Skip to main content

Senior Analyst IS Consulting Application Security

Location Renton, Washington Job Number 998408 Date posted 10/05/2021
Submit Interest

Navigating the Hiring Process

We're here to support you!

Having trouble with your account or have questions on the hiring process?

Please visit the FAQ page on our website for assistance.

Need help with your computer and browser settings?

Please visit the Technical Information page for assistance or reach out to the web manager at kp-hires@kp.org.

Do you need a reasonable accommodation due to a disability?

A reasonable accommodation is any modification or adjustment that enables you to fully participate in completing the following:

  • Online Submissions
  • Pre-Hire Assessments
  • Interview Process

Please submit your accommodation request and an HR Representative will contact you.

Description:

Responsible for the overall strategic direction and day-to-day execution of cybersecurity vulnerability remediation and governance activities and the exemption management function. Tactically identify and guide actions that reduce the threat footprint by driving timely remediation of vulnerabilities and through build-out and maintenance of risk-based exemption management workflows. Coordinate and drive cross-functional operational improvement to existing process, drive strategic direction for development of new process, foster strong relationships and trust among operational and support teams, align operations of vulnerability and exemption management programs to defined policy and standards, and support and/or drive successful completion of major initiatives and investment projects related to vulnerability and exemption management.





Essential Responsibilities:



  • Completes work assignments and supports business-specific projects by applying expertise in subject area; supporting the development of work plans to meet business priorities and deadlines; ensuring team follows all procedures and policies; coordinating and assigning resources to accomplish priorities and deadlines; collaborating cross-functionally to make effective business decisions; solving complex problems; escalating high priority issues or risks, as appropriate; and recognizing and capitalizing on improvement opportunities.

  • Practices self-development and promotes learning in others by proactively providing information, resources, advice, and expertise with coworkers and customers; building relationships with cross-functional stakeholders; influencing others through technical explanations and examples; adapting to competing demands and new responsibilities; listening and responding to, seeking, and addressing performance feedback; providing feedback to others and managers; creating and executing plans to capitalize on strengths and develop weaknesses; supporting team collaboration; and adapting to and learning from change, difficulties, and feedback.

  • Effectively communicates investigative findings to non-technical audiences.

  • Collaborates with technology risk teams and business stakeholders to respond to and remediate identified issues, and determine the best approach for improving security posture.

  • Provides recommendations to management and business stakeholders on how to remediate issues identified through security testing processes.

  • Identifies the impact of security test plans on upstream and downstream solution components.

  • Supports information sharing and integration procedures across cyber security through the exchange of threat intelligence and cyber security vulnerability assessment data.

  • Contributes to cyber security intellectual capital by making process or procedure improvements, conducting 'brown bag' training sessions, and creating new training documents.

  • Follows established processes to ensure KPI goals are obtained and performance metrics are tracked on an ongoing basis.

  • Recommends business line or business technology team security process improvements which align with sustainable best practices, and the strategic and tactical goals of the business.

  • Supports continuous process improvement by participating in the development, implementation, and maintenance of standardized security tools, templates, and processes across multiple business domains.

  • Performs complex security test data analysis in support of security vulnerability assessment processes, including root cause analysis.

  • Serves as an escalation point on issues, dependencies, and risks related to security testing.

  • Executes the vulnerability assessment and penetration testing plan, methodologies, and standard processes for moderately to highly complex technology initiatives across multiple IT domains by analyzing business and technology requirements.

  • Researches and stays abreast of industry trends, emerging threats, best practices, and cutting edge techniques to creatively discover and exploit vulnerabilities, and recommend security solutions for technology systems.

  • Provides insight and consultation on the development of testing scope and approach, and collaborates with cross-functional IT and business stakeholders to review the overall testing approach.

  • Validates security test scenarios across various SDLC phases (e.g., development, reproduction, production) for low- to moderately-complex projects.

  • Generates scheduled reports (e.g., status updates, risk assessment reports, remediation reports) and provides regular security metrics to IT teams and management as appropriate.




Minimum Qualifications:



  • Minimum three (3) years software or application development experience.

  • Minimum one (1) year experience in application security (e.g., source code analysis, dynamic analysis, etc.).

  • Bachelor's degree in Business Administration, Computer Science, Social Science, Mathematics, or related field and Minimum six (6) years experience in IT or a related field, including Minimum two (2) years in information security, network engineering, or application development. Additional equivalent work experience may be substituted for the degree requirement.



 


Preferred Qualifications:



  • Two (2) years experience in the development and integration of third-party source code or libraries.

  • Two (2) years experience in data modeling and analytics.

  • Two (2) years experience in the design, engineering, implementation, and operations of cloud security technologies.

  • Two (2) years experience in database technologies.

  • Two (2) years experience using SQL or similar query language.

  • Two (2) years experience applying Agile development practices.

  • One (1) year of work experience in a role requiring interaction with senior leadership (e.g., Director level and above)

  • Two (2) years experience performing vulnerability assessments of IT technologies.

  • Two (2) years work experience requiring the development of technical documents or presentations.

  • Two (2) years experience working on projects or programs requiring the integration of cross-functional technology and/or business solutions.

  • Two (2) years experience in IT incident management, including the development and/or deployment of remediation plans.

  • Two (2) years experience in cyber security data analytics.

  • One (1) year experience in cyber security threat response and investigation.

  • One (1) year experience in cyber forensic analysis and investigation, including evidence collection and preservation.

  • One (1) year experience in risk management, governance, or compliance.

  • Two (2) years experience in network administration.

  • Two (2) years experience in Windows/Intel administration or Microsoft Certified Systems Administrator (MCSA).

  • Two (2) years experience in UNIX/Linux administration.

  • Two (2) years experience in security penetration testing or related security research.

  • Security certification (Security+, CISSP, CISA).



Primary Location: Washington,Renton,Renton Administration - Rainier Scheduled Weekly Hours: 40 Shift: Day Workdays: Mon, Tue, Wed, Thu, Fri Working Hours Start: 09:00 AM Working Hours End: 05:00 PM Job Schedule: Full-time Job Type: Standard Employee Status: Regular Employee Group/Union Affiliation: NUE-WA-04|NUE|Non Union Employee Job Level: Individual Contributor Specialty: IS Consulting Department: Renton Admin Rainier - IT TRO Security Compliance Travel: Yes, 5 % of the Time Kaiser Permanente is an equal opportunity employer committed to a diverse and inclusive workforce. Applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), age, sexual orientation, national origin, marital status, parental status, ancestry, disability, gender identity, veteran status, genetic information, other distinguishing characteristics of diversity and inclusion, or any other protected status.

External hires must pass a background check/drug screen. Qualified applicants with arrest and/or conviction records will be considered for employment in a manner consistent with federal and state laws, as well as applicable local ordinances, including but not limited to the San Francisco and Los Angeles Fair Chance Ordinances.