Senior Information Security Analyst
City : Remote, USA
Category : Full-Time
Industry : Information
Employer : PointClickCare
For more than 20 years, PointClickCare has been the backbone of senior care. We’ve amassed the richest senior care dataset making our market density untouchable and our connections to the healthcare ecosystem exponentially more powerful than those of any other platform.
With Collective Medical & Audacious Inquiry, we’ve become the most expansive, full-continuum care collaboration network, offering care teams immediate, point-of-care access to deep, real-time insights at every stage of a patient’s journey.
Senior Information Security Analyst
We are looking for a talented, experienced Senior Information Security Analyst who will have a significant impact across our multi-site structure and will be an invaluable, leading resource to ensure the highest level of integrity and reliability in identifying, detecting, preventing, investigating, containing, and resolving information security threats and proactively addressing security vulnerabilities.
The Senior Information Security Analyst will plan and carry out security measures to protect PointClickCare’s cloud and premise networks, data centers, endpoints and systems, including a Software as a Service footprint and corporate environments. The Senior Analyst will be responsible for identifying opportunities for improvement in security posture in collaboration with other security team members and other PointClickCare business units. The Senior Information Security Analyst lead specific projects relating to on-premise and cloud (AWS/Azure) technologies and assuring the effective implementation and management of security tools as we continue to improve the security posture of PointClickCare.
· Act as a second-tier expert for security tickets/incidents based on security alerts generated from various sources (Cloud subscriptions IaaS/PaaS/SaaS in Azure/AWS, networks, servers, endpoints and other event logs). This will require investigation, triage, and response to security events identified by other team members or other PointClickCare business units
· Assist with the management of the vulnerability management program by reviewing vulnerability scans, interpreting results, coordinating remediation efforts across Engineering, SaaSOps and Corporate Technology, reporting status and metrics to demonstrate improvement.
· Review security information and reports from various security technologies, threat intelligence feeds and provide recommendations for security posture improvement or remediation. This will include several sources of information, including, but not limited to security information and event monitoring (SIEM), next-generation firewalls, advanced endpoint protection technology, vulnerability assessment reports, cyber security reports, audit reports, access privileges, etc.) to identify violations, intrusion attempts, or security weaknesses
· Lead or participate in security investigations and document findings/root causes
· Help assist with the implementation of technological solutions for data protection on cloud-based platforms
· Investigate, create, and recommend innovative technologies or other methods that will enhance the security of cloud based environments
· Recommend security processes and procedures, plans, priorities needed for improvements to PointClickCare’s on-premise and cloud security controls
· Act as a subject matter expert on evaluating and testing security solutions and technologies, aligned with on-premise and Cloud security platforms
· Proactively evolve PointClickCare’s security policies and procedures to stay aligned with the security industry best practices. Develop and improve internal processes, policies, standards, baselines to manage information security across PointClickCare
· Research the latest information technology security trends, best practices, threats, and potential vulnerabilities, participate in developing security standards and best practices appropriate for PointClickCare and recommend security enhancements to Security team leadership
· College diploma or university degree in the field of computer science and relevant work experience as an Information Security Analyst
· Proven experience with security software, such as: Cloud Security Posture Management Tools, SIEM, next-generation firewalls, next generation (endpoint) anti-virus technology, patch management, asset management, identity and access management, intrusion detection, event monitoring, forensic analysis is required
· Extensive working knowledge of information security and vulnerabilities/threats, security best practices, tools, and techniques, including encryption
· Working technical knowledge of IT technical environments with a strong understanding of IP, TCP/IP and other network administration protocols
· Understanding/working knowledge of Windows, Active Directory, Group Policy, DNS, and Apple operating systems
· Working knowledge of traditional and cloud Architecture, experience of AWS, Azure or other public and private cloud technologies a plus.
· Good working knowledge of Microsoft O365, Azure, Windows, Clients, and Networking.
· Good understanding of Azure infrastructure components: server, storage, network, data, and applications;
· Critical thinking skills, detail oriented, well developed troubleshooting, analytical and problem-solving skills
· Ability to interact with developers, engineers, architects and communicate at the highest technical levels of organizational decision-making
· Basic understanding of SDLC and CI/CD pipeline orchestration
· Certification: AWS certified, Azure Security Engineer
· 3+ years of experience in a cybersecurity operations role
· 1+ year of experience with Cloud (AWS, GCP or Azure) security gap analysis
· Experience working with Python and PowerShell
· Experience in managing/administering Linux OS variants, PowerShell, bash/shell scripting, python
· Ability to work independently with minimal supervision
· Strong verbal and written communication skills
· Ability to work effectively and collaboratively with internal staff, external partners and stakeholders.
· Demonstrates solid analysis and problem-solving skills
· Displays high ethics and trust values
· Completion of a Security related certification is required (CompTIA Security+, Security+, CISSP, GIAC, etc.).
· Knowledge of relevant security and privacy legislation as NIST, PHIPA, PIPEDA, HIPPA
· Must demonstrate the ability to interact professionally with a diverse group of stakeholders
· Scripting experience (PowerShell, Python
It is the policy of PointClickCare to ensure equal employment opportunity without discrimination or harassment on the basis of race, religion, national origin, status, age, sex, sexual orientation, gender identity or expression, marital or domestic/civil partnership status, disability, veteran status, genetic information, or any other basis protected by law. PointClickCare welcomes and encourages applications from people with disabilities. Accommodations are available upon request for candidates taking part in all aspects of the selection process. Please contact email@example.com should you require any accommodations.
PointClickCare is committed to Information Security. By applying to this position, if hired, you commit to following our information security policies and procedures and making every effort to secure confidential and/or sensitive information.