection tool(s).
• Document requirements for asset owners to review and respond to unauthorized change alerts, including appropriate escalation procedures by risk
• Define requirements and work with metrics team to create meaningful metrics that measure the adoption/successful onboarding and alert resolution
• Define procedures for reporting and escalation of non-compliance to onboarding.
• Work with technical engineers to tune detection capabilities.
• Define communications plan to engage with application teams to support understanding of FIM and expectations for unauthorized change detection review.
• Develop roadmap for onboarding applications.
• Provide vision, direction, and expertise to senior leadership on implementing innovative ways to perform unauthorized file detection.
• Ensure impacted teams have the necessary training to be successful
• Serve as an advisor to senior leadership and professionals and managers at different levels of the organization.

Required Qualifications , US:
• 7+ years of Information Security Analysis experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 3+ years designing and implementing security controls
Desired

Qualifications:
• Certified Information Systems Security Professional (CISSP) certification
• Certified Information Security Manager (CISM) certification
• Prior experience implementing technical controls
• Demonstrated ability to influence key stakeholders
• Familiarity with technology used to perform File-integrity monitoring
• Familiarity with key technology platforms including Windows and Linux Operating Systems
• Clear, concise communicator
• Motivated, self-starter
• Ability to communicate technical concepts to individuals not as technical
• Experience in Financial Services sector preferred
Pay Range

$120,400.00 – $250,000.00 Annual

Benefits
• Information about Wells Fargo’s employee benefits
We Value Diversity

At Wells Fargo, we believe in diversity, equity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran r status protected by applicable law.

Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions.

There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit’s risk appetite and all risk and compliance program requirements.

Candidates applying to job openings posted in US:
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Apply Here
For Remote Sr. Lead Information Security Analyst – File Integrity Monitoring roles, visit Remote Sr. Lead Information Security Analyst – File Integrity Monitoring Roles

********

Security Engineer II at SonicJobs

Location: Boston

Must-have:

– Vulnerability Management (Tenable or equivalent technology) and/or

– CyberArk/CyberArk EPM

Nice to have:

– SIEM (LogRhythm or equivalent technology)

– EDR – CrowdStrike/SentinelOne

– Azure

BASIC PURPOSE:

The Security Engineer II is a senior level technical resource in Information Security and is responsible for the implementation and effective and efficient maintenance of related technologies. In addition, this individual has practical knowledge of Information Technology at large, with an understanding of related disciplines and how they interoperate. The Security Engineer II is an active participant and contributor in implementation and troubleshooting efforts and aids in design efforts.

PRINCIPAL RESPONSIBILITIES:
• Serves as a subject matter resource in the field of Information Security, maintaining a strong understanding of the field and its related technologies.
• Provides technical support to ensure the ongoing efficient and reliable operations of related information systems.
• Proactively develops and maintains knowledge of the company’s information systems and their related components, and makes recommendations to improve the reliability, scalability, performance, or security of these systems as appropriate.
• Leverages technology to automate manual tasks and seeks to improve efficiency wherever practicable and appropriate. Makes recommendations for process improvements.
• Aids in the development of, and enforces and maintains Information Security controls, procedures, and standards.
• Works and manages projects of moderate to advanced complexity under minimal supervision. Allocates resources and budgets to meet project needs.
• Collaborates with other IT and business groups, and readily shares information to resolve problems.

JOB REQUIREMENTS:
• Bachelor’s degree or equivalent experience in a related technical field.
• Five or more years of Information Security-specific experience.
• CISSP preferred.
• Demonstrated proficiency in and knowledge of implementation and post-production support for at least one Information Security related technology.
• The company’s job descriptions reflect management’s assignment of essential functions, which may be subject to change at any time due to constantly changing business needs.
• Strong analytical, problem solving, writing and organizational skills; ability to work effectively under pressure.
• Demonstrated ability to interact, build relationships, and communicate well with members of team and management; makes effective presentations.

Ability to multitask and shift priorities when necessary.

Must-have:

– Vulnerability Management (Tenable or equivalent technology) and/or

– CyberArk/CyberArk EPM

Nice to have:

– SIEM (LogRhythm or equivalent technology)

– EDR – CrowdStrike/SentinelOne

– Azure

BASIC PURPOSE:

The Security Engineer II is a senior level technical resource in Information Security and is responsible for the implementation and effective and efficient maintenance of related technologies. In addition, this individual has practical knowledge of Information Technology at large, with an understanding of related disciplines and how they interoperate. The Security Engineer II is an active participant and contributor in implementation and troubleshooting efforts and aids in design efforts.

PRINCIPAL RESPONSIBILITIES:
• Serves as a subject matter resource in the field of Information Security, maintaining a strong understanding of the field and its related technologies.
• Provides technical support to ensure the ongoing efficient and reliable operations of related information systems.
• Proactively develops and maintains knowledge of the company’s information systems and their related components, and makes recommendations to improve the reliability, scalability, performance, or security of these systems as appropriate.
• Leverages technology to automate manual tasks and seeks to improve efficiency wherever practicable and appropriate. Makes recommendations for process improvements.
• Aids in the development of, and enforces and maintains Information Security controls, procedures, and standards.
• Works and manages projects of moderate to advanced complexity under minimal supervision. Allocates resources and budgets to meet project needs.
• Collaborates with other IT and business groups, and readily shares information to resolve problems.

