Wellmark - Des Moines Information Security Analyst in Des Moines, Iowa
About the Career: In this role, you will provide technical analysis and insight in Threat and Vulnerability Management, across multiple security disciplines such as networks, servers, desktops, applications, and databases. You are responsible for programming, supporting, and maintaining complex security systems, software programs and hardware devices. Under general guidance, you will collaborate with stakeholders across Technology to formulate, define, and implement procedures that are necessary to ensure the safety of information systems assets, protecting them from intentional or inadvertent access or destruction.
Our Ideal Candidate: You feel strong when you can remain calm and communicate essential information in tense situations. You build trusting relationships with your peers and can easily determine the best course to escalate items, quickly and efficiently. The ideal individual will have an aptitude and passion for creative problem solving across a diverse technology stack.
Why Wellmark Technology? At a time when technology is creating new business models, disrupting industries and creating valuable experiences for consumers, our role as technology team members must elevate an organization through innovative transformation, modernized technology and delivery of new business strategies, including an aim to continuously evolve and enhance the customer experience. At Wellmark, our technology transformation program is called ASCEND and is led by our empowered technology leaders and team members. Together, we are leaning into the future, owning the outcome, and working together to transform how we work and what innovative solutions we deliver.
Bachelor's Degree or direct and applicable work experience
Minimum 4 years’ experience working with a wide variety of technologies
Within an IT environment
At least 1 year of experience should be within in a role where IT security was a primary responsibility
Knowledge of identifying and managing risk. Understanding of how business risk affects business strategy
Proven ability to be analytical and think critically to obtain relevant information/identify essential elements, and examine issues or inconsistencies; further, identify causes and key factors; relate and compare data from different sources, and identify alternative solutions
Demonstrated ability to communicate clearly, concisely, and transparently when in a stressful situation. Provide advice and council with stakeholders within the organization.
Adept at viewing situations from the stakeholder’s perspective to better address their needs and expectations.
Demonstrated ability to break down problems and identify all of their facets, including hidden or tricky aspects, to find root-cause of problems. Generate a range of solutions and courses of action with benefits, costs, and risks associated with each. Probe appropriate sources for answers, and think ‘outside the box’ to find options. Test proposed solutions against the reality of likely effects before going forward
Ability to accomplish tasks and processes accurately and completely; detail oriented
Ability to generate innovative solutions in work situations; tries different and novel ways to deal with work problems and opportunities
Knowledge of report writing to meet business reporting needs
Travel required up to 5%
4+ years’ experience with Linux, Windows (server and desktop)
IT Certifications - Certified Information Systems Security Professional (CISSP) - (ISC)², Microsoft Certified Professional (MCP) – Microsoft, Security/Forensic specific certifications (SANS) - Global Information Assurance Certification (GIAC)
a. Analyze and manage multiple security and access control models in a planned, conscious manner following defined security lifecycle. Measure and report on effectiveness of security controls to Corporate Information Security CIS leadership, as well as to team members, IT leadership, and IT staff.
b. Vulnerability Scanning Systems - Perform daily scanning of network, system, application, and database assets across the enterprise. Reports results to InfoSec Engineers. Work with other IT teams as directed by the InfoSec Engineers or at the direction of CIS leadership.
c. Firewall Rule Analysis - Review firewall rules alerts and report identified risk to InfoSec Engineers.
d. Security Configuration Hardening Processes - Work with InfoSec Engineers or at their direction with IT technical teams to ensure defined security configurations are applied across the enterprise. Review and recommend updates to security configurations as appropriate.
e. Work with leadership to interpret information security policies, standards, and other requirements as they relate to a specific internal information system, and make recommendations with the implementation of these and other information security requirements.
f. Under direction of InfoSec Engineers or Leadership serve as a representative of the security control structure ensure key methodologies and concepts are applied and documentation in place to satisfy corporate, department, and internal and external auditor review.Solve complex security issues such as bypassed controls, disrupting security measures and technology changes provides a continual balance of applied security safeguards and business usability.
g. Evaluate information system bug reports, security exploit reports, laws and regulations, and other information security notices issued by information system vendors, government agencies, universities, professional associations, and other organizations, and as needed, makes recommendations to internal management and technical staff to take precautionary steps.
h. Perform daily monitoring and analysis of host and network alerts from the data loss prevention products and investigation outputs. Monitor and respond to data loss events and escalate when necessary. Engage with business contacts and IT to identify sensitive data and monitor for unauthorized disclosures.
i. Maintain capabilities and solutions, or preventative/remediation controls to protect proprietary/confidential data and systems. Collaborate, partner and influence business stakeholders across Wellmark to identify and define their most sensitive data assets.
j. Serve as an active member of the Security Incident Response Team SIRT and participates in security incident response efforts by, among other things, having an indepth knowledge of common security exploits, vulnerabilities and countermeasures. Respond to security incidents, and advises on risk remediation plans, provide security reports to Corporate Information Security management team.Act as a technical consultant on information security incident investigations and forensic technical analysis.
k. Maintain uptodate detailed knowledge of the IT security industry, including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors. Research and recommend new emerging technologies, techniques and tools that will add value to the organization.
l. Perform adhoc penetration tests on Wellmark systems and applications and report found issues to leadership.
m. Other duties as assigned.
Posting Title: Information Security Analyst
Requisition ID: 214430
REQUIRES NON-COMPETE?: No
External Company Name: Wellmark Blue Cross and Blue Shield
External Company URL: www.wellmark.com