Senior System Security Engineer

Profile

What You Will Do:
I. General Summary
Under limited or no supervision, gathers and analyzes security needs for developing and modifying clinical, business and infrastructure security requirements in the healthcare environment. Includes providing complex security support, writing documentation and defining specifications. Analyzes complex results, proposes security solutions and/or recommendations in addition to building, configuring and/or modifying security applications and toolsets. Represents IT security during planning and delivering complex projects.
II. Principal Responsibilities and Tasks
The following statements are intended to describe the general nature and level of work being performed by people assigned to this classification. These are not to be construed as an exhaustive list of all job duties performed by personnel so classified.
1. Administer network and computing devices/systems that enforce security policies and audit controls in Windows, UNIX, and Cisco environment
2. Formulate security architecture recommendations and design security services and defensive controls
3. Implement technical solutions to contractual requirements supporting NIST Cybersecurity Framework, CIS 20 Critical Controls, HIPAA, and SOC-2 audit standards
4. Provides responses to external audits, penetration tests and vulnerability assessments
5. Recommend and coordinate the application of fixes, patches, disaster recovery procedures in the event of a security incident or newly-discovered vulnerability
6. Research emerging technologies in support of security enhancement and development efforts
7. Conduct risk assessments, penetration tests and diagnose internet/extranet security, intrusion attempts, and cyber-crime response
8. Responsible for and oversees day-to-day tracking and follow-up on security issues and questions of daily operations
9. Performs and coordinates application analysis and impact analysis of new or different applications, processes or changes
10. Provides complex application support and guidance to application teams and provides technical guidance to less experienced personnel. Serves as point of contact for resolution of complex application problems involving Internet connectivity. Able to quickly assess problems and identify resolutions
11. Makes recommendations and provides alternatives with regards to various security-related development and support initiatives
12. Prepares written security documentation of various types; application documentation, analytical reports, functional specifications, training manuals, status reports, procedures, and other relevant documents. Creates, evaluates, and instructs/teaches team members and stakeholders
What You Need to Be Successful:
III. Education and Experience
1. Bachelor's Degree in computer science, a health, science, or business field is required. Master's degree preferred.
2. Required at least one industry certification such as CISSP, CISM, CISA, CEH, CSSLP, CHFI, CCSP, GCIH, GCIA, ITIL v3.
3. Five (5) years in information system engineering or administration plus 3 years of IT security experience required.
4. Experience working in a healthcare environment is preferred.
IV. Knowledge, Skills and Abilities
1. Expert knowledge of analysis and problem-solving principles with emphasis in user relations, data gathering techniques, and management information applications to IT staff in order to perform and teach others. Serves as a resource to others in the resolution of complex problems and issues involving Internet connectivity and security.
2. Ability to develop complex specifications for all aspects of applications, and familiarity with problem analysis, hardware/software configurations and application integration.
3. Expertise in application security, design standards, change management process with the ability to coach application development, delegate, and support teams.
4. Excellent verbal and written communication skills in order to advise and consult with application, server, and network teams and make formal presentations of project findings and recommendations. Demonstrated ability to write with purpose, clarity, and accuracy.
5. Ability to adhere to application security and control procedures in accordance with departmental, vendor standards, and regulatory requirements. Makes recommendations as necessary to achieve optimal security posture.
6. Expert knowledge of HIPAA Security Rule compliance and regulatory program requirements.
7. Excellent analytical, problem solving and decision making skills, applied with a solution-focused attitude.
8. Ability to analyze network, event and security logs, and/or IDS alert logs.
9. Proven project management and organizational skills, specifically managing multiple concurrent projects.
10. Ability to work as a member and leader of a team.
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.

Company info

Sign Up Now - EngineeringCrossing.com