Fulltime Information Security Analyst openings in Portland on September 04, 2022

Information Security Analyst at Camden National Bank

Location: Portland

• re looking to build your career at a forward-thinking organization with deep community roots and a vision for growth, success, and giving back, you
• ve come to the right place.
• The Information Security Analyst will need to provide accurate and timely administration, monitoring, and reporting of systems and potential risks related to the company.
• In addition, the position will lead efforts to support the banks Business Continuity Plan /Business Impact Analysis documents, oversee firewall administration & change management, provide email support, and education Stakeholders to keep the company in compliance with regulations and policies.
• This position offers the flexibility to work remotely from home anywhere in Maine or come into a Camden National Bank location!
• Essential Duties and Responsibilities: Responsible for information security related education and awareness initiatives for the company.
• This will ensure Stakeholders are up to date on expectations and processes at a corporate and departmental level.
• Coordinate, monitor and test the Corporation
• s information security controls, including Spamwall and Firewall administration to ensure compliance with the Information Security Policy, and prepares management reports on results.
• Ensure appropriate planning, documentation, scheduling, and testing of the Corporation
• s Business Continuity Plan and Business Impact Analysis.
• Responsible for the development, implementation, monitoring, and maintenance of the Corporation
• s information security policies, procedures, standards, and guidelines.
• Technical project lead for Information Security initiatives.
• Oversee daily administration of information security systems that includes firewalls, spam filtering, SIEM, and other perimeter security systems.
• Ensure the Corporation
• s logical access rights testing program is up to date, and for reporting test results and related corrective recommendations to management.
• Maintain and document the Corporation
• s social engineering testing, including reporting results and remediation.
• Lead Cybersecurity vulnerability remediation efforts for network devices and systems.
• Review the firewall ticketing system and document effective change management controls.
• Ensure compliance with the Corporation
• s Information Security Policy, GLBA, Dodd Frank, and other regulatory governance through compliance testing, remediation, and departmental education.
• Maintain the current information/documentation to support the Corporation
• s FDICIA/SOX reporting, internal audits, and regulatory reviews.
Apply Here
For Remote Information Security Analyst roles, visit Remote Information Security Analyst Roles

********

Principal Information Security Analyst at Providence

Location: Portland

Description:

Providence has an opening for a Principal Information Security Analyst at our location in Irvine, CA (open to Portland, Seattle as well as Irvine).We are seeking a Principal Information Security Analyst who will be the senior-most individual contributor position on the Information Security Services team, supporting enterprise and regional requirements.
He/She possesses breadth and depth of expertise across security, risk management and related domains.

They are expertly skilled in planning, managing and delivering all aspects of a significant program or subject area, and are a proven leader.

The Principal Information Security Analyst will be assigned responsibilities commensurate with that position of seniority, knowledge and experience and lead significant aspects of the system-wide Information Security program, including development, ongoing planning and execution of the roadmap for their program domain(s).
They are expected to provide thought leadership to the organization in areas such as, but not limited to:

information security frameworks, business continuity management, reporting and metrics, security risk management, Information and technology protection, information security training, data loss prevention, Information security policy and standards, regulatory/contractual requirements (NIST, PCI, HIPAA, CIS, SOCII, CSA), planning, mitigation, physical security, and/or crisis and incident management.

The Principal Information Security Analyst is able to translate strategy into tactical plans then achieve its milestones, determining resource needs and coordinating the work of a cross functional team, often in a lead role.

They are responsible for overseeing and coordination of all aspects of a significant domain(s) within the information security program ranging from business requirements and detailed planning (schedule, scope, budget) to on-time completion of deliverables to QA criteria and testing and ongoing metrics and reporting.

He/She works fairly autonomously to proactively develop enterprise security methodologies and implement enterprise-wide processes that address and show adherence to regulatory requirements, and that reduce risks to the organization while driving efficiencies.
They formulate and lead interdisciplinary teams to identify, assess and address security risks.

They are recognized both within Enterprise Information Security and by business units as an authoritative subject matter expert for their assigned domains and have a strong understanding of how the security programs support and effect the organization.

