Senior Information Security Analyst
Palo Alto, CA
Getinsured's mission is to provide an affordable health insurance solution for every citizen and resident of the USA, regardless of income level or medical history. We have two business lines:
(1) www.Getinsured.com, our consumer business, is a leading online tool where individuals, families and small businesses can compare and shop for health insurance. We serve over 1 million Americans each year, who can compare over 12,000 major commercial medical plans on our site.
(2) Getinsured State Exchange Solution helps states governments and corporate customers establish health insurance shopping platforms. Our software suite provides our clients with comprehensive software and support services, designed to function independently or to be integrated with health care and IT systems. In the case of states, we help power federally mandated health insurance exchanges with our end-to-end capabilities. Having served millions on the individual market, our capabilities are tried and tested. In addition, our Silicon Valley heritage enables us to bring quick and agile deployment to state and corporate initiatives.
Getinsured benefits from the venture-backing of Bessemer Venture Partners and Trinity Ventures and a seasoned management team with a successful track record.
As the Senior Information Security Analyst you will be responsible for identifying, evaluating and remediating risks and security threats at all levels (systems, network, application and IT operations) for our Health Insurance exchange solution and platforms.
You will assist in the creation and documentation of network and security related policies and procedures, and implement our security operations processes and controls for the protection of our customer’s Personal Identity and Health Information.
This role includes the administration of our security policies to control access to systems and sensitive data. You will review all applicable security standards and requirements from regulatory authorities (Center for Medicare/Medicaid Services, IRS) and work with external vendors and partners to conduct security audits, vulnerability scans, and lead the response to security incidents or report requests.
You will use your security background and industry experience to own and drive the resolution of complex security incidents, policy questions and technical security issues.
• Conduct security reviews of infrastructure, applications and policies of Getinsured products services and operations as well as that of third party vendors.
• Analyze current state of information security operations and gaps with regulatory requirements, recommend and implement plan of action with senior management.
• Establish system controls by developing framework for controls and levels of access; recommending improvements.
• Ensure authorized access by implementing access controls to systems and data; granting and revoking access where needed and reporting violations
• Ensure that security configurations of key systems are properly implemented, monitored and reported.
• Leads security investigations in response to reported security incidents. Provide on call support and operations support for networking and security issues and escalations.
• Maintain an active familiarity with existing and emerging threats and vulnerabilities, and recommend changes to policies, tools and procedures accordingly
• Collaborate with team leads, clients, engineers, and developers to appropriately translate functional needs into technical security requirements
• Evangelize security within the company and provide security consultancy, advice and guidance to diverse areas of the company; Develop security awareness by providing orientation, educational programs, and on-going communication.
• Conduct analysis of network security incidents. Coordinate and perform internal security audits of current infrastructure and applications
• Minimum 5+ years of technical experience in the fields of networking and information security.
• 4 years of relevant work experience analyzing the security of systems and operations (penetration testing, Web Application security testing, vulnerability scanning, threat modeling, etc.).
• General security background in the use of cryptography, network/systems/physical security authentication, authorization and usability.
• Knowledge of network-based and system-level attacks and mitigation methods.
• Highly organized approach to projects, experience with documenting procedures and controls
• Familiarity with PCI, HIPAA, NIST publications, and other IT security standards, security audits, and documentation
• Excellent project management, interpersonal, and communication skills.
Please send your resume to firstname.lastname@example.org