VetJobs - The Leading Military Job Board

HealthPartners is currently hiring for a Senior Application Security Analyst. This position provides technical consultation for system and data security and assists in the coordination, development, and implementation of security controls to reduce and manage risk to computer-stored information assets. The analyst will audit and identify weakness and vulnerabilities to HealthPartners' data and systems, provide analysis concerning resolution to risks and consult with IT groups to ensure compliance of established security processes and controls. The analyst will also participate in the application development/major enhancement process to ensure that new systems are developed with a correct level of internal and external security; delegate implementation tasks to lower-level analysts; and promote security awareness throughout the company. Required Qualifications: Bachelor's degree or equivalent 5+ years' experience in Information Technology 3+ years' experience in Information Security 3+ years of programming experience (Client and Server-side, in one or more of the following: Java, JavaScript, .NET, Python) Experience with Rapid 7 and Flash Nexpose Experience with Windows Server and/or Unix Server Excellent desktop tool proficiency including Microsoft products (e.g., Word, Excel, Access, and PowerPoint) Knowledge of the security aspects of multiple system platforms, operating systems, software communications, and network protocols. Experience coordinating projects. Knowledge of structured methodologies and standards such as ISO 27000, NIST, PMI, ITIL, CMMI, OWASP, and CoBit Knowledge of federal and state security-related legislation including HIPAA, PCI, JCAHO, NCQA Preferred Qualifications: Experience with Git CISSP or CISA certification is highly preferred. Experience with ServiceNow. Experience with automation (e.g., PowerShell, XSOAR). Fortify and other SAST offerings. Kubernetes CI/CD Technologies (Tekton, Argo, Jenkins Pipelines) RDBMS & NoSQL DBs RESTful APIs Hours/Location: M-F; Days Position may work remotely but will prefer local/regional candidates for occasional onsite needs. Accountabilities: Promotes and implements IT's security program to ensure the confidentiality, integrity and availability of HealthPartners' network and infrastructure. Performs security forensic services; gathering and consolidating data artifacts. Partner with development teams to educate and review secure coding practices. Monitors security event reports and actions; ensuring the appropriate response is performed and coordinated. Provides IT security control guidance and interpretation to IT Application, IT Technical Infrastructure, and HealthPartners' staff and management. Provides security consultation on small to midsize projects. Updates Security Program documentation and recommends changes to the infrastructure to the Security Architect Promotes and educates staff on security principles and HealthPartners' policy and process. Assists with the coordination and development of system security enhancements. Documents vulnerability finding trends and provides recommendations for root cause resolution. May coordinate changes to the security infrastructure; ensuring change management processes are followed and the appropriate documentation is gathered. Assesses and documents security deviation requests to ensure the appropriate risk, impact, and approvals are captured. Assess third party alignment to HealthPartners' Security Standards. Gathers documentation and provides subject matter expertise for audit, regulatory requirements, and third parties. Maintains awareness of the latest developments in key areas of responsibility and presents opportunities that might benefit the organization. We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any o her federal, state or local protected class.