Information Systems Security Analyst II

POSITION: Information Systems Security Analyst II

DUTIES: Responsible for maintaining the security and integrity of data and systems for a large, complex site or network; leading the coordination effort with system and/or application administrators to remediate security alerts, address identified vulnerabilities and respond to information security related incidents; improving the overall security posture of the organization; evaluating, testing, and documenting security solutions and controls; establishing and recommending policies on application, system and services security; providing technical leadership on information systems security to system, application administrators, and others of equivalent seniority; implementing technical systems and monitoring for unusual and suspicious activity across a wide range of products; identifying security issues, risks, and developing approaches to mitigate vulnerabilities and recommend changes to system and system components as needed; responsible for recurring vulnerability scanning, penetration testing, protected information scanning; ensuring security deficiencies are mitigated, corrected or a risk acceptance has been obtained by senior management; participating in technical and non-technical projects requiring information security oversight and to ensure policies, procedures and standards are met; recommending baseline configuration changes to systems to optimize security including patching levels, hardening operating systems / applications and monitoring; performing on-going assessments on existing systems to identify new vulnerabilities and recommend hardening procedures; contributing in building security architecture; responsible for cross-system review of security logs and audit trails to meet regulatory compliance; standard operating procedures include but are not limited to daily review of access, backup and application logs; and documents and recommends activities needed to keep the system secure including submitting Requests for Change (RFC); participating and reporting on security audits and risk analysis; developing documentation to support ongoing security systems operations, maintenance, and specific problem resolution; developing technical solutions and automate repeatable tasks to help mitigate security vulnerabilities; conducting research on emerging security products and technologies to justify recommendations and to support purchasing efforts, and interacting and negotiating with vendors, outsourcers, and contractors to secure system-related products and services; recommending new security tools, improvements to policies and SOPs; recommending effective improvements to existing security controls that balance security and business innovation; participating in security compliance efforts including PCI DSS, HIPAA; conducting routine audits and reporting any deviations to senior management; recommending corrective actions to system, network and application administrators; maintaining vendor management standards, questionnaires and documentation to adhere to regulatory compliance; working within the computer security incident response team members work together with other team members to prepare for and provide rapid response to security threats such as virus attacks; developing procedural set of responses to security problems, including protocols for communication within the organization as well as any interaction with law enforcement agencies during computer security incidents; and functioning as a technical lead during security incident response.

RATE OF PAY: Between $113,006 and $141,138/year.

REQUIREMENTS: Bachelor's in Computer Information Systems or a related field, or an equivalent combination of education & experience (will accept bachelor's-degree equivalent combination of education & experience based upon equivalency evaluation by qualified credential evaluator). Requires 5 years of progressive experience in information systems administration, managed security engineering, or information security. All qualified candidates must have experience/skills performing & managing operating system administration including Linux, CentOS, SuSE, & Ubuntu; implementing encryption & digital certificates, networking components including IDS/IPS & Firewalls, & log management, syslog analysis, & TCP/IP analysis; carrying out vulnerability assessment for systems & web security including cross-site scripting, SQL injection, cross-site request forgery, HTTP response splintering, the OWASP Top 10 & SANS Top 20 & remediation techniques; performing system monitoring & reporting tools including SIEMs & FIM.

ADDRESS OF EMPLOYMENT: 10 Discovery Dr, Farmington, CT 06032. Telecommuting permitted (within U.S. only).

About JAX:

The Jackson Laboratory is an independent, nonprofit biomedical research institution with a National Cancer Institute-designated Cancer Center and nearly 3,000 employees in locations across the United States (Maine, Connecticut, California),Japan andChina. Its mission is to discover precise genomic solutions for disease and empower the global biomedical community in the shared quest to improve human health.

Founded in 1929, JAX applies over nine decades of expertise in genetics to increase understanding of human disease, advancing treatments and cures for cancer, neurological and immune disorders, diabetes, aging and heart disease. It models and interprets genomic complexity, integrates basic research with clinical application, educates current and future scientists, and provides critical data, tools and services to the global biomedical community. For more information, please visitwww.jax.org.

EEO Statement:

The Jackson Laboratory provides equal employment opportunities to all employees and applicants for employment in all job classifications without regard to race, color, religion, age, mental disability, physical disability, medical condition, gender, sexual orientation, genetic information, ancestry, marital status, national origin, veteran status, and other classifications protected by applicable state and local non-discrimination laws.