Engineer III - Security Analyst (Applications) (Hybrid Work Schedule)

Date: Nov 27, 2022

Location: Rancho Cucamonga, CA, US

Company: Inland Empire Health Plans

Job Requisition ID: 7770 


Position Summary/Position


Under the direction of the Manager, Information Security Operations, the Engineer III - Security Analyst (Vulnerability) will use subject matter expertise to give guidance, best practices, and support to business and technology stakeholders during the deployment of critical business and technology initiatives. The role will have a deep understanding of global threat actors and their tactics, techniques, and procedures employed during cyber attacks
The Engineer III - Security Analyst (Vulnerability) will be subject matter expect in Cybersecurity - Vulnerability that will perform configuration, troubleshooting, monitoring, and auditing of information system activities utilizing multiple security related tools to ensure security best practices are enforced; create and maintain documentation related to policies, standards, and procedures; mentor team members; and provide consultative services to teams and stakeholders to improve the vulnerability scanning of their environments.

Major Functions (Duties and Responsibilities)


1. Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).
2. Perform application security testing on various types of applications such as Web, API's, Thick Client's, Mobile, etc., inclusive of the supporting infrastructure components.
3. Leverage application artifacts such as business requirements, user stories, design documents, architecture documents to understand the testing scope and create targeted security user stories or misuse cases.
4. Manage and execute security assessments for multiple projects simultaneously and ensure project timelines are met.
5. Identify opportunities for process improvements and automation.
6. Analyze source code to mitigate identified weaknesses and vulnerabilities within the system.
7. Manage firewalls, network and host intrusion prevention/detection systems, virtual private networks, threat intelligence platforms, endpoint protection, security training platforms, email security, forensic tools, public/private/hybrid cloud infrastructure, identity and access management systems, and physical security systems. 
8. Collect and aggregate information from a wide variety of sources and formats for relevance to our environment; monitors and provides metrics on threat level of vulnerabilities.
9. Contribute and participate in team activities and planning with regards to improving team skills, awareness, communication, reputation, and quality of work.
10. Monitor security operations center tools and dashboards.
11. Perform threat hunting activities using security operations center tools.
12. Lead risk analysis activities.
13. Lead the designing and implementing controls to mitigate risk.
14. Collaborate and communicate with Compliance, Internal Audit, the Business teams, and others to identify, analyze, and communicate risk; and provides support around vulnerability management within their business requirements.
15. Identify, develop, and implement mechanisms to detect vulnerabilities and how they may lead to corporate incidents in order to enhance compliance with and support of security standards and procedures.
16. Respond to tickets and incidents in a proactive manner.
17. Coordinate with the Incident Response team to remediate security incidents as needed.
18. Utilize knowledge of compliance requirements that may impact security and effectively collaborates with business areas and project teams to develop security solutions that address these requirements.
19. Assume a leadership role in advocating internally and externally for compliance to security measures to protect corporate applications and environments.
20. Work with information systems owners and administrators to understand their security needs and assists with implementing practices and procedures consistent with security policies.
21. Build and maintains supplier partnerships to further the company mission and goals.
22. Maintain current knowledge of industry trends and standards.
23. Create and maintain environmental documentation, tasks, change records, etc.

Supervisory Responsibilities

Leading: Guides Others

Experience Qualifications


Eight plus (8+) years of experience as Cybersecurity Analyst with focus on Application Security. Experience in security monitoring and incident response. Experience in risk analysis and risk mitigation strategies. Experience with Security Operations Tools such as SIEM, EPM, DLP, Vulnerability Management, Firewalls, WAFs, Antivirus Solutions, Email Protection Solutions, Incident Response and Threat Management. Experience working with Identity and Access Control Management Tools. Scripting experience such as PowerShell, JavaScript, or Python. Computer forensics knowledge and experience.

Education Qualifications


Bachelor’s degree in Information Systems Security or a computer related field or similar technical field from an accredited institution required.

Professional Certification


Security related certifications such as Microsoft MTA, ISACA CSX, CompTIA Security+, GIAC GISF or ISC 2 SSCP or higher-level certifications preferred.

Drivers License Required

Yes, must have a valid California Driver's License.

Knowledge Requirement


- Understanding of security standards such as NIST 800-53, GDPR, and others.
- Full understanding of networking technologies and networking protocols with an emphasis on TCP/IP.
- Understanding of Defense in Depth strategies.
- Understanding of database administration and application development life cycle regarding cybersecurity.
- Understanding of Computer operating systems such as Windows, MacOS and Linux.

Skills Requirement


Strong planning, organization, critical thinking, decision-making and communication (verbal and written) skills.

Commitment to Team Culture


The IEHP Team environment requires a Team Member to participate in the IEHP Team Culture. A Team Member demonstrates support of the Culture by developing professional and effective working relationships that include elements of respect and cooperation with Team Members, Members and associates outside of our organization.

Working Conditions


Projects involving lift server appliance weighs up to 50 lbs. and heavy eye strain with computer monitors.

Work Model Location


Physical Requirements

Keyboarding: Traditional - FREQUENTLY
Keyboarding: 10-Key - FREQUENTLY
Keyboarding: Touch-Screen - FREQUENTLY
Near Visual Acuity - FREQUENTLY
Communicate: Information/ideas verbally - FREQUENTLY
Regular contacts: co-workers, supervisor - FREQUENTLY
Understand and follow direction - FREQUENTLY
Regular and reliable attendance - CONSTANTLY
Hearing: One-on-One - FREQUENTLY

A reasonable salary expectation is between $126,256.00  - $160,992.00, based upon experience and internal equity


Inland Empire Health Plan (IEHP) is the largest not-for-profit Medi-Cal and Medicare health plan in the Inland Empire. We are also one of the largest employers in the region. With a provider network of more than 7,000 and a team of more than 2,500 employees, IEHP provides quality, accessible healthcare services to more than 1.5 million members. And our Mission, Vision, and Values help guide us in the development of innovative programs and the creation of an award winning workplace. As the healthcare landscape is transformed, we’re ready to make a difference today and in the years to come. Join our Team and make a difference with us! IEHP offers a competitive salary and a benefit package with a value estimated at 35% of the annual salary, including medical, dental, vision, team bonus, and state pension plan.


Nearest Major Market: Riverside
Nearest Secondary Market: Los Angeles