Information Security Analyst II

Note: APA operates on a 37.5-hour work week with one hour lunch breaks each day. APA sets salaries based on several considerations, including years of relevant experience, level of education, and previous staff and/or governance experience at APA.

DESCRIPTION:

The Security Analyst II with guidance from IT Security Manager will conduct IT security analysis and assessments in accordance with established procedures and protocols. Ensures the demonstrable Confidentiality, Integrity, and Availability (CIA) of APA's information assets for authorized internal and external users by reviewing, validating, classifying, and responding to security events and cyber-attacks. The Information Technology Security Analyst II will assist with meeting the requirements of Security Oversight, IT Risk Assessment, Security Engineering, and Security Operations and focus in-depth on the domain requirements of Security Operations and IT Risk Assessment. This position will provide education to others on IT security risk remediation/mitigation and industry best business practices.

The incumbent must also possess excellent communication skills and the ability to develop and maintain effective interpersonal relationships with managers, and internal and external staff.

EDUCATION AND EXPERIENCE REQUIRED:

Bachelor's degree in computer technology, management information systems, business is required or a related field or equivalent experience.

• 5+ years of professional experience in information technology, with at least 3+ years of experience directly in a Cybersecurity role.
• Strong understanding of enterprise information security concepts, threats, risks, and technologies.
• Experience in the application of task, project, and program management best practices.
• Experience with IT governance, risk, and compliance management.
• Strong verbal and written communications skills; must be able to effectively communicate technical details and thoughts in non-technical terminology to various levels of management.
• Knowledge of Linux and Windows systems management.
• Ability to think and act strategically and proactively.
• Demonstrated experience with AWS, Systems Administration and Vulnerability Management. Industry certifications are a plus. CISSP, CISM, CISA, CEH, OSCP, GCIH or other industry-recognized security certification(s).

COMPUTER SKILLS:

Strong experience in Internet and network security products and platforms including intrusion detection/prevention, incident response and investigation, vulnerability assessments, data loss prevention, and penetration testing.

RESPONSIBILITIES:

Perform vulnerability assessment and penetration testing including application security testing of cloud infrastructure to validate findings, assess risk, provide recommendations, and work with application/system owners in remediation efforts.

• Design, configure, implement, review, tune, and process rules and alerts from various security tools.
• Perform risk assessments and execute tests of the data processing system to ensure the functioning of data processing activities and security measures.
• Review, recommend, implement and enforce overall system and network security.
• Assist with information security reporting and regular communications.
• Manage, troubleshoot, and maintain Endpoint Detection and Response for a wide variety of vendor technologies.
• Monitor patching across servers and desktops as needed.
• Administer centralized server and desktop virus protection application administration and provide support in the use of corporate firewalls.
• Assist and coordinate the development and delivery of IT security standards, best practices, architecture, and systems to ensure information system security and PCI and HIPAA compliance across the enterprise.
• Perform Level 2 & 3 triage and handling of security events (escalated from Level 1 Security Analysts or other); includes but is not limited to identification, containment, remediation, and reporting activities.
• Create new and enhance existing procedures to improve operational efficiencies and reporting accuracy.
• Research threats and attack vectors that impact applications and infrastructure and stay up-to-date with current application security threats.
• Other duties as assigned.

About APA:

The American Psychological Association (APA) represents 122,000 psychologists, students, and affiliates, primarily in the U.S. and Canada but also in other countries around the world. APA is a scientific and professional organization with about 500 employees and is categorized as a 501(c)(3) along with its 501(c)(6) companion organization, APA Services, Inc.

Job Location: Remote: APA jobs may be considered for remote work eligibility as defined in APA's Flexible Work Policy and are subject to approval. Remote work employees may not work from the following states or U.S. territories: Alaska, California, Colorado, Guam, Hawaii, Iowa, Louisiana, Montana, Nebraska, New York, North Dakota, Ohio, Puerto Rico, Rhode Island, U.S. Virgin Islands, Washington, Wyoming.

Application Instructions:

Qualified candidates must apply online through APA's applicant system and attach a resume and cover letter specifying your salary expectations. Applications that are submitted without both documents are considered incomplete and will not be reviewed for consideration. Once your application is submitted, you will receive a confirmation email. Please make sure to check your Spam folder if you do not receive an email from us.

The American Psychological Association is an Equal Employment Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, national origin, disability, protected Veteran status, sexual orientation, gender identity, or any other protected categories covered under local law.

#LIREmote

#LIREmote

#LIREe#LIREmote

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)