Client is willing to consider both local and non-local candidates. Local is preferred as the selected candidate will work closely with a number of internal teams. Local candidates will be required to work a hybrid schedule with onsite 3 days per week. Please confirm the resource understands the work schedule.
A Security Analyst plays a crucial role in the Indiana Department of Health’s (IDOH) information security strategy by protecting the IDOH’s data, systems, and networks from various cyber threats and vulnerabilities.
The Security Analyst is responsible for monitoring and analyzing an IDOH’s security infrastructure, identifying vulnerabilities, and implementing measures to safeguard the IDOH’s data and assets. They work to ensure the confidentiality, integrity, and availability of information systems and data while staying updated on emerging cyber threats and industry best practices. They participate in day-to-day security operations as needed.
Security Monitoring and Incident Response:
Continuously monitor security alerts and incidents to identify potential threats.
Investigate security incidents and breaches, determine their impact, and initiate appropriate responses.
Perform regular vulnerability assessments and penetration testing to identify weaknesses in the IDOH’s systems and applications.
Collaborate with other teams to prioritize and remediate identified vulnerabilities.
Security Policy and Compliance:
Assist in developing and enforcing security policies, standards, and procedures.
Ensure compliance with industry regulations and standards (e.g., GDPR, HIPAA, PCI DSS).
Security Tools and Technologies:
Manage and maintain security tools such as firewalls, intrusion detection/prevention systems, antivirus software, and SIEM (Security Information and Event Management) solutions.
Evaluate and recommend new security technologies and solutions.
Security Awareness and Training:
Conduct security awareness training for employees to promote a culture of security within the organization.
Provide guidance and recommendations for secure practices.
Incident Documentation and Reporting:
Document security incidents, investigations, and remediation efforts.
Prepare reports and communicate findings to management and relevant stakeholders.
Threat Intelligence and Research:
Stay current with the latest cyber threats and vulnerabilities.
Analyze threat intelligence data to proactively identify potential risks.
Security Audits and Assessments:
Participate in security audits and assessments, both internal and external.
Collaborate with auditors to provide evidence of security controls and practices.
Security Policies and Procedures:
Contribute to the development and maintenance of security policies, procedures, and guidelines.
Experience working as a Security Analyst with increasing responsibilities Required 10 Years
Strong knowledge of information security principles, practices, and technologies. Required 10 Years
Experience with security tools and technologies, including firewalls, antivirus, SIEM, and intrusion detection/prevention systems. Required 10 Years
Relevant certifications such as CISSP, CISM, CompTIA Security+, or Certified Ethical Hacker (CEH). Required 10 Years
Bachelor's degree in computer science, information technology, or a related field (master’s degree is often preferred). Required
Familiarity with compliance requirements and regulations relevant to the organization. Required
Excellent problem-solving and analytical skills. Required
Strong communication and interpersonal skills. Required