(Unfortunately, NO Corp2Corp or 3rd Parties Please & LOCAL CANDIDATES ONLY PLEASE )
Our focus is on transforming the customer and patient experience. Vital to our success are the Corporate Team Members who collaborate with clinical, operational, and sales teams in the field. We focus on delivering improved processes, innovative new services, and business solutions that differentiate and advance our comprehensive clinical services-always with our patients' and customers' needs in mind.
The Sr. Security Engineer is accountable for developing, managing and integrating all functions of the IT security program required to support daily operations and reduce cyber risk across the enterprise. This position will; oversee security policies, procedures and technologies for our on premise and cloud platforms; work with the enterprise IT teams to ensure projects and company initiatives are conducted according to enterprise information security requirements and standards; lead security-based assessments and drive continuous improvement in policy, systems and tools securing critical data and infrastructure. This is a remote position and the individual must live in the United States.
Additional responsibilities will include:
Build and Operate Controls:
Install, configure and maintain use of security infrastructure and tools to automate analysis capabilities for security event monitoring and log analysis. Work with team members, vendor partners and management to enable and support security operations, analyze and investigate security issues and ensure alignment with enterprise security requirements and standards. Provide 24x7 operational IT security support in response to security alerts, investigations and threat remediation. Publish executive level reports summarizing security incidents, identified vulnerabilities, potential exploitations and remediation steps to increase the organization's security posture. Collaborate with leadership and team members to understand business needs and develop solutions that meet enterprise information security standards. Review proposed system changes and ensure implemented system modifications do not adversely impact the security controls of the system.
Monitor Compliance and Respond:
Conduct periodic network scans, vulnerability assessments and penetration testing to detect security weaknesses. Monitor networks and systems and investigate security breaches, through the use of software that detects intrusions and anomalous system behavior. Conduct incident/event investigations, lead incident response and perform forensics analysis to identify, mitigate and contain a security breach. Conduct security program and controls assessments for level of maturity with industry frameworks (NIST) to identify deficiencies. Monitor networks (cloud and on premise) and associated technologies to ensure compliance with enterprise information security requirements and standards. Perform continuous security monitoring and systems security testing, provide mitigation solutions and patching requirements for identified findings. Collect, analyze and report on data from a variety of threat intelligence sources and proactively analyze indicators of compromise (IOCs), and known and emerging threats to the organization.
Develop the Security Program:
Participate in the development of IT security policies and practices, including key security strategies to respond to and recover from security breach events. Participate in the development of tactical response plans, procedures and escalation processes to quickly and effectively respond to potential security incidents. Provide daily support for the adherence of policies, procedures and best practices across the enterprise.
Provide Coaching and Guidance:
Participate in awareness training and testing of the workforce on information security standards, policies and best practices. Provide guidance for security needs based on national security organizations, frameworks and industry regulations. Coach, mentor and monitor teams on the IT security program's policies, procedures, requirements and standards and provide feedback.
Perform Effective Communications:
Develop and deliver progress reports, proposals, requirements, documentation and presentations to various audiences, including project teams, sponsors, CIO and key stakeholders. Deliver appropriate and effective executive level communications, as needed.
Other duties, as assigned.
Bachelor's Degree in IT Security, Computer Science, or equivalent OR Equivalent Experience.
Unexpired Security Certification (e.g., HCISSP, CISPP, CISA, SANS GIAC, etc.)
5+ years' experience with information security, operational IT security, security architecture & service design; and supporting IT teams from an information security perspective.
3+ years' experience working in a technical, hands-on, information security role; and 2 years' experience SIEM product administration (e.g. Splunk), security scanning and testing platforms (e.g. Nessus), presenting to Stakeholders and Senior Leaders.
Working knowledge of HIPAA and NIST CSF standards including 800-37, 800-30, and 800-53.Strong communication (oral and written) skills, including the ability to influence without authority.
Proficient with MS Project, Excel, Visio, PowerPoint and SharePoint.
Must be eligible to work in the United States without Visa sponsorship from an employer.
Cloud Security Certification.
Strong organizational, attention to detail and follow-up skills.
Ability to work in an ambiguous environment and collaborate across multiple areas.
Ability to effectively lead virtual meetings and establish rapport with cross-functional teams.
Experience with digital and/or infrastructure transformation initiatives.
Knowledge of HITUST and the HITRUST CSF framework.