The Principal Information Security Analyst will create and utilize various tools and methods to provide support to end users, technology teams, projects and business leaders on a regular and ad hoc basis.
Responsible for working collaboratively and effectively with project sponsors, Regional Information Security Officers, IT site directors, regional leaders and project managers to assess, analyze and develop information security related business needs and requirements for potential this position you will have the following responsibilities:
• Identify, develop, and implement needed enterprise-wide security programs and projects that include budget, resource plans, work-plans, schedules and supporting training and documentation. Readily able to translate strategic direction into a concrete action plan with milestones and success criteria. Works proactively with minimal supervision / provides leadership for cross functional teams.
• Plans and leads the work of others. Works proactively with minimal supervision and collaborates across organizational boundaries.
Routinely interfaces with business and technology leaders and sponsors to:
• Identify, develop, and implement needed enterprise-wide security programs and projects that include budget, resource plans, work-plans, schedules and supporting training and documentation.
• Develop business and technical requirements; create use cases, test cases and QA criteria to support project implementation while driving health system objectives relative to standardization, integration, efficiency and regulatory compliance.
• Manage completion of deliverables of assigned resources in cross-functional project teams, often for concurrent projects. Serve as ISS liaison for new system implementations and enhancement projects.
• Facilitate /coordinate resources required for system implementations.
• Drive /coordinate departmental organizational and operational transformation initiatives. Manages initiatives that support the creation and implementation of operational support models, availability models, system portfolios, service delivery playbooks, service dashboards (key performance indicators, key risk indicators) and system inventory financial portfolios. Leads teams to drive ongoing process improvement and optimization of these initiatives.
• Creates, documents, implements and manages procedures and processes that ensure security control effectiveness.
• Develops and maintains documentation for all assigned responsibilities.
• Drives/coordinates resources assigned to security initiatives in support of Information Services (IS) and other departmental transformation initiatives.
• Facilitates/coordinates resources required for system implementations.
• Manage, coach, mentor, and develop functional team, including identification of training needs and recommending development programs.
• Recruits, leads, trains and inspires a diverse group of individuals
• Translates strategic directions and guidance into tactical plans, processes, and tools to achieve the strategic outcomes.
• Prioritize work, delegate tasks and effectively address difficult situations.
• Drives /coordinates departmental organizational and operational transformation initiatives. Manages initiatives that support the creation and implementation of operational support models, availability models, system portfolios, service delivery playbooks, service dashboards (key performance indicators, key risk indicators) and system inventory financial portfolios. Leads teams to drive ongoing process improvement and optimization of these initiatives. Manages and oversees strategy, planning and delivery.
• Drives/coordinates resources assigned to security initiatives in support of Information Services (IS) and other departmental transformation initiatives.
Manages and oversees strategy, planning and delivery.
• Drives and coordinates system optimization and remediation initiatives, often planning and leading the work of others while working proactively under minimal supervision. Collaborates across organizational boundaries. Routinely interfaces with business and technology leaders and sponsors.
• Provides thought leadership and oversight for (multiple) assigned domains.
• Lead efforts in the areas of security risk identification, analysis, classification, and mitigation strategies.
• Leads creation of information security regulatory requirements, health system security policies, and security best practices. Advises departments across the health system on appropriate controls consistent with security policies, standards and best practices.
• Contributes information pertinent to formal security training and provide informal information security awareness information to PSJH caregivers as needed. Commands subject matter expert level knowledge and can confidently and accurately disseminate information to an audience.
• Manage expectations and effective communication to colleagues, project team members, sponsors, stakeholders, business leaders, as well as internal and external security stakeholders and leaders
Qualifications:

Required qualifications for this position include:+ Bachelor’s Degree in Computer Science, Management Information Systems, Information Security, Business Management or a related field or equivalent education/experience.
• 10 years Information Security experience.
• Certified Information Systems Security Professional upon hire.
• Certified Information Systems Auditor upon hire.
• Either of the above or one of the following upon hire: Certified Information Security Manager (CISM), Certified Business Continuity Professional (CBCP), Master Business Continuity Professional (MBCP), PCI-ISA designation (Payment Card Industry-Internal Security Assessor), or PCIP (Payment Card Industry Professional).
• Demonstrated experience working independently and in collaboration with cross-functional teams.
• Demonstrated experience providing in-depth analysis of complex issues which are then presented to cross-functional teams.
• Demonstrated experience in service delivery, process definition, and basic system development.
• Hands-on experience with security risk management practices.
Preferred qualifications for this position include:
• Master’s Degree in Computer Science, Management Information Systems, Information Security, Business Management or a related field.
• 10 years healthcare experience.
About the department you will serve.

Providence Shared Services provides a variety of functional and system support services for our Providence family of organizations across Alaska, California, Montana, New Mexico, Oregon, Texas and Washington.
We are focused on supporting our Mission by delivering a robust foundation of services and sharing of specialized expertise.
We offer comprehensive, best-in-class benefits to our caregivers.

For more information, MissionAs expressions of Gods healing love, witnessed through the ministry of Jesus, we are steadfast in serving all, especially those who are poor and vulnerable.

About UsProvidence is a comprehensive not-for-profit network of hospitals, care centers, health plans, physicians, clinics, home health care and services continuing a more than 100-year tradition of serving the poor and vulnerable.
Providence is proud to be an Equal Opportunity Employer.

