Information Security Analyst
Remote (United States)
Bamboo Health
Delivering actionable insights on patients' physical, behavioral and social health. Empowering healthcare professionals to provide better experiences and care.- Participate in security operations tasks such as event monitoring and incident response and vulnerability testing and management.
- Assist with processing access control requests.
- Secure applications hosted in cloud environments.
- Assist in policy and documentation upkeep and development, ensuring clarity and applicability.
- Work with external auditors and customers as necessary, providing them with required information and assistance.
- Work closely with various teams, including IT, Legal, HR, and Operations, ensuring seamless security integration and compliance.
- Assist with the team's efforts with our internal security awareness program and security best practices.
- Analyze opportunities for improvement in the organization's compliance program.
- Participate in the on-call rotation to address and escalate security incidents as they arise.
- Learn security operations tools, systems, and security policies and procedures.
- Work on internal documentation, security operations, and compliance tracking tasks.
- Develop a basic understanding of the regulatory frameworks that Bamboo Health adheres to.
- Establish relationships with the team and key internal departments.
- Understand and be able to describe the function of Bamboo Health's products and services.
- Participate in Security Operations on-call rotation and be comfortable with incident response activities and procedures.
- Participate in risk and compliance assessment exercises with internal teams.
- Be able to describe the organization layout and identify key team partners.
- Become familiar with the required communication channels and participate in providing required metrics and feedback to stakeholders.
- Work with security team members to learn web application vulnerability concepts and begin vulnerability testing.
- Assist with processing access control requests.
- Perform system and web application vulnerability scanning and reporting findings to internal teams.
- Understand key cloud security and compliance toolsets.
- Augment the team's efforts in completing security assessments executed by independent third-party assessment organizations and/or customers.
- Assist with the team's efforts with our internal security awareness program.
- Identify areas where automation of evidence collection could improve existing compliance procedures and document process improvement ideas.
- Work independently when given clear objectives.
- Bachelor’s degree in computer science, Information Security, IT, or related discipline, or four years equivalent professional experience in IT, Information Security, or a closely related field in lieu of a degree
- An additional 2 years of hands-on work experience in the field of information security, risk and compliance, or IT
- Intermediate knowledge of Linux, macOS, and Windows
- Basic knowledge of cloud services such as AWS, Azure, or GCP
- Domain familiarity in two of the following fields:
- Knowledge of Security control frameworks or benchmarks (Examples: ISO, NIST, HIPAA, CIS, HITRUST, FedRAMP)
- Vulnerability testing and management or risk analysis
- Evidence gathering for security auditing purposes
- Identity and access management (IAM)
- Security incident response
- Endpoint security and best practices
- Securing cloud-centric environments
- Excellent written and verbal communication skills, with ability to build and communicate business rationale
- Ability to learn quickly and work independently
- Ability to build effective, sustainable working relationships internally, with customers, and external stakeholders
- A work environment that is conducive to high quality virtual interactions. This includes being able to work from a quiet space with minimal interruptions or distractions and a strong internet connection
- A high level of judgment, analytical ability and creativity in investigating problems that require original and innovative solutions
- Experience working a fast-paced, high-growth, rapidly changing work environments
- Join one of the most innovative healthcare technology companies in the country.
- Have the autonomy to build something with an enthusiastically supportive team.
- Learn from working at the highest levels and on the most strategic priorities of the company, including from world class investors and advisors.
- Receive competitive compensation, including equity, with health, dental, vision and other benefits.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics Audits Automation AWS Azure Banking Cloud Compliance Computer Science Endpoint security FedRAMP GCP HIPAA HITRUST IAM Incident response Linux MacOS Monitoring NIST Risk analysis Security assessment Windows
Perks/benefits: Career development Competitive pay Equity / stock options Health care Startup environment Team events
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.