Senior Security Analyst

About ComPsych

ComPsych® Corporation is the world’s largest provider of mental health services and GuidanceResources® for life. Fueled by a commitment to relentless innovation and a comprehensive approach to care, ComPsych provides services to more than 78,000 organizations and 163 million individuals across 200 countries. Under our GuidanceResources® brand, our personalized and fully integrated programs include behavioral health, absence management, and wellness journeys, which empower employees to lead healthier and more productive lives, while driving organizational excellence. Visit compsych.com to find out why 40% of the Fortune 500 choose ComPsych for their mental health needs.

Job Summary

The Senior Security Analyst will safeguard and maintain our organization's information systems and data from cyber threats. This role involves monitoring, analyzing, and responding to security incidents and, developing and implementing security measures to prevent future breaches and conducting vulnerability penetration testing, initiating mitigation plans for systems within the organization, implementing and reviewing security logs, and documenting baseline standards to ensure maximum security. The ideal candidate will have a solid technical background, extensive experience in cybersecurity, and the ability to think strategically about security risks.

Primary Responsibilities

• Assess, design, document, and work with IT teams to implement security controls for critical applications and systems throughout the ComPsych network to meet security standards and guidelines.
• Monitor and analyze security events and incidents to identify potential threats and vulnerabilities.
• Plan and schedule work with all areas of IT to ensure timely mitigation of vulnerabilities based on security scans, penetration testing, or other means of detection of threats.
• Conduct thorough investigations of security incidents and provide detailed reports on findings.
• Develop and implement security policies, procedures, and best practices to protect sensitive information and ensure compliance with regulatory requirements.
• Maintain and ensure annual updates of all Infrastructure policies and procedures by working with the respective teams.
• Perform risk assessments and vulnerability assessments to identify and mitigate potential security risks.
• Stay up-to-date with the latest cybersecurity trends, threats, and technologies.
• Conduct regular security audits and assessments to ensure the effectiveness of security measures.
• Assist in reviewing phishing and spam queues and tune/adjust email proxy filtering rules as appropriate.
• Review and approve/disapprove Web Proxy Exception requests and apply rules updates as appropriate.
• Define rules and assist with DLP system maintenance.
• Assist 3rd party vendors with annual penetration testing and coordinate efforts to mitigate identified vulnerabilities.
• Provide guidance and mentorship to Junior Security Analysts and other team members.
• Maintain subscriptions to vendors' security/vulnerability alerts and assess/establish and prioritize response plans based on the severity and applicability of the threat.
• Review and vet weekly Security scan results and coordinate with other IT teams to create remediation action plans.
• Other security tasks as needed.

Job Qualifications

• At least 7 years of security work experience.
• Professional certifications such as CISSP, CISM, CEH, or equivalent are highly desirable.
• Current knowledge of VMware, Windows Server, Windows Workstation, Linux, and Active Directory/LDAP technologies.
• Experience with Forcepoint Email Security, Web Security & DLP products, and Next Generation Firewall & Endpoint products.
• Experience with SIEM products such as IBM QRadar, Nessus, Carbon Black, Delinia Secret Server, Microsoft SCCM, OpenSCAP, or similar products.
• Experience with security tools and technologies such as SIEM, IDS/IPS, firewalls, endpoint protection, and web application firewall technologies
• Familiarity with common penetration testing products such as Kali, HP WebInspect, GFiLANguard, Exporter Pro, BackTrack 5, Cain and Abel, Metasploit Framework, Nmap; oclHashcat, Hashcat, John the Ripper, Medusa, THC-Hydra, Netcat, SQLPing3, Rainbow Tables, NBTEnum, Winfo, Incognito, Msvclt, Rainbow Tables or similar a plus
• Knowledge of system and network attack pathologies and exploitation & intrusion techniques, such as denial of service, sync attacks, malicious code injection, password cracking, etc.
• Proficiency in conducting risk assessments, vulnerability assessments, and penetration testing
• Experience configuring, maintaining, and auditing application systems security controls.

• Knowledge of HIPAA regulations as well as a strong understanding of cybersecurity frameworks, standards, and best practices (e.g., NIST, OWASP, etc.).

• Excellent analytical, problem-solving, and communication skills.
• Ability to work independently and as part of a team in a fast-paced environment.
• Strong attention to detail and the ability to think critically and strategically.

Other Requirements:

• Must have high-speed internet and workspace free from distraction, disruption or noise
• Ability to be on camera when attending work related trainings, meetings and/or events
• Must be able to sit or stand at desk for prolonged periods of time while working on a computer

Benefits and Perks

• Full benefits package, including Paid Time Off (PTO), medical, dental, vision, 401(k) with match, robust EAP, wellness program, and much more
• Competitive pay with annual increases

EEO

ComPsych celebrates diversity and is an equal opportunity employer.  All applicants will be considered for employment regardless of race, color, age, genetics, religion, gender, sexual orientation, gender identity, national origin, disability or protected veteran status and any other characteristic protected by federal, state or local laws. ComPsych Corporation maintains a drug free workplace.