Security Engineer I

Northeast Georgia Medical Center•Gainesville, GA

About The Position

Junior level position that leverages and expands the capabilities of existing analytical tools and technologies. Recommends new tools, technologies, and intelligence sources as appropriate. Analyzes security systems log files, reconciles correlated security events, and further develops current security event correlation capabilities. Supports investigations with intelligence collection, analysis, and/or dissemination. Builds and Manages Information Security Infrastructure to include Anti-Malware, Data Loss Prevention, End-point encryption, Incident Detection and Response. Provide guidance for remediation of identified vulnerabilities within the organization environment. Manage identity access controls, ensure data integrity and availability. Drive implementation of Role Based Access Controls and least privilege access. Audit data access. Ensure privacy and compliance of data including management of data classification and labeling. Serve as technical resource and escalation point for all IT related security needs and participates in on-call rotation.

Requirements

Associates Degree. Two (2) year degree in Computer Science, MIS or other computer-related field or equivalent experience in similar IT environments required. In lieu of Associates degree, five (5) years of experience in similar environments will be considered.
Three (3)+ years of IT security operations experience required.
Knowledge of information security systems engineering principles (NIST SP 800-160).
Knowledge of authentication, authorization, and access control methods.
Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).
Knowledge of systems administration concepts.
Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).
Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
Skill in applying confidentiality, integrity, and availability principles.
Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
Ability to adjust to and operate in a diverse, unpredictable, challenging, and fast-paced work environment.

Nice To Haves

Cybersecurity Certification recommended.
CISSP or CISA certification preferred.
Healthcare IT security.

Responsibilities

Assess the effectiveness of cybersecurity measures utilized by system(s).
Coordinate with enterprise-wide cyber defense staff to validate network alerts.
Develop risk mitigation strategies to resolve vulnerabilities and recommend security changes to system or system components as needed.
Ensure that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.
Identify, assess, and recommend cybersecurity or cybersecurity-enabled products for use within a system and ensure that recommended products are in compliance with organization's evaluation and validation requirements.
Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation.
Apply cybersecurity functions (e.g., encryption, access control, and identity management) to reduce exploitation opportunities.
Prepare for and provide subject matter expertise to exercises.
Other duties as assigned.