Security Analyst
Anywhere (USA)
Arcadia
Arcadia unlocks access to global utility data. Our technology powers the next generation of climate solutions, giving anyone the tools to electrify and decarbonize.Why This Role Is Important To Arcadia
The Arcadia.io Security Analyst for will work as a member for the Information Security team focused on ensuring the security of Arcadia’s cloud-based Population Health Analytics portfolio through technical security control implementation. This role will be based in Burlington, MA (remote is also available) and will partner with teams throughout the company to ensure that technical security requirements are consistently implemented.
What Success Looks LikeIn 3 monthsPerforming the following with the supervision of the Security Manager:- All tasks related to vulnerability and configuration management (review scans, as well as assess and document results)- Conducting vulnerability risk assessments for risk adjustment requests- Completing timebound security tasks (aligned with HITRUST) and produces reports
In 6 months- Participating in Security Incident Investigations- Owning tasks associated with the Security Analyst Role
In 12 months- Completing customer and vendor security assessments- Reviewing security documentation on an annual basis for currency
What You'll Be Doing
- Supporting the Operations, Engineering, Production Support, and Technical Implementation teams by providing the necessary security expertise required to ensure that applications and infrastructure are implemented in accordance with company objectives for risk acceptance
- Ensuring that the organizations infrastructure and applications meet Arcadia’s technical security objectives (as outlined in Policies and Procedures) and are designed, implemented and executed effectively, efficiently and economically
- Performing, reviewing, evaluating, assessing, documenting and communicating the results of regular vulnerability and configuration scans
- Interface with external partners including Managed Detection and Response vendor as first contact for identified alerts and issues
- Reviewing (at pre-defined intervals) access rights, ports/protocols/services, audit monitoring, interconnections, firewall and router configurations, asset inventory, position risk designations, and blacklisting/whitelisting
- Recommending, documenting and monitoring the implementation of any prescribed corrective actions resulting from assigned security assessments and reviews
- Designing and implementing annual testing and training on Security Incident Response and Business Continuity/Disaster Recovery
- Providing technical and forensic support during investigations into any suspected security incidents in accordance with company security incident handling, reporting and management procedures
- Completing security assessments and annual audits for customers/prospective customers as well as providing artifacts (snapshots, etc.) to support such requests
- Completing security assessments and annual audits for 3rd party vendors/partners including gathering artifacts (snapshots, etc.) and performing risk analyses and making go-forward recommendations
- Supporting annual compliance audits (HITRUST, ISO and SOC 2)
- Producing as required, any security metrics reports for the Information Security Officer (ISO), VP Information Security & Compliance and any other stakeholders or security steering committees prescribed
- Responding to requests for consultation or other inquiries from staff and provide security advice as required
- Supporting any requests for information by any external authoritative agencies as required (E.g., assessors, auditors, investigators, etc.)
- Providing any requested input for the ongoing maturation and development of the information security, risk, compliance and governance strategies necessary to support the business planning process
- Maintain currency and expertise with emerging trends in security, risk, compliance and governance standards and technologies (both internal and external)
- Work with our offensive security team to document and report vulnerabilities discovered from our internal penetration testing program to product stakeholders.
- Track and drive remediation efforts for discovered vulnerabilities in web applications and network ensuring they are patched according to the timeframes specified.
- Work with engineering teams to configure and perform automated scans that integrate security into our development process. Review, evaluate, document, and communicate the results to stakeholders.
- Work with security and engineering to ensure relevant tasks in the SDLC Security Plan are completed and required artifacts are completed and maintained.
What You’ll Bring
- College Degree (from an IT Security /computer related field) or equivalent experience with at least 3 years of professional experience including security in the cloud
- Good working knowledge of security, governance, risk, compliance and privacy concepts and practices
- Demonstrated experience in network security monitoring/analysis, event escalation, cyber threat analysis, and vulnerability analysis
- Specific experience in monitoring, evaluating, and interpreting vulnerabilities, CVEs, remedies, mitigation measures, techniques for escalation, social engineering tactics, phishing techniques, and performing vulnerability assessments
- Familiarity with:
- Windows, MacOS, and Linux
- Basic knowledge of networking fundamentals (OSI model, etc.)
- Fundamentals of information security including concepts related to confidentiality, integrity and availability as well as technical competency with computer BIOS, disk encryption, antivirus, vulnerability scanning, configuration scanning, and open source firewalls
- Ability to write formal assessment reports and to present to varying stakeholders.
Would Love for You to Have
- Professional Certification(s) in information security, governance, risk and/or compliance (e.g., CISSP, CEH, GSEC, CISM, CISA, CCSP, CompTIA Security+, etc.)
- AWS Cloud Practitioner Certification
- Working knowledge of firewalls and common AWS management, monitoring and configuration services
- Professional Certification(s) in information security, governance, risk and/or compliance (e.g., CISSP, CEH, GSEC, CISM, CISA, CCSP, CompTIA Security+, OSCP, etc.)
- Experience performing application security assessments or penetration tests.
What You'll Get
- You will work with a team of experts in building and maintaining a highly validated security and privacy program for the leader in Population Health and Healthcare data analytics including experience with certifications such as HITRUST, ISO 27001, and SOC 2.
- Be a part of a team and organization the had built security and privacy into the fabric and culture of the organization.
- You will learn how to secure highly-regulated sensitive data in a cloud environment and how to build and maintain a fully validated and industry leading security program.
- Your responsibilities will grow with you as a critical member of our team.
- Competitive compensation/benefits package.
- Become an expert in all elements of securing clinical and claims healthcare data in the cloud
This position is responsible for following all Security policies and procedures in order to protect all PHI under Arcadia's custodianship as well as Arcadia Intellectual Properties. For any security-specific roles, the responsibilities would be further defined by the hiring manager.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics Application security Audits AWS CCSP CEH CISA CISM CISSP Cloud Compliance CompTIA Encryption Firewalls Governance GSEC HITRUST Incident response ISO 27001 Linux MacOS Monitoring Network security Offensive security Open Source OSCP Pentesting Privacy Risk assessment SDLC Security assessment SOC SOC 2 Vulnerabilities Windows
Perks/benefits: Career development Competitive pay Health care
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Security Operations Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open IT Security Analyst jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open DevSecOps-related jobs