Providence does not discriminate on the basis of race, color, gender, disability, veteran, military status, religion, age, creed, national origin, sexual identity or expression, sexual orientation, marital status, genetic information, or any other basis prohibited by local, state, or federal law.
Schedule:
Full-time
Shift:
Day
Job Category:
Quality/Risk/Safety (Non-Clinical)
Location:
Washington-Redmond
Other Location(s):
Oregon-Portland, California, Oregon, Washington-Renton, Washington-Seattle, Washington, California-Irvine

Req ID:350791
Apply Here
For Remote Principal Information Security Analyst roles, visit Remote Principal Information Security Analyst Roles

********

Cybersecurity Risk Analyst at CBRE

Location: Portland

• Cybersecurity Risk Analyst
• Areas of Interest
• Digital & Technology/Information Technology
• Remote – US – Remote – US – United States of America
• The Business Information Security Office (BISO) Cyber Security Risk Analyst is a member of the Business Information Security Office within Global Cyber Security and works closely with the global lines of business, the Digital & Technology (D&T) Solutions & Delivery teams, and other D&T teams.
• Essential Roles and Responsibilities
• Interfaces with the client for RFPs, inquiries, and client security audit reviews.
• Understands and communicates policies and standards for inquiries internally and externally.
• Maintains client relationship by responding to client security-related inquiries and documenting actions.
• Prepares for client inquiries by studying our products, services, and client service processes.
• Responds to client inquiries by understanding inquiry; reviewing previous inquiries and responses; gathering and researching information; assembling and forwarding information; verifying client’s understanding of information and answer.
• Manages, prepares, and dispatches client security support requests.
• Records client inquiries by documenting inquiry and response in clients’ accounts.
• Improves quality service by recommending improved processes and identifying new client security requirements from clients.
• Updates job knowledge by participating in educational opportunities.
• Accomplishes client service and organization mission by completing related results as needed.
• Actively supports the execution of the GCSO program and other plans developed by the Business or as applicable.
• Strong working knowledge related to cyber security governance, controls, and effective monitoring is a plus.
• Facilitates awareness and training programs as needed based on issue/risk trends.
• Promotes awareness of current policies and standards, as well as revisions and developments; provide consistent interpretation of policy to business unit.
• Distributes information security awareness materials and publications appropriately within the business.
• Builds relationships and engage frequently with business leaders and client account teams.
• Frequently interact with, and educate, business leads and their Senior Management team on current issues and overall status of the global cyber security program.
• Help drive cyber security best practices between organizations and countries.
• Identify key business contacts to ensure adequate coverage for the business’ security program.
• Maintain a positive relationship with client auditors.
• Previous in-depth experience in technology including information security governance, risk or compliance.
• Experience giving presentations and superb communication skills
• Bachelor’s and/or Master’s degree in Computer Science, Information Technology or related field.
• 1+ years of risk management experience or direct participation in risk management processes, including application risk classification and application control assessments.
• Client-facing experience in sales, sales support, or service delivery.
• Subject matter experience in application security (security by design), vulnerability testing, identity management, and incident response with deep experience in software engineering/development.
• Knowledge and familiarity in using ServiceNow for Request Management and GRC Management.
• CISSP or CISM (or equivalent)
• We are an equal opportunities employer and do not discriminate on the grounds of gender, sexual orientation, marital or civil partner status, pregnancy or maternity, gender reassignment, race, colour, nationality, ethnic or national origin, religion or belief, disability or age.
• CBRE is an equal opportunity/affirmative action employer with a long-standing commitment to providing equal employment opportunity to all qualified applicants regardless of race, color, religion, national origin, sex, sexual orientation, gender identity, pregnancy, age, citizenship, marital status, disability, veteran status, political belief, or any other basis protected by applicable law.
• An additional requirement for this role is the ability to comply with COVID-19 health and safety protocols, including COVID-19 vaccination proof and/or rigorous testing.
• CBRE, Inc. is an Equal Opportunity and Affirmative Action Employer (Women/Minorities/Persons with Disabilities/US Veterans)
Apply Here
For Remote Cybersecurity Risk Analyst roles, visit Remote Cybersecurity Risk Analyst Roles

********

Information Security Analyst (Virtual) at Jama Software

Location: Portland

• \
• \
• Note that you don’t need to possess 100% of the qualities to be considered\
• \
• * \
• \
• Women, BIPOC, LGBTQ, and other under-represented groups are highly encouraged to apply\
• \
• * About Jama Software:
• Jama Software is passionate about improving innovation success. Numerous firsts for humanity in fields such as fuel cells, electrification, space, autonomous vehicles, surgical robotics, and more all rely on Jama Connect to minimize the risk of product failure, delays, cost overruns, compliance gaps, defects, and rework. Jama Connect uniquely builds Living Requirements that form the digital thread through siloed development, test, and risk activities to provide end-to-end compliance, risk mitigation, and process improvement. Our rapidly growing customer base of more than 12.5 million users across 30 countries spans the automotive, medical device, life sciences, semiconductor, aerospace & defense, industrial manufacturing, financial services, and insurance industries.
• Overview:
• The Security team at Jama provides advice on, and risk-management of, security issues that enable the business to deliver outstanding products and services to our customers. From space, to medical, to automotive our product is used by sophisticated development teams in high impact and highly regulated industries.

