Engineer III - Security Analyst (Hybrid Work Schedule)

Date: Mar 17, 2023

Location: Rancho Cucamonga, CA, US

Company: Inland Empire Health Plans

Job Requisition ID: 9056 


Position Summary/Position


Under the direction of the Manager, Information Security Operations, the Engineer III – Security Analyst will use subject matter expertise to give guidance, best practices, and support to business and technology stakeholders during the deployment of critical business and technology initiatives. The role will have a deep understanding of global threat actors and their tactics, techniques, and procedures employed during cyberattacks.
The Security Analyst will be subject matter expert in cybersecurity and maintain documentation related to policies, standards, and procedures; mentor team members; and provide consultative services to teams and stakeholders to improve the security posture of their environments and perform general cybersecurity engineering functions.

This position will support various Information Technology Security functional areas related to one or more of the following: Application Security, Security Operations and Vulnerability.

Major Functions (Duties and Responsibilities)


1. Monitor firewalls, network and host intrusion prevention/detection systems, virtual private networks, threat intelligence platforms, endpoint protection, security training platforms, email security, forensic tools, public/private/hybrid cloud infrastructure, identity and access management systems, and physical security systems. 
2. Monitor security operations center tools and dashboards.
3. Perform threat hunting activities using security operations center tools across the environment using internal or   external threat intelligence sources.
4. Architect cybersecurity solutions for on premises and cloud computing environments.
5. Participate in and/or leads cybersecurity engineering projects.
6. Assist with risk analysis activities.
7. Assist with designing and implementing controls to mitigate risk.
8. Identify attack surface reduction opportunities through vulnerability data analysis and/or identify opportunities for process improvements and automation.

Security Operations
1. Monitor security systems and provide early response to potential threats.
2. Manage security incident response; serve as escalation point for conducting investigations into security incidents involving advanced and sophisticated threat actors and TTPs.
3. Design, test, and implement response playbooks, orchestration workflows and automations.
4. Research, recommend and test new security technologies and platforms
5. Analyze technologies and establishes highly effective processes and protocols to ensure comprehensive protection exists to prevent unauthorized entry into company networks and systems.
6. Support automation and orchestration to maximize team talent and reduce routine tasks.
7. Drive creation of countermeasures to protect company personnel and information assets.
8. Document, prioritize, and formally report incidents, root cause analyses, and after-action reviews.
9. Coordinate between internal and external resources protecting enterprise systems.
10. Periodically attend and participate in change management policy discussions and meetings.
11. Understand breach and attack simulation solutions to validate and improve the effectiveness of preventative controls and incident response.
12. Motivate employees to maximize rigorous system security controls, focusing on reducing complexity and maturing security practices.
13. Work as a team to consistently learn and share advanced skills and foster team excellence.

Major Functions (Duties and Responsibilities) Cont


1. Work analytically to solve both tactical and strategic problems within the vulnerability management program.
2. Plan, develop, configure, and execute vulnerability scans on a wide variety of corporate and business information systems both on prem and cloud based.
3. Establish rapport with other IS teams to mature the vulnerability management program.
4. Respond to tickets and incidents in a proactive manner.
5. Collect and aggregates information from a wide variety of sources and formats for relevance to our environment; monitors and provides metrics on threat level of vulnerabilities. 
6. Contribute and participates in team activities and planning regarding improving team skills, awareness, communication, reputation, and quality of work.
7. Collaborate and communicates with Compliance, Internal Audit, the Business teams, and others to identify, analyze, and communicate risk; and provides support around vulnerability management within their business requirements.
8. Identify, develop, and implement mechanisms to detect vulnerabilities and how they may lead to corporate incidents to enhance compliance with and support of security standards and procedures.
9. Respond to tickets and incidents in a proactive manner.
10. Coordinate with the Incident Response team to remediate security incidents as needed.
11. Understand compliance requirements that may impact security and effectively collaborates with business areas and project teams to develop security solutions that address these requirements.
12. Work with information systems owners and administrators to understand their security needs and assists with implementing practices and procedures consistent with security policies.
13. Build and maintains supplier partnerships to further the company mission and goals.
14. Maintain current knowledge of industry trends and standards.
15. Create and maintains environmental documentation, tasks, change records, etc.
16. In a lead capacity, advocate internally and externally for compliance on security measures to protect corporate applications and environments.

Applications Security
1. Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).
2. Perform application security testing on various types of applications such as Web, API's, Thick Client's, Mobile, etc., inclusive of the supporting infrastructure components.
3. Leverage application artifacts such as business requirements, user stories, design documents, architecture documents to understand the testing scope and create targeted security user stories or misuse cases.
4. Manage and execute security assessments for multiple projects simultaneously and ensure project timelines are met.
5. Analyze source code to mitigate identified weaknesses and vulnerabilities within the system.
6. Ensure containerization security best practices are maintained and vulnerabilities are addressed.

