Product Security Senior Analyst

Overview

On Site
$42
Contract - W2
Contract - 6 Month(s)
10% Travel

Skills

SOX
ISO 27001
HITRUST
BASEL II
FedRAMP
Rapid7 toolsets
CEH

Job Details

DivIHN (pronounced divine ) is a CMMI ML3-certified Technology and Talent solutions firm. Driven by a unique Purpose, Culture, and Value Delivery Model, we enable meaningful connections between talented professionals and forward-thinking organizations. Since our formation in 2002, organizations across commercial and public sectors have been trusting us to help build their teams with exceptional temporary and permanent talent.

Visit us at to learn more and view our open positions.

Please apply or call one of us to learn more

For further inquiries regarding the following opportunity, please contact one of our Talent Specialists:
Nithiya at
Ragu at

Title: Product Security Senior Analyst
Location: St. Paul, MN
Duration: 6 Months with a strong possibility of extension. The role is expected to be long-term depending on performance.
Start Time (AM/PM) : 8AM
End Time (AM/PM) : 5PM
Flexible working hours (start times between 6:30 AM and 9:30 AM)
No weekend work; 40 hours/week expected
Job Description:
  • This is a non-exempt role.
  • The Cybersecurity Sr. Analyst contributes to the support of cybersecurity operations by designing, developing or recommending secure technical solutions, including policy, standards, applications, systems, architectures, and infrastructure that are operationally viable and efficient.
  • Perform responsibilities to ensure that the appropriate application of security products and technologies are in place to protect the organization s systems and information and enable achievement of the organization s objectives.
  • Contribute to the design of cybersecurity toolsets to enable more automated discovery, remediation, and alerting of network and device vulnerabilities, as a means of improving the security posture.
  • Perform analysis of emerging technologies and design and build architectures and solutions to enable secure implementation of new technologies.
  • Candidates willing to relocate at their own expense are acceptable
Job Summary:
The Product Security Sr. Analyst is a high caliber performer responsible for identifying security risks of developed, marketed, and fielded products, including, but not limited to, patient safety and data protection risks. The Product Security Sr. Analyst will help build and maintain a product security program that offers services such as: product security risk assessment, security testing, security event handling, metrics & monitoring, external communications and staffing, education and training. This is an on-premises position, attendance in person is required.
Role Overview:
  • The position is focused on vulnerability risk management within the cybersecurity space.
  • The candidate will work with Rapid7 tools, primarily InsightVM, and manage the scanning
  • environment. The role is on-premises at the St. Paul campus and requires in-person attendance.
Duties:
  • Contribute to the development of a risk-based cyber security program which meets regulatory requirements and aligns with industry leading information security practices.
  • Perform threat identification and mitigation activities using industry leading security controls and tools sets.
  • Support the advancement of the Company's cyber threat and vulnerability management program to ensure consistent identification, analysis, response, and monitoring of cyber security threats, events, and vulnerabilities.
  • Assess threats to the business and deploy countermeasures for those threats.
  • Guide business units, application development teams, and third-party vendors to achieve program requirements while enabling the business.
  • Apply technical knowledge to protect the Company against cyber threats (e.g., knowledge of firewalls, intrusion detection and prevention systems, data loss prevention solutions, endpoint protections, log aggregation technology and other leading-edge security technologies).
  • Participate in cross-team coordination to achieve defined security goals as well as meet technical requirements in support of detailed implementation plans for security projects.
  • Contribute subject matter expertise on security projects to ensure the timely, on budget, and effective implementation of cyber security improvements that are operationally supported with validation methods in place to measure effectiveness. Perform assessment of cyber security incidents to identify the root cause, respond, and recover the environment.
  • Support management in the development of strategies, policy and standards to protect company information and technology assets.
  • Participate in company-wide product security initiatives as necessary
  • Develop and maintain technical documentation for internal and external use and effectively transfer knowledge to business and IT team members.
  • Develop and effectively execute project plans, work breakdown, structure, and task dependencies, communication plans, etc. as needed.
  • Maintain positive and cooperative communications and collaboration with all levels of employees, customers, contractors, and vendors.
  • Proactive monitoring and handling of product vulnerabilities in accordance with FDA post- market guidance.