If you’re the type of person who enjoys solving problems, likes to spend time mastering their craft and is all about building solutions that allow customers to innovate faster, then Jama is the place for you.
• Primary Responsibilities
• In this role, you will:
• Assist with the organization’s Vulnerability Management program, including coordinating with our established Managed Service Security provider and crafting plans of action for remediation and coordinating within the organization for remediation of the identified issue and documentation of the remediation
• Assist in the coordination of staff awareness training on information security standards, policies, and best practices
• Monitor network systems for security breaches
• Assist with incident response, including steps to minimize the impact and then conducting a technical and forensic investigation into how the incident happened
• Qualifications
• * Minimum 3 years of security analyst/administration experience
• Minimum 2 years of experience with web applications, especially J2EE technologies and technologies like Docker, Tomcat, Nginx
• Basic understanding of network fundamentals including (TCP/IP, VPN, DNS, SMTP HTTP(S))
• Experience with vulnerability scanning, reporting and remediation
• Outstanding documentation and writing skills
• Ideal Candidate
• * Experience with SaaS application and/or hosting, preferably in an enterprise software development environment and AWS
• Hardworking, driven, intelligent, collaborative, and hard-working with a thirst to learn
• Strong automation skills and independent time management skills
• Values transparency and consistently iterating to improve
• Strong interpersonal skills, including written and verbal communication and presentation skills
• Experience working in a virtual first environment
• Benefits and Other:
• If we’ve intrigued you and you are the right candidate for the role, we will offer:
• Ambitious and fun work with a chance to define distinct, company-shaping tangible contributions
• An energized and results-oriented Product leadership team
• Competitive cash and equity compensation
• Comprehensive and affordable medical, dental and vision plans as well as pre-tax savings accounts as well as a generous 401(k) employer match
• Time-off and leave programs crafted to meet critical needs for rejuvenation and, when needed, extra support to cope with life events

Jama Software is an Equal Opportunity Employer. Qualified applicants will be considered without regard to race, color, religion, sex, national origin, age, veteran status, sexual orientation, gender identity, disability, genetic information or that of their relatives, friends or associates or any other characteristic protected under federal, state, or applicable law.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Job Type: Full-time
Apply Here
For Remote Information Security Analyst (Virtual) roles, visit Remote Information Security Analyst (Virtual) Roles

********

InfoSec GRC Analyst II at Columbia Sportswear Company

Location: Portland

OUTGROWN YOUR OWN BACKYARD? COME PLAY IN OURS.At Columbia, we’re as passionate about the outdoors as you are. And while our gear is available worldwide, we’re proud to be based in the Pacific Northwest, where natural wonders are our playground. Every product we make and every task we undertake is inspired by the famous words of our founder Gert Boyle: “It’s perfect. Now make it better.” As pioneers of relentless improvement, we are constantly evolving. We believe the outdoors is ours to protect and strive to keep our planet healthy. We believe in empowering people to experience the outdoors to the fullest. And we believe in you.

Although we’re an apparel and footwear-focused company, technology is central to everything we do. Columbia Sportswear’s Digital Technology (CDT) group enables an IT infrastructure and applications across four global brands, a global supply chain, and 500+ geographically dispersed stores. These teams support in-store, mobile, and data platforms to enhance customer interface and service in an ever-evolving industry. As an Information Security GRC Analyst, you will be responsible for the operations of regulatory compliance and risk management functions within CDT’s InfoSec GRC team. In this highly collaborative role, you’ll partner with diverse stakeholders (financial compliance, technical teams, control owners, internal auditors, external auditors, etc.) on a daily basis. You will also manage and assist with cross-functional projects, including the implementation and optimization of IT processes and controls and performing risk management tasks.

How you’ll make a difference
• Provide subject matter expertise and coaching regarding IT risks and controls to the IT organization and its partners in the business and audit
• Partner with IT control owners to design and implement controls which address regulatory requirements and provide consistent, high quality, and auditable results
• Maintain SOX and PCI IT risk and control matrices as well as supporting control documentation such as process flows, detailed work instructions, self-assessments, etc.
• Support the assessment and remediation of SOX and PCI IT control deficiencies by performing root cause analysis, designing remediation plans, and updating control design documentation
• Support CDT management by acting as a liaison between auditors and IT control owners. Participate in control walkthroughs, assist in gathering audit evidence requests, and coordinate follow-up requests
• Obtain and review service organization control (SOC1 and SOC2) reports for relevant third parties, mapping them to Columbia IT controls and assessing control deficiencies
• Support Information Security risk management tasks including third party contract reviews, vendor monitoring, risk tracking, and issue remediation

You are
• A self-motivated and curious analyst. You can solve complex issues in terms of risk, process, and relationships.
• A structured and effective partner. Whether alone or collaborating, you guide the successful completion of both projects and day-to-day activities.
• Enterprise focused. You aren’t a siloed thinker, but consider impacts across regions, functions, and technologies.
• Relationship driven. You build rapport and support your team.
• A savvy and effective communicator. Whether in writing or verbally, you can clearly explain complex, sensitive information to colleagues without excessive jargon.

