Information Security Engineer II

About The Position

Requirements

• High School diploma or GED required. BA or BS Degree in Computer Information Technology or related degree is preferred.
• Candidates must meet any minimum position experience and/or certification requirements to be eligible for consideration.
• 5+ years of experience in the Information Security field as an Information Security Analyst or Engineer
• 3+ years of experience leading enterprise-class security projects with minimal supervision.
• Ability to design, implement and maintain security solutions such as EDR (Endpoint Detection & Response), MDR (Managed Detection & Response) solutions, Vulnerability Management solutions, and DLP (Data Loss Prevention) programs.
• Extensive hands-on experience with security tools and technologies, including SIEM, SOAR, network traffic analysis, email security gateways, and asset management systems.
• Strong understanding of network security principles, segmentation strategies, and Zero Trust methodologies.
• Experience with forensic analysis, penetration testing, and security event correlation.
• Strong documentation skills and experience creating Project Plans, Visio Diagrams, SOPs, RFPs, etc.
• Familiarity with threat hunting and overseeing vulnerability management programs.
• Knowledge of Logical Access Controls and Least Privilege reviews
• Strong knowledge in NIST Risk Management Framework, HIPAA compliance, PCI Guidelines and CIS Benchmarks
• Ability to work well under deadlines and in a fast-paced environment.
• Strong interpersonal skills, in addition to effective customer interaction skills

Nice To Haves

• Experience leading security automation initiatives using scripting languages such as Python, PowerShell, or Bash is a plus.
• Familiarity with Infrastructure as Code (IaC) security in DevSecOps environments is highly desirable.
• CompTIA Security+ preferred.
• CompTIA Advanced Security Practitioner (CASP+) preferred.

Responsibilities

• Lead the architectural design and implementation of enterprise security solutions, ensuring alignment with industry best practices and regulatory requirements (e.g., HIPAA, PCI, NIST).
• Independently drive security engineering projects, including but not limited to: Zero Trust architecture adoption, Network segmentation and redesign, Identity and Access Management (IAM) modernization, Cloud security governance, Advanced threat protection and endpoint security solutions
• Design, implement, and maintain secure systems, including servers, firewalls, intrusion detection/prevention systems, and other security devices.
• Establish and enforce security policies, standards, and best practices across IT, Infrastructure, and third-party integrations.
• Conduct security risk assessments and vulnerability management, overseeing proactive threat hunting efforts to mitigate risks in healthcare IT environments
• Act as a subject matter expert (SME) in security architecture, advising on secure network and system design, including micro-segmentation, software-defined networking, and next-generation firewalls
• Spearhead the evaluation, selection, and deployment of security technologies such as: Extended Detection and Response (XDR), Security Information and Event Management (SIEM), Managed Detection and Response (MDR), Privileged Access Management (PAM), Network Access Control (NAC), Data Loss Prevention (DLP)
• Lead incident response efforts, forensic investigations, and root cause analysis of security events.
• Provide mentorship and technical guidance to Information Security Analysts and junior engineers, fostering a culture of continuous improvement and knowledge sharing.
• Oversee and improve security monitoring, log analysis, and automated security response workflows using SIEM and SOAR platforms.
• Ensure compliance with cybersecurity frameworks such as NIST CSF, CIS Benchmarks, HITRUST, and ISO 27001.
• Develop and maintain security documentation, including security architecture diagrams, standard operating procedures, project plans, and governance reports.
• Collaborate with executive leadership and IT teams to align security initiatives with business objectives, balancing security with operational efficiency.

Benefits

• pay transparency