Information Security Analyst

Note: APA operates on a 37.5-hour work week with one hour lunch breaks each day. APA sets salaries based on several considerations, including years of relevant experience, level of education, and previous staff and/or governance experience at APA.

The Security Analyst, under the IT Security Manager's guidance, conducts IT security analysis and assessments per procedures. They ensure the Confidentiality, Integrity, and Availability (CIA) of APA's information assets by reviewing, validating, classifying, and responding to security events and cyber-attacks. The analyst supports Security Oversight, IT Risk Assessment, Security Engineering, and Security Operations, with a focus on Security Operations and IT Risk Assessment. They also educate others on IT security risk mitigation and best practices. Excellent communication skills and effective interpersonal relationships are required.

Education and Experience Required

• Bachelor's degree in computer technology, management information systems, business is required or a related field or equivalent experience.
• 5+ years of professional experience in information technology, with at least 3+ years of experience directly in a Cybersecurity role.
• Experience with Microsoft Entra ID and Microsoft 365, including managing user Privileged Identity Management lifecycle and conducting access reviews using Microsoft Conditional Access.
• Experience with Microsoft Intune in deploying devices with Autopilot, managing applications on devices, and implementing security policies to ensure they are up-to-date and secure.
• Experience with cloud security, particularly Entra and AWS.
• Experience in the application of task, project, and program management best practices.
• Experience with IT governance, risk, and compliance management.
• Supporting application security assessments and penetration tests to identify vulnerabilities and security issues.
• Work closely with application developers to ensure secure coding practices are implemented throughout the application development lifecycle.
• Support integration of security tools and practices into the continuous integration/continuous delivery (CI/CD) pipeline.
• Strong verbal and written communications skills; must be able to effectively communicate technical details and thoughts in non-technical terminology to various levels of management.
• Ability to work independently, think strategically, act proactively, and be a team player.
• Experience with security incident response, risk assessment, and mitigation strategies. Familiarity with industry standards and compliance requirements (e.g., ISO 27001, GDPR, PCI, NIST).
• Industry certifications are a plus. CISSP, CISM, CISA, CEH, OSCP, GCIH, MD-102 or other industry-recognized security certification(s).

Computer Skills Required

Strong experience in Internet and network security products and platforms including intrusion detection/prevention, incident response and investigation, vulnerability assessments, data loss prevention, and penetration testing.

Responsibilities

• Perform vulnerability assessment and penetration testing including application security testing of cloud infrastructure to validate findings, assess risk, provide recommendations, and work with application/system owners in remediation efforts.
• Design, configure, implement, review, tune, and process rules and alerts from various security tools.
• Perform risk assessments and execute tests of the data processing system to ensure the functioning of data processing activities and security measures.
• Review, recommend, implement and enforce overall system and network security.
• Assist with information security reporting and regular communications.
• Manage, troubleshoot, and maintain spam filters, endpoint detection and response, and provide support for the use of corporate firewalls.
• Monitor and deploy automated patching across servers and desktops as needed.
• Assist and coordinate the development and delivery of IT security standards, best practices, architecture, and systems to ensure information system security and PCI, GDPR and HIPAA compliance across the enterprise.
• Perform Level 2 & 3 triage and handling of security events (escalated from other teams); includes but is not limited to identification, containment, remediation, and reporting activities.
• Create new and enhance existing procedures to improve operational efficiencies and reporting accuracy.
• Research threats and attack vectors that impact applications and infrastructure and stay up-to-date with current application security threats.
• Other Duties as Assigned

About APA:

The American Psychological Association (APA) represents 122,000 psychologists, students, and affiliates, primarily in the U.S. and Canada but also in other countries around the world. APA is a scientific and professional organization with about 500 employees and is categorized as a 501(c)(3) along with its 501(c)(6) companion organization, APA Services, Inc.

Job Location: Remote: APA jobs may be considered for remote work eligibility as defined in APA's Flexible Work Policy and are subject to approval. Remote work employees may not work from the following states or U.S. territories: Alaska, California, Colorado, Guam, Hawaii, Iowa, Louisiana, Montana, Nebraska, New York, North Dakota, Ohio, Puerto Rico, Rhode Island, U.S. Virgin Islands, Washington, Wyoming.

Application Instructions:

Qualified candidates must apply online through APA's applicant system and attach a resume and cover letter specifying your salary expectations. Applications that are submitted without both documents are considered incomplete and will not be reviewed for consideration. Once your application is submitted, you will receive a confirmation email. Please make sure to check your Spam folder if you do not receive an email from us.

The American Psychological Association is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, national origin, disability, protected Veteran status, sexual orientation, gender identity, or any other protected categories covered under local law. #LIRemote