You have
• Bachelor’s degree in Business, Accounting, Management Information Systems, Computer Science or a technically related field
• Minimum 3 years’ experience within a mid-size to large corporate environment(s)
• Applied experience with SOX IT audits and/or compliance programs. Additional experience with other regulatory frameworks including PCI preferred.
• CISA, CPA, CIA, CISM, CISSP or other relevant professional certifications desired
• Proven understanding of external and internal audit processes and ability to work effectively with auditors to research, interpret and resolve internal control and related audit issues
• Strong PC and systems skills with aptitude for technical subjects and understanding of ERP processing environments, particularly SAP and Microsoft Dynamics 365

Columbia Sportswear Company and our portfolio of brands, including Columbia, SOREL, Mountain Hardwear and prAna, know a thing or two about adventures. After all, we’ve been on one since 1938, working to perfect the art of enjoying the outdoors. Behind everything we make is an employee who’s found that the greatest adventure starts with joining a company that strives to do the right thing.

This job description is not meant to be an all-inclusive list of duties and responsibilities, but constitutes a general definition of the position’s scope and function in the company.

At Columbia Sportswear Company (CSC), we are committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and teammates without regard to race, color, religion, sex, pregnancy (including childbirth, lactation and related medical conditions), national origin, age, physical and mental disability, marital status, sexual orientation, gender identity, military and veteran status, and any other characteristic protected by applicable law. CSC believes that diversity and inclusion among our teammates is critical to our success as a global company, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. All employment is decided on the basis of qualifications, merit, and business need.
Apply Here
For Remote InfoSec GRC Analyst II roles, visit Remote InfoSec GRC Analyst II Roles

********

REMOTE Cloud Security or Cyber Security Analyst at CyberCoders

Location: Portland

If you are an experienced Cyber Security Analyst looking to join a growing firm with great culture, please read on!

Top Reasons to Work with Us

Ranked in Fortunes 100 Best Companies to Work For 2021

What You Will Be Doing

In this fully remote role you will be responsible for analyzing, designing, implementing, and auditing cloud infrastructure, security solutions, and integrated technologies through a lens of security, resiliency, and scalability.

You’ll also collaborate with team members in-person and remotely. Work closely with different business functions to ensure monitoring, logging, and auditing of relevant events and assisting in automation of security controls.

What You Need for this Position

At least 3 years of experience with
• Cyber Security or Cloud Security
• AWS/Azure
• Compliance frameworks
• PowerShell or Python or JavaScript
What’s In It for You
• Salary: $100,000-$130,000
• Fully covered benefits for individual and family
• 401k Match up to 6%
• Annual Bonus
• Sabbatical program
• PTO
• Fully remote
So, if you are a REMOTE Cyber Security Analyst with experience, please apply today!

Email Your Resume In Word To

Looking forward to receiving your resume through our website and going over the position with you. Clicking apply is the best way to apply, but you may also:

Jimmy.Rowland@
• Please do NOT change the email subject line in any way. You must keep the JobID: linkedin : JR19-1698578 — in the email subject line for your application to be considered.***
Jimmy Rowland – Recruiter – CyberCoders

Applicants must be authorized to work in the U.S.

CyberCoders, Inc is proud to be an Equal Opportunity Employer

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status, or any other characteristic protected by law.

Your Right to Work – In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.
Apply Here
For Remote REMOTE Cloud Security or Cyber Security Analyst roles, visit Remote REMOTE Cloud Security or Cyber Security Analyst Roles

********

Security Incident Response Analyst at Cambia Health Solutions

Location: Portland

Security Incident Response AnalystRemoteOperationalize cyber threat intelligence and manage incident response processes for security events. Perform in technical security testing of Cambia infrastructure to identify weaknesses and assist with the prioritization of remediation efforts. Provide scenarios and facilitation of tabletop exercises. General Functions and Outcomes
• Responsible for incident confirmation, response, data collection, investigation, and analysis.
• Responsible for maturing Cambia’s information security incident response process and procedures and guiding responders on the proper handling of cybersecurity incidents.
• Partners with information security and architecture and information security operations teams on mitigations approaches.
• Designs and implements processes for continuous improvement of incident response processes, policies, procedures, and playbooks
• Responsible for the planning, design, enforcement, and review of technology events to help ensure compliance with security policies, standards, and procedures under appropriate management guidance.
• Assists in the delivery of security briefings to management advising them of critical issues and metrics that may affect customer or corporate security objectives.
• Communicate with various departments and business units regarding sensitive and confidential issues.
• Work with IT team members, Privacy Office, Human Resources and Legal office in the collective effort of protecting Cambia’s information assets.
• May serve as primary incident response management involving a shared 24×7 on call availability.
• Monitor threat and vulnerability management information resources to identify new and emerging enterprise concerns.
• Demonstrated understanding of complex systems integration issues involving many disparate data sources, and experience in resolving them through providing clear direction on scope of solution.
• Provides leadership, direction, processes and procedures for the Cybersecurity incident management program.
• Leverages commercial and open-source intelligence feeds to adequately cover business risks.

