Senior Security Analyst
Dallas, TX

Job Description

Job Description

The Senior Security Analyst is a member of the InfoSec team and works closely with other members of Security, Infrastructure and Application Development to develop and implement a comprehensive Information Security Program. This includes defining architecture, security policies, processes and standards. He/she will work with the IT department to select and deploy technical controls to meet specifics security requirements, and defines processes and standards to ensure that security configuration are maintained. The position will report to the Director of Information Security.

Job Tasks:

* Support the implementation of an Information Security Program including recommending necessary solutions, controls, policies and procedures to safeguard AMN Healthcare.
* Direct, hands-on experience managing security infrastructure such as firewalls, WAFs, endpoint protection, SIEM and log management technology.
* Verifiable experience reviewing application code for security vulnerabilities
* Direct, hands-on experience using vulnerability management tools
* Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services.
* Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services.
* Validate IT infrastructure and other reference architectures for security best practices, and recommend changes to enhance security and reduce risk where applicable
* Validate security configurations and access to security infrastructure tools, including firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), anti-malware/endpoint protection systems, etc.
* Work with infrastructure and development leaders to formalize process around security operations, incident response and vulnerability management.
* Provides second and third level support and analysis during and after a security incident.
* Proven track record designing, documenting and successfully deploying multi-layer security architectures on private and public cloud (Azure and/or AWS specific experience required)
* Conduct reviews of and oversee the change management function for security rulesets for the organization's firewalls
* Validate that security and other critical patches to firmware and operating systems are configured and deployed in a timely fashion
* Support the testing and validation of internal security controls as directed
* Review security technologies, tools and services, and make recommendations to the broader security team for their use based on security, financial and operational metrics
* Conduct incident response exercises with colleagues throughout the organization and incorporate lessons-learned into existing security architectures and practices
* Conduct forensic analysis of security-related incidents in a manner consistent with guidance from the organization's counsel, human resources or law enforcement, as the case may be
* Lead and/or coordinate penetration testing and other "red" team exercises as directed
* Plays an advisory role in application development or acquisition projects to assess security requirements and controls and to ensure that security controls are implemented as planned.
* Lead and/or participate in information security projects, such as security awareness, privileged information management, identity management, SOC services, and Pen Testing
* Supports GRC efforts to assess the providers' SSAE 16 SOC 1 and SOC 2 audit reports (or alternative sources) for security-related deficiencies and required "user controls
* Works with management to develop the annual operating and capital budget

Full-stack knowledge of IT infrastructure:

* Applications
* Databases
* Operating systems (Windows, Unix and Linux)
* Hypervisors
* IP networks (WAN, LAN)
* Storage networks (Fiber Channel, iSCSI and network-attached storage)
* Backup networks and media

Education, Certifications & Experience

Minimum Education/Certifications:

* Bachelor's Degree in technical specialty: cyber security, computer science or similar field

Minimum Experience/Certifications:

* 7-10 years of Cyber Security experience
* 3+ years in security analysis in cloud services (Amazon Web Services, Azure)
* 7 + years of experience in the technology industry
* Certified: CISSP, CISM or CISA

Preferred Experience

* Cyber security policies, operations and reporting requirements
* Network and Web Attacks
* In depth knowledge of Crowdstrike, Qyalys, Cisco, Axiom, Arcsight and other security tools

Regulations, Standards and Frameworks

* International Organization for Standardization (ISO) 27001/2
* National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)
* Health Insurance Portability and Accountability Act (HIPAA)/Health Information Technology for Economic and Clinical Health (HITECH)
* Sarbanes-Oxley Act
* General Data Protection Regulation (GDPR)

Respect ● Passion ● Continuous Improvement ● Trust ● Customer Focus ● Innovation

AMN Healthcare is an EEO/AA/Disability/Protected Veteran Employer

We encourage minority and female applicants to apply

AMN Healthcare is committed to fostering and maintaining a diverse team that reflects the communities we serve. Our commitment to the inclusion of many different backgrounds, experiences and perspectives enables our innovation and leadership in the healthcare services industry.

We value professionalism in everything we do - this includes the professional presence we project as we interact with internal and external customers.