Job Listing
|
|
| Job ID: 13964670 |
|
| |
| Job Location: |
|
| |
|
|
| |
| How to Apply: | To see employer contact information, log in or register. |
| |
| Job Title: | Senior Application Security Analyst |
| Work Type: | Work Days: Work Vary: Yes , Shift: Other, Hours Per Week: 40, Work Type: Regular |
| |
| Salary Offered: | Unspecified |
| Benefits: | 401(k) or other retirement, Dental Insurance, Health Insurance, Holidays, Sick Leave or PTO, Vacation or PTO |
| |
| Physical Required: | Unspecified |
| Drug Testing Required: | Unspecified |
| Education Required: | Bachelor's Degree |
| |
| Experience Required: | Unspecified |
| |
| Required Skills: | Please see the job description for information about required job skills. |
| Preferred Skills: |
|
| |
| |
| |
|
| Job Description: |
HealthPartners is currently hiring for a Senior Application Security Analyst. This position provides technical consultation for system and data security and assists in the coordination, development, and implementation of security controls to reduce and manage risk to computer-stored information assets. The analyst will audit and identify weakness and vulnerabilities to HealthPartners' data and systems, provide analysis concerning resolution to risks and consult with IT groups to ensure compliance of established security processes and controls. The analyst will also participate in the application development/major enhancement process to ensure that new systems are developed with a correct level of internal and external security; delegate implementation tasks to lower-level analysts; and promote security awareness throughout the company.
Required Qualifications:
Bachelor's degree or equivalent
5+ years' experience in Information Technology
3+ years' experience in Information Security
3+ years of programming experience (Client and Server-side, in one or more of the following: Java, JavaScript, .NET, Python)
Experience with Rapid 7 and Flash Nexpose
Experience with Windows Server and/or Unix Server
Excellent desktop tool proficiency including Microsoft products (e.g., Word, Excel, Access, and PowerPoint)
Knowledge of the security aspects of multiple system platforms, operating systems, software communications, and network protocols.
Experience coordinating projects.
Knowledge of structured methodologies and standards such as ISO 27000, NIST, PMI, ITIL, CMMI, OWASP, and CoBit
Knowledge of federal and state security-related legislation including HIPAA, PCI, JCAHO, NCQA
Preferred Qualifications:
Experience with Git
CISSP or CISA certification is highly preferred.
Experience with ServiceNow.
Experience with automation (e.g., PowerShell, XSOAR).
Fortify and other SAST offerings.
Kubernetes
CI/CD Technologies (Tekton, Argo, Jenkins Pipelines)
RDBMS & NoSQL DBs
RESTful APIs
Hours/Location:
M-F; Days
Position may work remotely but will prefer local/regional candidates for occasional onsite needs.
Accountabilities:
Promotes and implements IT's security program to ensure the confidentiality, integrity and availability of HealthPartners' network and infrastructure.
Performs security forensic services; gathering and consolidating data artifacts.
Partner with development teams to educate and review secure coding practices.
Monitors security event reports and actions; ensuring the appropriate response is performed and coordinated.
Provides IT security control guidance and interpretation to IT Application, IT Technical Infrastructure, and HealthPartners' staff and management.
Provides security consultation on small to midsize projects.
Updates Security Program documentation and recommends changes to the infrastructure to the Security Architect
Promotes and educates staff on security principles and HealthPartners' policy and process.
Assists with the coordination and development of system security enhancements.
Documents vulnerability finding trends and provides recommendations for root cause resolution.
May coordinate changes to the security infrastructure; ensuring change management processes are followed and the appropriate documentation is gathered.
Assesses and documents security deviation requests to ensure the appropriate risk, impact, and approvals are captured.
Assess third party alignment to HealthPartners' Security Standards.
Gathers documentation and provides subject matter expertise for audit, regulatory requirements, and third parties.
Maintains awareness of the latest developments in key areas of responsibility and presents opportunities that might benefit the organization.
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.
Refer to ID 78518648 when applying |
|