Minimum Requirements
• Experience with cyber threat intelligence at both a technical and process level, security incident response process, digital forensics, chain of custody, and threat hunting.
• Demonstrated experience with Security Operations Center (SOC) operations and processes
• Excellent written and verbal communication skills with an ability to communicate with a variety of stakeholders, including all levels of staff and leadership.
• Passionate and curious with wide and mixed skills in active defense and intelligence analyst tradecraft.
• Capable of analyzing competing sources of information to prioritize the best hypothesis while searching for and tracking adversaries over the course of a campaign.
• Knowledge of exploit development, vulnerability research/reporting or writing system modules in C & C++, a major advantage and added bonus.
Normally to be proficient in the competencies listed above An Incident Response Analyst would have a Bachelor’s degree in Computer Science, Mathematics, Business Administration or related field and 5+ years of experience in incident response and technical security testing or equivalent combination of education and experience. 5+ years of experience creating security policies, standards, or procedures. Required Licenses, Certifications, Registration, Etc.

CISSP certification required within 12 months of hire. Other relevant certifications desired. We are an Equal Opportunity and Affirmative Action employer dedicated to workforce diversity and a drug and tobacco-free workplace. All qualified applicants will receive consideration for employment without regard to race, color, national origin, religion, age, sex, sexual orientation, gender identity, disability, protected veteran status r status protected by law.

A background check is required. If you need accommodation for any part of the application process because of a medical condition or disability, please email Cambia

Careers. Information about how Cambia Health Solutions collects, uses, and discloses information is available in our Privacy Policy. As a health care company, we are committed to the health of our communities and employees during the COVID-19 pandemic. Please review the policy on our Careers site.
Apply Here
For Remote Security Incident Response Analyst roles, visit Remote Security Incident Response Analyst Roles

********

Security Analyst Sr. (Hybrid) (Portland, OR) at M Financial Group

Location: Portland

M Financial Group is a community of leaders comprising the best and brightest minds in our industry. By combining individuals’ expertise and skill, M Financial Group has become a powerful force committed to advancing the interests of our industry, communities, and clients for over 40 years. M’s solutions are rooted in the diverse expertise of our team, our collaborative approach to innovation and our comprehensive support.

We embrace a progressive, dynamic mindset for every role. M Financial Group provides a professional community that actively supports individuals with diverse backgrounds and perspectives who come together to build and support best-in-class solutions. If you’re looking to be a part of a high performing, collaborative, and dedicated team, M Financial Group is in search of our next Security Analyst Sr. to join our team.

Responsible for leading the design, planning, facilitation, evaluation and implementation of information security-related policies, procedures, standards, and controls across M Financial Holdings. Assists in the development of the goals, strategy, methodologies, and outcomes of the MFH and Member Firm Information Security Policy program and related technologies. Provides leadership, expertise, and technical direction in collaboration with Infrastructure peers, junior team members, and colleagues from MFH departments. Responsible for the day-to-day operations of multiple information security-related program areas and technology systems. Prepares and presents detailed high-level reports to internal and external stakeholders at multiple levels. Acts as a subject matter expert in the security and integration of systems, applications, processes, access controls, upgrades, and enhancements for business and technical requirements for the systems M supports. Assigns work, plans, and manages department priorities in coordination with senior management within the Core Technology and Data team. Oversees the information security awareness training program to ensure all staff understands the importance of protecting client data. Mentors junior staff, provides constructive feedback, ensures quality improvement, provides leadership feedback on staff performance, and assists with goal setting for the team. Assists in the recruitment, development, and training of junior security staff.

ESSENTIAL FUNCTIONS:
• Leads the design, engineering, implementation and operation of information security processes, policies, standards, systems, and controls based on business and technical requirements
• Analyzes and correlates data from multiple security tools, such as endpoint protection, intrusion detection systems, security event monitors, web application firewalls and SaaS based platforms (e.g. Microsoft Cloud App Security, zScaler, Entreda, Cloudflare, MAM, MECM, etc)
• Protects M Financial information and information systems by analyzing public and private information sources to develop effective defensive techniques, policies, procedures, and standards
• Develops security roadmaps, diagrams, and documentation for increased adoption of cloud platforms (AWS, Azure)
• Responsible for the annual compliance of the Member Firm Information Security Policy program for all Member Firms
• Responsible for the remediation of findings in the annual MFH penetration test
• Effectively communicates technical issues and investigative findings to technical and non-technical audiences in written and verbal form
• Leads information sharing and integration procedures across the Core Technology and Data Team through the exchange of threat intelligence and vulnerability assessment data
• Develop annual goals and metrics for patch and vulnerability management program
• Coordinate and develop appropriate third-party risk management goals in coordination with Internal Audit
• Serves as an advisor and subject matter expert on identified projects or any other M Financial initiative that may have an information security implication
• Develops and leads user access reviews in coordination with the Internal Audit team
• Develops and generates reports and metrics (e.g. system/control metrics, status updates, risk assessments reports, remediation reports) to support information security measurement and reporting objectives
• Provides support and assistance across the organization related to information security related technology and programs.
• Triage, investigate, respond to, and escalate security anomalies and alerts
• Investigates and verifies potential phishing emails for MFH
• Investigates and provides leadership on Member Firm security incidents. Reports to the compliance and Wealth Solutions department
• Provides on-call after-hours support as assigned, including evenings, weekends, and holidays
• Performs other duties as assigned

