The Security Analyst III role is to lead and support the secure operations of the BCBSNE network and data components. This includes securing and optimizing all network and data while ensuring minimal system downtime. The candidate will also diagnose, resolve, and document security incidents and audits in a timely and accurate fashion, and provide end user training and support where required.
More specifically, the candidate will possess advanced knowledge of designing, deploying, and maintaining enterprise security solutions to solidify the corporate security posture.
A strong leadership foundation and technical background is required for this position.
What you'll do:
1. Responsible for representing the customer and balancing the stakeholder's expectations and interests across the enterprise related to CyberSecurity
2. Is always accessible and participates proactively and constantly in team activities including release planning, sprint planning, daily stand-up meetings, reviews/demos, retrospective and other scrum-related meetings
3. Ability to work as the Product Owner or Technical Lead in an Agile Leadership Triangle for the CyberSecurity team to convey the vision and maximize the business value delivered by the team
4. Acceptance Criteria and "done" for the team. Accepts or rejects work. Creates, grooms and prioritizes the backlog. Participates in the, Architectural, Infrastructure or Product Owner Community of Practice
5. Designs and implements new security-focused tools, services and training (From #12) across our corporate environment
6. Ensures application level security across all components of new software releases via testing & review
7. Works to meet service level agreements with IS and business partners for security and provisioning standards
8. Works with end users and department heads to identify and document required service levels for information availability, integrity and confidentiality from a security perspective
9. Conducts research on Enterprise security trends
10. Performs on-site analysis, diagnosis, and resolution of complex security problems for a variety of end users, and recommends and implements corrective hardware, software, or processes solutions (Combined #10 & 11)
11. Develops and maintains IS security policies and procedures
12. Has a working knowledge of Microsoft Active Directory and associated security controls, including but not limited to LDAP and ADFS. Has an in-depth understanding of information security risks and controls, including OWASP, NIST, and Model Audit Rule
13. Receives and responds to incoming calls, pages, and/or e-mails regarding security incidents. Recommends, schedules, and performs application, network, mobile, and database security improvements, upgrades, and repairs
14. Writes technical specifications for procurement and implementation security appliances and software products
To be considered for this position, you must have:
Bachelors Degree and 5 years of IT/IS Experience including at least 4 years in Information Security or Identity & Access Management plus 2 years of project management or project completion experience.
An equivalent combination of education and experience may be substituted to meet this requirement.
The ability to meet or exceed the attendance and timeliness requirements of their departments.
The ability to work well in a team environment, and be capable of building and maintaining positive relationships with other staff, departments, and customers.
The strongest candidates for this position will also possess:
Office 365, Azure, Cloud experience preferred
CISSP, CISM, CISA, GSEC Preferred