Description

The Information Security Analyst serves as a specialist in the development, implementation and administration of internal security functions including maintaining security requirements. This role analyzes security policies, processes and procedures and verifies adherence to those controls.

Responsibilities: 
Application Security Support

• Web Application Security
  • Web Application Vulnerability Management
  • Assist with Bugcrowd investigation
  • Reviewing Threat Models
  • Conduct application static code analysis
  • Conduct application design reviews and provide input for development team
  • Review and approve application and infrastructure change requests
• Review and update security procedures and document workflows as necessary
• Auditing
  • Focus on security reviews, internal audits, and issue triaging
  • Vendor Audits (technical and administrative controls)
  • Conduct elevated account audits - Active Directory
  • Conduct application audits, advise on and track remediation issues.
• Support current and future security operations
  

Required Qualifications

• 2+ years of experience working within information security.
• Experience with information security technologies, such as: IDS/IPS, malware prevention, end-point protection, multi-factor authentication, security information and event management (SIEM), web content filtering, encryption, network access control (NAC), data loss prevention (DLP), firewall administration and vulnerability scanners.
• Knowledge of LANs, WANs, SANs, Microsoft Active Directory, Microsoft Windows server and desktop operating systems, Linux operating systems, Microsoft IIS, Microsoft SQL, and Oracle.
• Expertise in technology platforms, tools and processes used in the healthcare environment required.
• Expertise of enterprise architecture, IT operations and security required.
• Experience in performing log collection, correlation, and reviews of automated alerts for items such as, and not limited to: malware alerts, change detection alerts, and security system health alerts, exploit attempt alerts, etc.
• Ability to work independently, document work performed daily and provide relevant updates to managers.
• Excellent interpersonal, verbal, and written communication ability.
• Excellent problem-solving ability.

Nice to Have

• 2+ years of experience working within information security.
• Experience implementing and maintaining information security technologies, such as: IDS/IPS, malware prevention, end-point protection, multi-factor authentication, security information and event management (SIEM), web content filtering, encryption, network access control (NAC), data loss prevention (DLP), firewall administration and vulnerability scanners.
• Knowledge of LANs, WANs, SANs, Microsoft Active Directory, Microsoft Windows server and desktop operating systems, Linux operating systems, Microsoft IIS, Microsoft SQL, and Oracle.
• Expertise in technology platforms, tools and processes used in the healthcare environment required.
• Expertise of enterprise architecture, IT operations and security required.
• Experience with secure coding practices, ethical hacking and threat modeling
• Experience with project management
• In-depth knowledge of applicable laws and regulations as they relate to IT and healthcare required, including HIPAA, NIST, GLBA, ISO 27001/27002, HITRUST and SOC 2 frameworks.
• Demonstrate the initiative to continuously stay apprised of emerging security threats and the general information security landscape.
• Experience in performing log collection, correlation, and reviews of automated alerts for items such as, and not limited to: malware alerts, change detection alerts, and security system health alerts, exploit attempt alerts, etc.
• In-depth understanding of a variety of network and application attacks.

About Internet Brands:

Headquartered in El Segundo, Calif., Internet Brands® is a fully integrated online media and software services organization focused on four high-value vertical categories: Health, Automotive, Legal, and Home/Travel. The company's award-winning consumer websites lead their categories and serve more than 250 million monthly visitors, while a full range of web presence offerings has established deep, long-term relationships with SMB and enterprise clients. Internet Brands' powerful, proprietary operating platform provides the flexibility and scalability to fuel the company's continued growth. Internet Brands is a portfolio company of KKR and Temasek. For more information, please visit www.internetbrands.com.

Internet Brands and its wholly-owned affiliates are an equal opportunity employer.