QUALIFICATIONS

EDUCATION:
• Bachelor’s degree in Computer Science, Information Technology, or relevant field or equivalent knowledge and skills obtained through a combination of education, training, and experience required

EXPERIENCE/TRAINING:
• Minimum of five (5) years of experience in IT, of which at least 2 years of experience in information security is required.
• Leadership experience working with project or technical teams required
• Financial services experience preferred
• Two or more relevant security-related certifications preferred (e.g. CISSP, CISM, GSEC, Security+, CEH, GPEN, GSEC, or equivalent)

KNOWLEDGE/SKILLS/ABILITIES:
• Knowledge of regulatory and compliance standards is required (GDPR, CCPA, HIPAA, GLBA, NIST, ISO27001)
• Expertise with networking protocols and basics of TCP/IP
• Strong knowledge with Metasploit
• Expertise with Rapid7 and InsightVM platform
• Familiar with DAST and SAST concepts for web application security testing
• Excellent project management, written and verbal communication skills
• Ability to collect and analyze data to guide decision making while under potentially intense pressure to address security incidents
• Ability to identify and correlate cyber threats and vulnerabilities
• Strong understanding of adversarial tactics and techniques
• Hands-on experience with cybersecurity, ethics, and privacy principles
• Strong knowledge of Microsoft Azure cloud and security services (e.g. MCAS, Azure Information Protection, DLP).
• Strong knowledge of MFA specifically Okta
• Ability to build trust and credibility with business partners and senior leadership while recommending initiatives and identifying gaps and potential issues
• Ability to effectively lead others

JOB CONDITIONS AND ENVIRONMENT
• Hybrid work environment offering a blend of virtual/work from home and onsite days designed to support flexibility
• Normal business casual office environment & desk assignment
• Extensive use of PC’s, computer terminal, display, keyboard, and mouse
• Extensive use of video conferencing for content acquisition, meetings, and course presentation
• Extensive hands on work with documents, spreadsheets and other written documents
• M Financial is following federal, state and local COVID-19 guidelines and has adopted a policy requiring all employees to be fully vaccinated against COVID-19 or to have a COVID-19 test performed weekly when coming into the office

This position description is not intended to be and should not be construed as an all-inclusive list of responsibilities, skills or working conditions associated with this position. While this description is intended to accurately reflect the position’s activities and requirements, management reserves the right to modify, add or remove duties as necessary.
Apply Here
For Remote Security Analyst Sr. (Hybrid) (Portland, OR) roles, visit Remote Security Analyst Sr. (Hybrid) (Portland, OR) Roles

********

Senior Security Analyst -Endpoints at Datto, Inc.

Location: Portland

As the world’s leading provider of cloud-based software and technology solutions delivered by managed service providers (MSPs), Datto believes there is no limit to what small and medium businesses can achieve with the right technology. Datto offers Unified Continuity, Networking, and Business Management solutions and has created a one-of-a-kind ecosystem of MSP partners. These partners provide Datto solutions to over one million businesses across the globe.

Since its founding in 2007, Datto continues to win awards each year for its rapid growth, product excellence, superior technical support, and for fostering an outstanding workplace. With headquarters in Norwalk, Connecticut, Datto has global offices in the United Kingdom, Netherlands, Denmark, Germany, Canada, Australia, China, and Singapore. Learn more .

You will report to the Director of Security Operations.

​​Datto, Inc. is seeking a Senior Security Analyst to conduct real-time analysis using SIEM and proprietary endpoint-based technologies.

Your role will be to serve as technical lead in identifying and responding to cyber security incidents, performing digital forensics, conducting threat hunting and generally enhancing the defensive capabilities of the Security Operations Center (SOC). Ultimately, your purpose will be to help ensure Datto and its’ 18,000+ partners are able to respond effectively to whatever cyber threats impact them and our shared customers.

Additional responsibilities and functions:
• Assist Datto partners through the incident handling process across Windows, Mac, and Linux platforms, perform basic malware analysis, and create security incident reports
• Develop and improve processes for incident detection and the execution of countermeasures
• Produce high-quality written and verbal communications, recommendations, and findings to internal and external stakeholders
• Assist detection engineers in tuning detection rules to reduce false positives and noise
• Create automations and workflow improvements for SOC analysts to triage and respond to detected events
• Demonstrate industry thought leadership through blog posts, social media, and/or public speaking events

Required Skills:
• At least three years of experience in Security Operations, Endpoint Detection & Response (EDR) analysis, endpoint monitoring, and/or digital forensics
• Experience conducting or managing technical incident response for organizations
• Strong understanding of targeted attacks and able to create customized containment and remediation plans for compromised organizations
• Strong understanding of secure network architecture and networking principles
• Knowledge of MITRE ATT&CK™ behavioral techniques and how to detect them
• Knowledge of Windows, Linux and MacOS operating system internals
• Knowledge of regex and SQL-type query languages
• Knowledge of Systems Administration in order to implement and execute countermeasures and remediation
• Capable of completing technical tasks without supervision
• Must be willing to rotate between various shift schedules, including the possibility of nights or weekend