JOB REQUIREMENTS:
• Bachelor’s degree or equivalent experience in a related technical field.
• Five or more years of Information Security-specific experience.
• CISSP preferred.
• Demonstrated proficiency in and knowledge of implementation and post-production support for at least one Information Security related technology.
• The company’s job descriptions reflect management’s assignment of essential functions, which may be subject to change at any time due to constantly changing business needs.
• Strong analytical, problem solving, writing and organizational skills; ability to work effectively under pressure.
• Demonstrated ability to interact, build relationships, and communicate well with members of team and management; makes effective presentations.

Ability to multitask and shift priorities when necessary.
Apply Here
For Remote Security Engineer II roles, visit Remote Security Engineer II Roles

********

Security Operations Analyst III – Remote at HealthEquity, Inc.

Location: Boston

We are looking for an experienced cybersecurity ninja to join HealthEquity’s security operations program. Reporting to the Senior Director, Security Operations Center, this role will perform hands-on analysis, detection, response, and forensics. This individual will be a key contributor to the security operations program in safeguarding information systems and assets by identifying and solving potential and actual security events and incidents. This role includes leading analysis efforts across our cyber, DLP, fraud, and privacy functions. This role will be a key contributor to developing detection, cyber intelligence, monitoring, and will provide operational oversight in one or more of these areas. The HealthEquity Risk & Security Team, led by the Chief Security Officer, is a converged security program with responsibility for information/cybersecurity, physical security, privacy, fraud, enterprise risk, and incident/crisis management. If you’re collaborative, driven and passionate about security and enjoy solving complex problems, we want you to join our team.

What you’ll be doing
• Operate security monitoring, investigation, and reporting tools
• Provide daily operational oversight of incidents and alerting from multiple platforms
• Lead incidents including analysis as required for cyber, DLP, fraud, and privacy functions
• Own technical development in one or more of the following areas: Detection, Cyber Intelligence, Monitoring, Analysis, Purple Team
• Identify necessary tools or processes to improve the efficacy of the team
• Receive, analyze, and respond to alerts, to include after hours, holidays, and weekends during incidents or priority events
• Coordinate with Managed Security Service Provider(s) to investigate events and incidents
• Design and coordinate the build out of the Security Operations Center processes and procedures
• Develop and maintain the Security Operations Center framework
• Augment detection capabilities of the SIEM tool
• Provide security reports and metrics
• Perform incident identification and triage according to NIST standards
• Assist with annual Security Incident tabletop testing
• Perform network and host forensics in response to security events and incidents
• Analyze malware and other attacker Tactics, Techniques, and Procedures in response to security events and incidents
• Provide on-the-job training, mentoring, and guidance/oversight for new and/or junior analysts
• Develop and maintain processes for security operations
• Perform threat hunts in addition to developing and maintaining threat hunting strategies
• Maintaining understanding of current events, latest threats, and industry trends relating to information security
• Performs other duties as assigned or apparent.

What you will need to be successful

Education:

Knowledge of basic IT and cybersecurity procedures and frameworks, or a closely related field as normally obtained through the completion of a High School Diploma/Bachelor’s Degree in Computer Science, Engineering or a related technical field (or commensurate experience)

Work Experience or Related Experience:

Offer Experience should include leading and coordinating incident response efforts in relation to information security events, chronologically summarizing incidents and document incident reports, leading analysis and remediation efforts among various teams within the organization, managing process documentation, providing metrics to leadership, standing up meetings and incident coordinating for information security incidents

Specialized Knowledge, Skills & Abilities
• Strong analytical ability
• Ability to apply critical thinking skills
• A strong customer service orientation is essential
• Strong communication and written skills
• Ability to lead and independently triage, analyze, and respond to information security alerts, including decision making
• Strong knowledge of information security standards and industry best practices
• Experience writing reports and documenting events/incidents/investigations
• Experience in environments with similar complexity and regulatory profiles to HealthEquity, spanning financial services, financial technology, and healthcare preferred
• Builds constructive relationships with internal and external stakeholders, and mentors security operations analysts
• An aptitude for learning is also critical for success in this role, as well as a demonstrated ability to adapt to the changing demands of business

Benefits and perks
• Medical, Dental, Vision
• 401(k) match
• Paid Maternity/Paternity leave
• Ongoing education
• Tuition Assistance
• Gym/Fitness Reimbursement
• Purple with Purpose (paid volunteer time off)
• HSA contribution and match
• On site Lunch and Learns
• Award winning Wellness Program
• Consumer Driven Healthcare (CDH) education

Why work for HealthEquity

HealthEquity has a vision that by 2030 we will make HSAs as wide-spread and popular as retirement accounts. We are passionate about providing a solution that allows American families to connect health and wealth and build health savings for life. Through our innovative technology and superior service delivery, our members gain valuable insights to better save and spend their healthcare dollars.

We firmly believe that our team members drive the success of this company. We hire passionate contributors who enjoy the thrill of pioneering their positions to their full potential. Join us and discover a work experience where the person is valued more than the position, and where are our purple culture drives a remarkable experience.

Our advice to you

HealthEquity is fiercely focused on hiring passionate individuals to contribute to our purple culture. If you speak passion, excellence, service, ambition, fun we want to speak with you! We believe that your personality is as important as your experience and qualifications so when we do have the opportunity to speak together, be authentic, be genuine, be you! Showcase your experience and your passion.
Apply Here
For Remote Security Operations Analyst III – Remote roles, visit Remote Security Operations Analyst III – Remote Roles

********

The Tech Career Guru
We will be happy to hear your thoughts

Leave a reply

Tech Jobs Here
Logo