Supervisory Responsibilities

Leading: Guides Others

Experience Qualifications


Eight (8) or more years IT experience with at least five (5) years in a cybersecurity role with a focus on protect, detect, and respond in addition to the following: 
- Mitre ATT&CK and Cyber Kill Chain frameworks
- Establishing or participating in Blue Team exercises
- In-depth knowledge of computer operating systems such as Windows, MacOS and Linux.
- System development lifecycle.
- Deploying, managing, and using Security Operations tools such as SIEM, EPM, DLP, Vulnerability Management, Firewalls, WAFs, Antivirus Solutions, Email Protection Solutions, Incident Response and Threat hunting and management.
- Scripting experience such as PowerShell, JavaScript, or Python.
- Experience working with Identity and Access Control Management Tools.

Education Qualifications


Bachelor’s degree with a major in computer related field or similar technical field from an accredited institution required.

In lieu of the required degree, a minimum of four (4) years of cybersecurity work experience is required. This experience is in addition to the minimum years listed in the Experience Requirements above.

Professional Certification


Any relevant security certifications preferred.

Drivers License Required

Yes, must have a valid California Driver's License.

Knowledge Requirement


Knowledge of the following: 
- ATT&ACK and Cyber Kill Chain frameworks
- Blue Teaming
- Endpoint protection technologies
- Cloud technologies
- OSI Model layers, IP Routing, TCP/IP Operation
- Scripting experience such as PowerShell, JavaScript, or Python
- Computer forensics knowledge and experience
- Security standards such as HIPAA, NIST 800-53, NIST CSF, Zero Trust Architecture, and others
- Vulnerability scanning technologies
- Security monitoring and incident response
- Risk analysis and risk mitigation strategies
- Networking technologies and networking protocols with an emphasis on TCP/IP
- Defense in Depth strategies
- Security Operations Tools such as SIEM, EPM, DLP, Vulnerability scanners, Firewalls, WAFs, Antivirus Solutions, Email Protection Solutions, Incident Response and Threat Management
- Advanced Persistent Threats (APT) and associated tactics
- Identifying indicators of compromise and indicators of attack
- Vulnerability management
- Cloud security and/or technologies
- Computer operating systems such as Windows, MacOS and Linux

Skills Requirement


Strong planning, organization, critical thinking, decision-making and communication (verbal and written) skills.

Abilities Requirement


The ability to work as a member of a team, willing to be flexible and adaptable to change in a dynamic work environment, and the ability to learn and apply new concepts.

Commitment to Team Culture


The IEHP Team environment requires a Team Member to participate in the IEHP Team Culture. A Team Member demonstrates support of the Culture by developing professional and effective working relationships that include elements of respect and cooperation with Team Members, Members and associates outside of our organization.

Working Conditions


Projects involving lift server appliance weights up to 50 lbs. and heavy eye strain with computer monitors.

Position is eligible for Hybrid work location upon completing the necessary steps and receiving HR approval. All IEHP positions approved for telecommute or hybrid work locations may periodically be required to report to IEHP’s main campus for mandatory in-person meetings or for other business needs as determined by IEHP leadership.

Work Model Location


Physical Requirements

Keyboarding: Traditional - FREQUENTLY
Keyboarding: 10-Key - FREQUENTLY
Keyboarding: Touch-Screen - FREQUENTLY
Near Visual Acuity - FREQUENTLY
Communicate: Information/ideas verbally - FREQUENTLY
Regular contacts: co-workers, supervisor - FREQUENTLY
Understand and follow direction - FREQUENTLY
Regular and reliable attendance - CONSTANTLY
Hearing: One-on-One - FREQUENTLY

A reasonable salary expectation is between $126,256.00 and $160,992.00, based upon experience and internal equity.

Inland Empire Health Plan (IEHP) is the largest not-for-profit Medi-Cal and Medicare health plan in the Inland Empire. We are also one of the largest employers in the region, designated as “Great Place to Work.” With a provider network of more than 5,000 and a team of more than 3,000 employees, IEHP provides quality, accessible healthcare services to more than 1.5 million members. And our Mission, Vision, and Values help guide us in the development of innovative programs and the creation of an award-winning workplace. As the healthcare landscape is transformed, we’re ready to make a difference today and in the years to come. Join our Team and make a difference with us! IEHP offers a competitive salary and stellar benefit package with a value estimated at 35% of the annual salary, including medical, dental, vision, team bonus, and state pension plan.

Nearest Major Market: Riverside
Nearest Secondary Market: Los Angeles