  • Perform all procedures necessary to ensure the safety of information systems and to protect systems from intentional or inadvertent access or destruction.
  • Must be able to weigh business needs against security concerns and articulate issues to management.
  • May coach or provide guidance to lower-level security professionals
  • Communicate product security messaging throughout the organization.
  • Perform other related duties and responsibilities, on occasion, as assigned
Equipment:
  • Works with standard office equipment such as telephone, cellular phone, fax/copier, and a
  • personal computer with standard office software.
Working Conditions:
  • Work environment varies from well lighted office/cubicle, low to moderate noise level, to a variety of conditions caused by travel requirements such as customer offices, research labs, hospitals, hotels, use of automobiles, commercial travel, weather, etc.
Physical Demands:
  • Activities require a significant amount of sitting in front of a computer monitor, some standing and walking.
  • Significant use of hands and arms, plus finger dexterity to reach, point, write, type, operate a computer and other office equipment.
  • Performs tasks that regularly require good correctable vision and hand/eye coordination.
  • Activities also require significant use of voice and hearing for discussions with other employees.
Required:
  • 4 to 6 years of experience is required.
  • Possess expertise in valuing and implementing industry standards such as the ISO 27001/2, SOC 2, HITRUST and FedRAMP Information Security standard and the ISO 22301 Business Continuity Standard.
  • Experience with implementation and operational use of GRC toolsets (Governance Risk and Compliance).
  • Possess CISSP certification (or similar) and be knowledge of national and international regulatory compliances and frameworks such as ISO, SOX, BASEL II, EU DPD, HIPAA, and PCI DSS.
Responsibilities:
  • Assess and rebuild the Rapid7 InsightVM environment
  • Perform vulnerability scanning (scheduled and ad hoc)
  • Collaborate with internal teams and manage stakeholder priorities
  • Potential to engage in web application scanning, threat intelligence, and continuousmonitoring
Required Skills:
  • Experience in vulnerability risk management
  • Familiarity with Rapid7 toolsets (InsightVM preferred)
  • Ability to work independently and manage tasks without micromanagement
Preferred Experience:
  • Container scanning experience
  • Cybersecurity certifications (CISSP, Security+, CEH)
  • Bachelor's degree preferred; associate degree required
Qualifications:
  • General Qualifications
  • Bachelor's degree in Computer Science, MIS, Information Assurance, or related field.
  • Equivalent combinations of education and work experience may be considered.
  • 6 years + work experience
  • Experience working with industry standard toolsets such as Rapid7, Tenable, and similar tools.
  • Certifications such as CISA, CISM, CRISC, CISSP, CPP or CFE are preferred
  • History of completing successful cross-functional projects and driving positive compliance outcomes.
  • Knowledge of national and international regulatory compliances and frameworks such as
  • NIST Cybersecurity Framework, ISO 27001, EU DPD, HIPAA/HITECH
  • Demonstrated organizational skills, attention to detail, the ability to handle multiple assignments simultaneously in a timely manner, and be able to meet assigned deadlines and service levels.
  • Must have strong time management skills and an ability to thrive in a high cadence operation
  • Must work well within a tight-knit team environment and be able to work with peers, customers, and partners to support the mission.
  • Excellent communication skills with demonstrated ability to write clear, concise business communication for multiple levels (management, technical, user).
  • Able to understand and leverage the IT and business vision and strategy to support solution definition
  • Able to professionally represent the Security function to key business stakeholders
  • Ability to work in a highly matrixed and geographically diverse business environment.
  • Ability to work within a team and as an individual contributor in a fast-paced, changing environment.
  • Ability to leverage and/or engage others to accomplish projects.
  • Ability to maintain regular and predictable attendance
Interview Process:
  • Two interview rounds: initial with hiring manager, followed by team interview
  • Video interviews preferred to assess candidate engagement
  • Feedback required for rejected candidates with specific comments

About us:
DivIHN, the 'IT Asset Performance Services' organization, provides Professional Consulting, Custom Projects, and Professional Resource Augmentation services to clients in the Mid-West and beyond. The strategic characteristics of the organization are Standardization, Specialization, and Collaboration.

DivIHN is an equal opportunity employer. DivIHN does not and shall not discriminate against any employee or qualified applicant on the basis of race, color, religion (creed), gender, gender expression, age, national origin (ancestry), disability, marital status, sexual orientation, or military status.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.