The Technical Security Analyst is responsible for providing technical leadership in the development and implementation of information security standards, policies, procedures and supporting technologies required to protect information assets, which are processed by or stored in Excellus information systems. This position will assist the security manager with the design and implementation of Excellus-wide security infrastructures and propose new security solutions. Individual will be involved in the design of enterprise security solutions to meet client business requirements in application and infrastructure areas; for example SSL, PKI, VPN security, security administration, intrusion detection and directory services. This position performs as the technical lead for Excellus distributed system security, including the development of distributed platform security administration, identifying distributed system security weaknesses, monitoring and auditing of the distributed systems security; identifies and develops all potential security automation projects; and advises and consults with Security manager and various levels of management regarding protection of computer resources and information assets.
• Provides technical leadership and support to Security administrators on distributed systems security.
• Implements a security automation strategy for administrative requests and security violations.
• Implements a security strategy for automated intrusion detection and notification of appropriate personnel.
• Investigates and resolves unusual security incidents as required.
• Act as an Excellus security consultant for all platforms, databases and Lotus Notes.
• Integrates security tools and appropriate controls into new and existing systems such as distributed platforms, firewalls, VPNs, etc.
• Interacts heavily with the Networking, Technical Services and Web Development groups.
• Provides rotation of 24/7 on call coverage.
• Consistently demonstrates high standards of integrity by supporting the Lifetime Healthcare Companies’ mission and values and adhering to the Corporate Code of Conduct.
• Maintains high regard for member privacy in accordance with the corporate privacy policies and procedures.
• Regular and reliable attendance is required
All responsibilities of Level I, as well as the following:
• Trains and provides technical support to Security Administrators and lower level Technical Security Analysts on distributed systems security.
• Develops and implements a security automation strategy for administrative requests and security violations.
• Develops and implements a security strategy for automated intrusion detection and notification of appropriate personnel.
• Investigates new security technologies and implement as appropriate.
• Implements encryption, public/private key technologies.
• Minimum of 1 year hands on experience with mainframe and/or client server platforms required; OS/390, Windows and UNIX preferred.
• Bachelor’s degree in Computer Science, Information Systems, or related field preferred.
• Basic knowledge of public key infrastructure, certificates cryptography, firewalls, LDAP, virus detection, internet/intranet technologies, web application security, and network security.
• Experience with security controls for operating systems, applications, and database management systems such as OS/390, Windows, Lotus Notes, DB2 or Oracle.
• Experience in evaluating security software packages.
• Experience with security automation, including associated reporting and notification.
All qualifications of Level I, as well as the following:
• Minimum of 3 years hands on experience with public key infrastructure, certificates cryptography, firewalls, LDAP, virus detection, internet/intranet technologies, web application security, and network security.
• CISSP, CISA or other relevant security certification required.
• Some travel required
In support of the Americans with Disabilities Act, this job description lists only those responsibilities and qualifications deemed essential to the position.
Equal Opportunity Employer