Aledade is currently seeking a passionate and enthusiastic individual to join the growing information security team. This is the first role of its kind here at Aledade and an opportunity to get in on the ground floor as we take our security program to the next level. The Senior Information Security Analyst is responsible for implementing and operating the information security tools and processes which reduce Aledade’s top information security risks. This role plays a key part in supporting a culture of “secure by design” products and services for our users and customers. Responsibilities include securing both application and infrastructure development lifecycles and programs. Other duties include developing and maintaining security standards and policies for programs and systems. This role is part of an organization dedicated to protecting the confidentiality, integrity, and availability of Aledade’s sensitive data. In-scope environments include our cloud service network and internal business networks. The position reports to the Director of Information Security and can be based anywhere in the US.
- Conduct audits and assessments to identify risks to Aledade's data and provide recommendations for remediation and improvement
- Implement programs, processes, and tools to address risks while fully supporting all aspects of Aledade's core business initiatives
- Develop and lead incident response and escalation activities, including coordinating with the SOC and other incident responders
- Lead the implementation and use of a newly procured GRC tool supporting efforts for the overall security program inclusive of reporting accuracy and maintenance
- Coordinate regular penetration tests of applications and infrastructure
- Consult with development and systems teams on security design, implementation, and process improvements that will strengthen security by design principles within the organization
- Create, maintain, and document security baselines and standards
- Contribute to review and revision of policies and procedural documentation
- Mentor junior staff on technical and organizational security issues
- Work closely with the Corporate Systems team and assist in identifying areas and methods of improvement to further secure the entire organization
- Work closely with DevOps team advocating for secure engineering and architecture best practices within an AWS environment
- Develop automation which reduces cost and improve the effectiveness of security monitoring and detection systems
- Develop, document, and teach engineering processes and procedures to peers and teammates
- Develop training and awareness content for the organization's awareness program as well as role based training and lead brown bag sessions on relevant security topics
- Develop, distribute, and track metrics for security awareness articles, notifications, and training to staff
- Identify and recommend measures for defining Key Performance Indicators (KPIs) and Metrics for the security program and report progress to management
- Lead Vulnerability Management efforts in congruence with the DevOps and Corporate Systems teams as well as the SOC
- Provide recommendations and ideas to management regarding security initiatives and business processes
What We Value:
- Experience analyzing and optimizing business processes and tools to maximize business efficiency and minimize security risk
- Experience benchmarking existing practices against security frameworks and regulations (i.e. NIST, ISO 27000, HIPAA Security Rule)
- Experience working with data which is regulated (PHI, PII, or card data)
- Working knowledge of securing systems development life cycle (SDLC) including tools such as Veracode, Burpsuite, AppScan, or Fortify
- Experience working with and securing cloud technology stacks, ideally AWS
- Maintains a positive attitude and approaches interactions with a customer service mindset during all internal and external interactions and initiatives
- Ability to communicate technical concepts to non-technical audiences
- Enthusiastic and driven to learn and further career in Information Security, including taking a direct interest in helping to develop, shape, and grow the security program across multiple lines of business
- Comfortable executing in a fast-paced and dynamic environment
- Excellent written and oral communication skills are a must
- Have the ability to juggle multiple projects and competing priorities in an autonomous and accountable manner
- 4+ years of security experience with a preferred focus on Secure Architecture, Governance Risk and Compliance (GRC), and/or Security policy and program development
- Demonstrable experience and knowledge investigating and reporting on alerts and incidents with a foundation and understanding of SIEM preferred
- Background in software development, systems, and/or network administration desirable
- Strong foundational UNIX/Linux, Mac Windows experience and understanding of secure endpoint protection and risk preferred
- Knowledge and experience working with data analytics teams and a proficient understanding of data protection
- Working knowledge and experience in utilizing tools such as Tenable, Nessus, Qualys, Aqua or other vulnerability/container security tools
- Bachelor's Degree in Computer Science, Information Assurance, or equivalent work experience and/or CISSP, CISM, CDPSE, or other relevant certifications
If you are passionate about transforming the healthcare system into one that best serves the needs of patients, doctors, and society, we’d love for you to join us!
Who We Are:
Aledade is a leader in population health that is using innovative, value based solutions to transform the way physicians interact with their patients. We are on a mission to change healthcare for the better and solve complex problems within the healthcare system.
We follow the simple but radical idea that Aledade only succeeds when our partner practices succeed. From our cutting-edge technology platform to practice transformation services, we provide physicians with everything they need to create and run an accountable care organization (ACO
), revamping the way they practice and getting them back to where they should be: quarterbacking their patients’ health care!
Our customized solutions help clinicians in communities across America preserve their autonomy, deliver better care to their patients, reduce overall costs, and keep independent physician practices flourishing.
What Does This Mean for You?
At Aledade, you will be part of a creative culture that is driven by a passion for tackling complex issues with respect, open-mindedness, and a desire to learn. You will work with team members that bring a wide range of experiences, interests, backgrounds, beliefs, and achievements to their work, united by a shared passion for public health and a commitment to the Aledade mission.
We’ve recently been recognized as a Top Workplace by The Washington Post, Best Workplace in HealthCare & Biopharma, Top 100 Best Small & Medium Workplaces, Glassdoor Best Places to Work, a Best and Brightest Companies to Work for in the Nation, a Tech Tribune 10 Best Tech Startups in Maryland and Bethesda, Best Tech for Good, Best Workplaces for Millennials, Best Workplaces for Women, Best Workplaces for Parents, and a 2020 Inno on Fire by DC Inno.
That’s because the things that matter to you also matter to us!
In addition to time off to support work-life balance and enjoyment, we offer the following comprehensive benefits package designed for the needs of our team-members:
Flexible work schedules and ability to work remotely available for many roles
Educational Assistant Program
Robust time off plan (21 days of PTO in your first year!)
Paid Volunteer Days
10 paid holidays
12 weeks paid Parental Leave for all new parents
6 weeks paid sabbatical
Health, dental and vision insurance paid at 80% for employees, dependents, and domestic partners
401(k) with up to 4% match
Monthly cell phone stipend
Weekly catered lunches
Jeans everyday workplace
Gender neutral bathrooms
At Aledade, we don’t just accept differences, we celebrate them! We strive to attract, develop, and retain highly qualified individuals representing the diverse communities where we live and work. Aledade is committed to creating a diverse environment and is proud to be an equal opportunity employer. Employment policies and decisions at Aledade are based on merit, qualifications, performance, and business needs. All qualified candidates will receive consideration for employment without regard to age, race, color, national origin, gender (including pregnancy, childbirth or medical conditions related to pregnancy or childbirth), gender identity or expression, religion, physical or mental disability, medical condition, legally protected genetic information, marital status, veteran status, or sexual orientation.