Desired

Skills:
• Former experience in one s: security operations, cyber threat hunting, Endpoint Detection and Response (EDR), detection signatures and analytics
• Threat hunting & data analytics via tools like Elastic, Athena, or Redshift and SQL-like query languages
• Experience with scripting and interpreter languages, particularly bash and Power Shell
• Knowledge of offensive tools (e.g. Cobalt Strike, Mimikatz, Metasploit or Powershell Empire)
• One icable certifications: i.e. GCFA, GCFE, GREM, GNFA, or OSCP

Benefits:

At Datto, we’re committed to cultivating a healthy, positive and growth enabling environment. We are proud of our wide ranging benefits package which is available to all full-time employees, including:
• Comprehensive health-care benefits
• Flexible paid time off policy
• Generous paid parental leave
• “Datto University” virtual on-boarding program
• Access to more than 5,000 courses via Linked

In Learning
• Education reimbursement
• Employee Assistance Program
• Headspace App
• Charity match program
• A dynamic and socially active work culture, including Employee Resource Groups
• Networking and career development opportunities
• And more!

Note:

We are looking only for candidates willing to join us directly as W2 employees (No 3rd party candidates)

By submitting an application, you acknowledge we will process your data in order to consider you for the position you apply for and for other open positions within our company for which you may be suited. We collect and store your data in accordance with our Recruiting Privacy Practices.

Datto is an equal opportunity employer.
Apply Here
For Remote Senior Security Analyst -Endpoints roles, visit Remote Senior Security Analyst -Endpoints Roles

********

Associate Cybersecurity Engineer at CBRE

Location: Portland

• Associate Cybersecurity Engineer
• Areas of Interest
• Digital & Technology/Information Technology
• Remote – US – Remote – US – United States of America
• Global Cyber Security Office – The Global CSO’s mission is to mitigate cyber security risk by actively working with the CBRE business, Digital & Technology and other partner organizations (Compliance, Risk Mgmt., Audit, & Legal) to seamlessly integrate security processes, tools, and people into the business culture providing a holistic security ecosystem, driving continuous improvements and seamless protection / monitoring capabilities globally.
• A passion for research and uncovering the unknown about cyber security threats and threat actors.
• + Use threat intelligence, analysis of anomalous log data and results of brainstorming sessions to detect and eradicate threat actors.
• + Provide expert analytic investigative support of large scale and complex security incidents.
• + Continuously improve processes for use across multiple detection sets for more efficient operations.
• + Review alerts generated by security infrastructure for false positive alerts and modify as needed.
• + Provide forensic analysis of network packet captures, DNS, proxy, NetFlow, malware, host-based security and application logs, as well as logs from various types of security sensors.
• + Create and tune models / SIEM alerts for automated response orchestration
• + Review security events to determine impact to CBRE
• + Analyze available data sources, security tools, and threat trends and lead security monitoring and analysis techniques to identify attacks against the enterprise.
• + Collaborate with the global security operations teams to provide targeted threat hunting reports on a regular cadence.
• + Take escalations from the global security operations center and treat appropriately
• + Establish runbooks and assist with tabletop exercises
• + Experience leading complex technical projects, meeting target timelines, facilitating project meetings, authoring project documentation, and negotiating issue resolution
• Understanding of the tactics, techniques, and procedures (TTPs) used by threat actors against endpoints
• + Intermediate to Expert experience managing policies and tuning within Carbon Black Defense and Response
• + Familiarity with modern methods of network and endpoint attacks and compromise such as MITRE ATT&CK techniques
• + Experience with vendor endpoint security controls
• + Experience with network-based endpoint security controls
• + Proven ability to work in a team-oriented, collaborative environment
• + Direct experience of Linux/Unix and Windows operating systems, enterprise SIEM, and packet capture analysis toolset
• + Knowledge of regular expressions and at least one scripting language (PERL, Python, PowerShell)
• + Experience with PowerBI Reporting is a plus
• of IT security experience or equivalent skills
• of recent operational security experience (SOC, Incident Response, Malware Analysis, IDS/IPS Analysis, etc.)
• + Minimum of 3+ years of related working experience in endpoint security preferred
• + One or more security related certifications, such as CISSP, GIAC, or GCIH is highly desired
• + Bachelor’s Degree preferred
• CBRE is an equal opportunity/affirmative action employer with a long-standing commitment to providing equal employment opportunity to all qualified applicants regardless of race, color, religion, national origin, sex, sexual orientation, gender identity, pregnancy, age, citizenship, marital status, disability, veteran status, political belief, or any other basis protected by applicable law.
• An additional requirement for this role is the ability to comply with COVID-19 health and safety protocols, including COVID-19 vaccination proof and/or rigorous testing.
• CBRE, Inc. is an Equal Opportunity and Affirmative Action Employer (Women/Minorities/Persons with Disabilities/US Veterans)
Apply Here
For Remote Associate Cybersecurity Engineer roles, visit Remote Associate Cybersecurity Engineer Roles

********

The Tech Career Guru
We will be happy to hear your thoughts

Leave a reply

Tech Jobs Here
Logo