Security Engineer

About The Position

Requirements

• 6 + years’ experience as an Information Security Engineer with system design and security engineering experience implementing a wide range of security solutions both on prem and in the cloud (Azure)
• Oversee and lead the implementation of security solutions; develop technical and reference architectures throughout the project duration. (DLP, IAM, Vulnerability Management, Network Security, Windows Infrastructure and Systems)
• Knowledgeable with Microsoft 365 suite of products
• Bachelor’s /Master’s degree from an accredited college/university or equivalent work experience.
• 6 - 8 years’ experience as an Information Security Analyst/Engineer with system design and security engineering experience implementing a wide range of security solutions both in cloud and on-prem.
• Knowledge of security engineering to ensure security solutions development aligns with the defined architecture strategies.
• Professional certifications in security; Security +, CEH, CCSP, CISSP.
• Strong understanding of secure design and reviews, identity and access management.
• Extensive hands-on knowledge of IAM best practices, procedures, and software solutions.
• Comprehensive knowledge and experience with authentication standards & technologies, such as single sign-on (SSO), two-factor authentication, privileged access management.
• Excellent communication, presentation, and documentation skills.
• Experience with Requirement Analysis & Technical Troubleshooting.
• Experience with System & Technology Integration.
• Ability to work comfortably under pressure and deliver on tight deadlines.
• Ability to analyze data and information with a detailed understanding of regulatory requirements (HIPAA), as well as security frameworks (NIST CSF) and IAM methodologies.
• Ability to maintain the highest standards of confidentiality, integrity, and personal accountability when working with sensitive & restricted data.
• Proven experience in overseeing the direction, development, and implementation of software solutions.
• Strong knowledge of system and software quality assurance best practices and methodologies.
• Excellent written and oral communication skills; comfortable speaking in front of small to medium sized groups.
• Excellent listening and interpersonal skills.
• Ability to communicate ideas in both technical and user-friendly language.
• Highly self-motivated and keen attention to detail.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• Experience working in a team-oriented, collaborative environment.
• Mentor and/or provide guidance to other members of the security team.
• Computer proficiency including Microsoft Office Suite (Word, Excel, Teams, etc.)

Nice To Haves

• Bachelor’s or equivalent years of work experience (Minimum 8 years of security experience plus industry security certification).
• Extensive knowledge of security technologies.
• Extensive knowledge of LAN administration.
• Extensive knowledge documenting and maintaining processes and procedures.
• Extensive knowledge of data privacy practice and laws.
• Deep understanding of regulatory and compliance standards in the healthcare industry.
• Other Security Certifications desired (Security+, CEH, CRISC, GSEC, SSCP, CISA, CISM), Azure Solutions Architect Certification, Microsoft Azure Architect Certification & Microsoft Azure Architect Technologies.
• Experience with one or more programming languages such as C++, Java, Python, or JavaScript.
• Experience with Microsoft Directory Integrations (Active Directory/AD Agent).
• Experience with Okta components and tenant configuration.
• Experience with Logs Management tools.
• Experience with Windows, Linux / Unix, scripting (PowerShell, or Perl), Active Directory, LDAP, SQL, and web services.
• Extensive knowledge of Identity Access Management (IAM), SAML, Federation, Privilege Access Management (PAM), and MFA technologies.
• Expertise in Data Security (Cryptography and Encryption).
• Knowledge of advanced Auditing and Log Management tools.
• Experience with security vulnerabilities scanning tools.
• Understanding of Cloud Access Broker Services (CASB) and configuration best practices.
• Proficiency in using Data Loss Prevention (DLP) tools and applying best practices.
• Familiarity with user behavior monitoring.
• Strong data analysis skills for Network, Cloud, and Endpoint data.
• Ability to optimize security tools and controls effectively.

Responsibilities

• Performs security functions including IAM, vulnerability scanning, light pen testing, daily review of security reports and security systems.
• Generates internal threat intelligence to feed back into the security stack.
• Monitors compliance with the organization’s information security policies and procedures and refers problems as appropriate.
• Monitors internal control systems to ensure that appropriate information access levels are maintained.
• Defines systems security requirements and participates in design architecture discussions.
• Develops security countermeasures to detect malicious activity and creates operational and compliance dashboards & reporting.
• Supports incident response infrastructure & cyber intelligence platform.
• Initiates, facilitates, and promotes activities such as security awareness training to foster information security awareness within the organization.
• Reviews system-related information security plans throughout the organization’s network and acts as a liaison to the Information Systems Department.
• Ability to work independently on goals and direction provided by the Manager of Information Security, and/or Director of Information Security.
• Ability to lead project level initiatives.
• Maintains deep understanding of information technology networking and infrastructure, particularly as they pertain to network and cyber security.
• Develops written security process and procedures for systems and software within area of expertise to ensure consistent security policy implementation.
• Performs mitigation and or remediation on vulnerabilities to an acceptable compliance level.
• Performs annual reviews of documentation to meet requirements.
• Builds and maintains positive IS team partnerships.
• Works closely with enterprise IT, Delivery, and other functional area specialists to ensure adequate security solutions are engineered in cloud environments to mitigate risk, meet business objectives, and regulatory requirements.
• Serves as a cloud security consultant to help project teams comply with enterprise and IT security policies, industry regulations, and best practices.
• Implements and operates cloud security technologies to include preventative, detective, and compliance controls.
• Ability to help lead and direct team in daily job assignments.
• Mentors of junior staff.
• Provide oversight and assess security controls for IaaS, PaaS, and SaaS services while collaborating with system integrators and the client’s teams to deliver reliable and scalable security capabilities.
• Oversee and lead the implementation of security solutions; develop technical and reference architectures throughout the project duration.
• Perform as a subject matter expert on IAM and Cloud technologies, recommendations on security infrastructure and raise security risks in a timely manner.
• Develop security requirements for complex internet-facing applications and associated infrastructure components.
• Assess and review end-to-end secure integrations, including web services and APIs.
• Work closely with the information system, security teams and third-party system integrators on security engineering-related issues, resolving challenges without affecting project delivery timelines.
• Monitor information systems for security incidents and vulnerabilities; develop monitoring and visibility capabilities; and report on incidents, vulnerabilities, and trends.
• Analyze trends, news, advisories, and changes in threats, and conduct security assessments with risk mitigation plans.
• Review vulnerability management reports and follow up with technical stakeholders on remediation efforts.
• Respond to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches; interact and coordinate with incident responders.
• Ability to work under pressure in a fast-paced environment.
• Strong attention to detail with an analytical mind and outstanding problem-solving skills.
• Experience with Healthcare security requirements, such as ISO, HITRUST, NIST along with PCI.
• Adheres to policies, procedures, guidelines relative to departmental operations.
• Performs other duties as assigned

Benefits

• Medical, dental & vision
• Critical Illness, Accident, and Hospital
• 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available
• Life Insurance (Voluntary Life & AD&D for the employee and dependents)
• Short and long-term disability
• Health Spending Account (HSA)
• Transportation benefits
• Employee Assistance Program
• Time Off/Leave (PTO, Vacation or Sick Leave)