Associate Information Security Analyst - Remote

Healthesystems · Tampa, FL · 20 hours ago · Over 100 applicants

About the job

Healthesystems offers workplace flexibility with our Work-From-Home model, and a competitive
compensation and benefits package including healthcare coverage, PTO, paid holidays, 401(k), company-
provided life insurance/disability coverage, wellness options, and more.

Note: we are unable to hire in every state

Summary: The Information Security Analyst, Associate works with the Information Security team to
identify, protect, detect, respond, and recover from security related events through the implementation
of all applicable mitigation solutions to eliminate the risk. This position will perform continuous
monitoring of all network resources, carryout in-depth analysis of security risks and assist with the
development of mitigation solutions, while conducting regular vulnerability audits, and risk assessments.
The Information Security Analyst, Associate will also be required to actively participate in the
management and administration of information security related requests, as well as participate in the
administration creation and/or maintenance of policies, standards, baselines, guidelines, and
procedures. Where applicable, the Information Security Analyst, Associate will work with Application
Security Test Engineers in the selection and implementation of new security solutions, to promote
secure-by-default designs, in support of secure application development and sustainment, ensuring
information systems and infrastructure will be secured throughout the software/system development
life cycle (SDLC).

Key Responsibilities: "To simplify complexities for each customer."

 Participate in the monitoring of defense in-depth security measures, Data Loss Prevention (DLP),
digital forensics, vulnerability assessments, penetration tests, hardware and software
remediation strategies, malware prevention, security audits and remediation activities. Will also
assist with the handling of security incident responses.

 Actively participate in the monitoring and administration of all information security requests to
ensure they receive proper verification, validation, and authorization prior to being approved.

 Maintain up-to-date detailed knowledge of the Information security industry including

awareness of new or revised security solutions, improved security processes and the
development of new attacks and threat vectors.

 Provide support for security activities in the software/system development life cycle (SDLC) and
application development efforts.

 Assist with the administration creation of enterprise security documents (policies, standards,
baselines, guidelines, and procedures).
Qualifications/Education/Certifications:

Bachelor's degree from four-year college or university (in Information Technology, Computer Science, or
a related field preferred) plus 0-2 years of related experience; or equivalent combination of education
and experience.

Prefer one or more of the following active certifications: CISSP, CISM, CISA, CEH, CompTia Security+,
GCIA, GPEN or GSEC.

Knowledge, Skills and Abilities:

 Experience working in an enterprise architecture, information security, information technology

or information risk management related field.

 Experience with technical security controls (e.g. AAA, multi-factor authentication, network or
host based firewalls, network or host based intrusion detection/prevention systems, anti-virus,
encryption, Virtual Private Networks (VPN), web application firewalls, configuration
management, host hardening, continuous monitoring, incident response, or data loss
prevention administration) within an organization or in a consulting capacity.

 Experience conducting security and IT control audits assessments.

 Experience working with vulnerability scanners.

 Experience working with penetration testing tools (Metasploit, Nmap, and Burp Suite)

 Must demonstrate understanding of infrastructure and application security requirements and

architecture.

 Demonstrated experience with security architecture solutions for large, critical systems and an
understanding of Information Security standards, frameworks/methodologies, and best practice
(NIST, ISO 2700x, CIS, ITIL, CoBIT, OCTAVE, GLBA).

 Understanding of host security architecture best practices.

 Understanding of network security architecture best practices.

 Ability to work well under pressure and to meet tight deadlines.

 Demonstrate a high level of motivation, confidence, integrity, and responsibility.

 Possess excellent written and verbal communication skills, presentation, and problem-solving
skills and be able to interact well with peers and internal customers.
Risk Assessment: Conduct thorough risk assessments to identify potential threats and
vulnerabilities within an organization.Compliance Management: Ensure adherence to relevant
laws, regulations, and industry standards to mitigate legal and compliance risks.Policy
Development: Develop and update policies and procedures to establish guidelines for
employees and ensure alignment with governance objectives.Security Incident Response:
Manage and coordinate responses to security incidents, minimizing potential damage and
implementing corrective measures.Audit and Assurance: Conduct regular audits to assess the
effectiveness of governance controls and identify areas for improvement.Training and
Awareness: Provide training programs to educate employees about compliance requirements,
security protocols, and risk management practices.Third-Party Risk Management: Evaluate and
monitor risks associated with external vendors, partners, and suppliers to safeguard the
organization's interests.Data Privacy Management: Implement and maintain processes to
protect sensitive data, ensuring compliance with data protection regulations.Business
Continuity Planning: Develop and test plans to ensure the organization can continue its critical
operations in the face of disruptions or disasters.Reporting and Communication:
Communicate risk-related information to stakeholders, including executives and board
members, to facilitate informed decision-making.

Bharat Bhushan Wadhwa

·
Follow
Lives in Dehradun, Uttarakhand, India (2022–present)Feb 6
Since you have an interview focused on GRC, VAPT, and SOC, here are some steps you can
take to prepare:

General Preparation:

 Research the company and interview format: Learn about the company's
culture, values, and specific area of interest related to these topics.
Understand the interview format (individual, panel, technical, etc.) and tailor
your responses accordingly.
 Review core concepts: Refresh your understanding of key terms and
methodologies in each area:
o GRC: Governance, Risk Management, Compliance (frameworks,
standards, controls, risk assessments).
 o VAPT: Vulnerability Assessment and Penetration Testing (types,
methodologies, tools, reporting).
o SOC: Security Operations Center (incident response,
monitoring, SIEM, log analysis).
 Practice common interview questions: Prepare concise and confident
answers to expected questions like:
o Why are you interested in this role?
o Describe your experience with GRC, VAPT, or SOC.
o How do you handle pressure and prioritize tasks?
o Tell me about a challenging technical problem you solved.
o What are your salary expectations?
Specific Preparation:

 GRC:
o Be familiar with different GRC frameworks like COSO, NIST, and
ISO.
o Understand risk assessment methodologies and common
controls.
o Know how GRC principles apply to real-world scenarios.
 VAPT:
o Brush up on common vulnerability types (CWE) and how to
identify them.
o Familiarity with penetration testing methodologies (black box,
white box, grey box).
o Knowledge of popular VAPT tools like Nessus, Burp Suite, and
Metasploit.
o Understand secure coding practices and common
vulnerabilities in web applications.
 SOC:
o Know the different types of security incidents and how to
respond to them.
o Familiarity with SIEM tools and log analysis techniques.
o Understand the incident response lifecycle and best practices.
o Prepare to discuss how you stay updated on cybersecurity
threats and vulnerabilities.
Additional Tips:

 Showcase your problem-solving skills: Use the STAR method (Situation,

Task, Action, Result) to describe your past experiences and highlight
successful outcomes.
  Prepare insightful questions: Show genuine interest in the role and the
company by asking thoughtful questions about their specific needs,
challenges, and security practices.
 Be confident and enthusiastic: Demonstrate your passion for
cybersecurity and your eagerness to learn and contribute.
Remember, the key is to demonstrate your knowledge, experience, and ability to learn
quickly in these complex areas. Best of luck with your interview!