Senior Application Security Analyst - Minneapolis, United States - HealthPartners
Description
Job DescriptionHealthPartners is currently hiring for a
Senior Application Security Analyst .
This position provides technical consultation for system and data security and assists in the coordination, development, and implementation of security controls to reduce and manage risk to computer-stored information assets.
The analyst will audit and identify weakness and vulnerabilities to HealthPartners' data and systems, provide analysis concerning resolution to risks and consult with IT groups to ensure compliance of established security processes and controls.
The analyst will also participate in the application development/major enhancement process to ensure that new systems are developed with a correct level of internal and external security; delegate implementation tasks to lower-level analysts; and promote security awareness throughout the company.
Required Qualifications:
Bachelor's degree or equivalent
5+ years' experience in Information Technology
3+ years' experience in Information Security
3+ years of programming experience (Client and Server-side, in one or more of the following: Java, JavaScript, .NET, Python)
Experience with Rapid 7 and Flash Nexpose
Experience with Windows Server and/or Unix Server
Excellent desktop tool proficiency including Microsoft products (e.g., Word, Excel, Access, and PowerPoint)
Knowledge of the security aspects of multiple system platforms, operating systems, software communications, and network protocols.
Experience coordinating projects.
Knowledge of structured methodologies and standards such as ISO 27000, NIST, PMI, ITIL, CMMI, OWASP, and CoBit
Knowledge of federal and state security-related legislation including HIPAA, PCI, JCAHO, NCQA
Preferred Qualifications:
Experience with Git
CISSP or CISA certification is highly preferred.
Experience with ServiceNow.
Experience with automation (e.g., PowerShell, XSOAR).
Fortify and other SAST offerings.
Kubernetes
CI/CD Technologies (Tekton, Argo, Jenkins Pipelines)
RDBMS & NoSQL DBs
RESTful APIs
Hours/Location:
M-F; Days
Position may work remotely but will prefer local/regional candidates for occasional onsite needs.
Accountabilities:
Promotes and implements IT's security program to ensure the confidentiality, integrity and availability of HealthPartners' network and infrastructure.
Performs security forensic services; gathering and consolidating data artifacts.
Partner with development teams to educate and review secure coding practices.
Monitors security event reports and actions; ensuring the appropriate response is performed and coordinated.
Provides IT security control guidance and interpretation to IT Application, IT Technical Infrastructure, and HealthPartners' staff and management.
Provides security consultation on small to midsize projects.
Updates Security Program documentation and recommends changes to the infrastructure to the Security Architect
Promotes and educates staff on security principles and HealthPartners' policy and process.
Assists with the coordination and development of system security enhancements.
Documents vulnerability finding trends and provides recommendations for root cause resolution.
May coordinate changes to the security infrastructure; ensuring change management processes are followed and the appropriate documentation is gathered.
Assesses and documents security deviation requests to ensure the appropriate risk, impact, and approvals are captured.
Assess third party alignment to HealthPartners' Security Standards.
Gathers documentation and provides subject matter expertise for audit, regulatory requirements, and third parties.
Maintains awareness of the latest developments in key areas of responsibility and presents opportunities that might benefit the organization.
About Us
At HealthPartners we believe in the power of good - good deeds and good people working together.
As part of our team, you'll find an inclusive environment that encourages new ways of thinking, celebrates differences, and recognizes hard work.
We're a nonprofit, integrated health care organization, providing health insurance in six states and high-quality care at more than 90 locations, including hospitals and clinics in Minnesota and Wisconsin.
We bring together research and education through HealthPartners Institute, training medical professionals across the region and conducting innovative research that improve lives around the world.
At HealthPartners, everyone is welcome, included and valued.We're working together to increase diversity and inclusion in our workplace, advance health equity in care and coverage, and partner with the community as advocates for change.
Join us and become a partner for good, helping to improve the health and well-being of our patients, members and the communities we serve.
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant because of race, color, sex, age, national origin, religion, sexual orientation, gender identify, status as a veteran and basis of disability or any other federal, state or local protected class.