Security Analyst I

Position Title: Security Analyst I

Salary Range: $92,000.00K to $102,000.00K

Department: Information Technology

Reports to: Director of Cybersecurity

Location: Remote

Schedule: M-F, 35 hours

Formerly the Mental Health Association of New York City (MHA-NYC), Vibrant Emotional Health’s groundbreaking solutions have delivered high quality services and support, when, where and how people need it for over 50 years. Through our state-of-the-art technology-enabled services, community wellness programs, and advocacy and education work, we are building a society in which emotional wellness can be a reality for everyone.

Position Summary

Vibrant is looking for a Security Analyst I to join our Cybersecurity team as it grows. You will report directly to the Director of Cybersecurity. This role will be involved in day-to-day operations of the in-place security solutions. You will be responsible for playing a key role in protecting the confidentiality, integrity, and availability of all company data and systems. This may include the identification, investigation, and resolution of security incidents detected by those systems. Projects may include implementation of new security solutions, participation in the creation and/or maintenance of policies, standards, baselines, guidelines, and procedures as well as conducting vulnerability audits and assessments. The IT Security Analyst is expected to be fully aware of the enterprise’s security goals as established by its stated policies, procedures, and guidelines and to actively work towards upholding those goals.

Duties/Responsibilities

Strategy & Planning

• Participate in the planning and design of enterprise security architecture.
• Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures).
• Participate in the planning and design of an enterprise business continuity plan and disaster recovery plan.

Acquisition & Deployment

• Maintain up-to-date detailed knowledge of the Cybersecurity industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors.
• Assist with recommending additional security solutions or enhancements to existing security solutions to improve overall enterprise security.
• Perform the deployment, integration, and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise’s security documents specifically.

Operational Management

• Maintain up-to-date baselines using industry standard frameworks such as CIS and CSA for the secure configuration and operations of all in-place devices, whether they be under direct control (i.e. security tools) or not (e.g. workstations, servers, network devices).
• Maintain operational configurations of all in-place security solutions as per the established baselines and industry best practices.
• Monitor all in-place security solutions for efficient and appropriate operations.
• Review logs and reports of all in-place devices, whether they be under direct control (i.e. security tools) or not (e.g. workstations, servers, network devices). Interpret the implications of that activity and devise plans for appropriate resolution.
• Respond to tickets for addressing security concerns, vulnerabilities, and end-user reported issues.
• Participate in investigations into problematic activity.
• Participate in the design and execution of vulnerability assessments, penetration tests, and security audits.
• Provide on-call support for end users for all in-place security solutions.
• Partner with AppDev to identify and remediate vulnerabilities in Applications

Required Skills/Abilities

Knowledge & Experience

• General knowledge of security frameworks and controls such as: NIST (CSF, SP 800-53, SP 800-171), CIS, CSA, ISO27000.
• Some experience with security systems and tools that may include: Firewalls, WAF, SIEM, SOAR, MDR, IAM, PAM/PIM, Network Packet sniffers, Nmap, IDS/IPS, SAST/DAST Burp Suite.
• Some experience with Encryption, Antivirus/Malware, Penetration Testing, Source Code Scanning.
• Working technical knowledge of Cloud and SaaS security solutions and tools.
• Basic understanding of IP, TCP/IP, and other network administration protocols.
• Basic understanding of security controls and system configurations for technologies such as: AWS, Azure, GCP, Microsoft AD, Linux.

Personal Attributes

• Proven analytical and problem-solving abilities.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• Good written, oral, and interpersonal communication skills.
• Ability to conduct research into IT security issues and products as required.
• Ability to present ideas in business-friendly and user-friendly language.
• Highly self-motivated and directed.
• Keen attention to detail.
• Team-oriented and skilled in working within a collaborative environment.

Required Qualifications

Experience:

• Minimum 2 years of experience in network, server and data storage security technologies required
• Minimum 1 years of experience with Linux operating systems required
• Minimum 1 years of prior experience with Cloud-based security technologies required
• Preferred experience implementing and assessing Industry Security Standards including: HIPAA HITECH, HITRUST, FISMA, IS027K, PCI, NIST, etc.
• Some experience with Penetration Testing and Malware Reverse Engineering as a nice to have

Formal Education & Certification - College diploma or university degree in Cybersecurity or other computer technology degree and/or two years equivalent work experience. - One or more of the following certifications: - CompTIA Security+ - GIAC Information Security Fundamentals - AWS Certified Security - Specialty - Microsoft Certified Systems Administrator: Security - Associate of (ISC)2 or CISSP - ISACA CISA or CISM

Physical Requirements

• NA

Excellent comprehensive benefits, including medical, dental, vision, supplemental income insurance, pre-tax transit/parking, pre-tax FSA for medical and dependent care, and 401K available. 4 weeks’ vacation, plum benefits, etc.

Studies have shown that women and people of color are less likely to apply for jobs unless they believe they are able to perform every task in the job description. We are most interested in finding the best candidate for the job, and that candidate may be one who comes from a less traditional background. Vibrant will consider any equivalent combination of knowledge, skills, education and experience to meet minimum qualifications. If you are interested in applying, we encourage you to think broadly about your background and skill set for the role.

Vibrant Emotional Health is an equal opportunity employer. Applicants are considered for positions without regard to veteran status, uniformed service member status, race, creed, color, religion, gender, gender identity, sex, sexual orientation, citizenship status, national origin, marital status, age, physical or mental disability, genetic information, caregiver status or any other category protected by applicable federal, state or local laws.