Information Security Engineer
TEKsystems Oceanside, CA
- Posted: over a month ago
- $100,000 to $110,000 Yearly
The InfoSec Engineer will develop security standards and best practices for the organization, and recommend security enhancements to management as needed.
1) Looking for a well rounded engineer who is experience with both risk/compliance and technical security "hands on" (will be a 50/50 split). This person will be a liaison between their vCISO and their outsourced SOC/Incident Response team.
2) Would like someone with experience in the healthcare industry and ideally someone who has worked on a smaller team or in a smaller environment. The tech team is made up of 13 individuals and this person will be the go-to for all security requests (along with their vCIO).
3) Need someone with HIPAA familiarity, who is able to follow best practices, familiar with "systems" and do scanning, exercise good judgement, etc.
Reporting to the IT Director, the Information Security (InfoSec) Engineer is an integral member in planning and executing the organization’s information security strategy. The InfoSec Engineer reinforces the overall security posture of the organization through coordinating of security measures to monitor and protect systems. The InfoSec Engineer will develop security standards and best practices for the organization, and recommend security enhancements to management as needed. This will include designing, deploying and managing security tools to meet organizational and departmental objectives as designed in partnership with IT leadership and Compliance. This position will partner with and collaborate alongside Innovation Department leadership and third party partners in order to ensure security initiatives are effectively implemented and operated. The InfoSec Engineer is also responsible for educating the team's workforce on information security through ongoing training and building of awareness; thus fostering a culture of security.
1. Develop and maintain relevant IT security policies and procedures while identifying and integrating best practices for the organization. Identify and develop opportunities for improvement, where applicable, either related to said documentation or in terms of application of security protection directives.
2. Analyze, adjust and implement security risk management procedures in the context of assessment, vulnerability, and configuration management.
3. Keep current with emerging security alerts and issues of relevance to the health care industry, related to deployed technologies as well as possible future change or enhancements. This includes proactive monitoring, identification of vulnerabilities, risk level and mitigation methods. Formulate and recommend related solutions.
4. Serve as the primary point of contact for outsourced Security Operations Command (SOC) resources in support of monitoring, alerting, and adjusting of those functions and escalations, including alert monitoring and tuning.
5. Communicate with, and advise management with respect to critical security events.
6. Perform periodic review and validation analysis of security-relevant tasks assigned to IT system administrators. This includes, but is not limited to backups, patching, firewall process reviews, infrastructure updates and account lifecycle management. Recommend enhancement to IT policies and procedures. where appropriate
7. Lead incident response (IR) activities, and support IR investigations, data gathering, forensics or other IR needs in the event of data/security breaches or other major incidents. Develop reports of findings to be reported to management.
8. Review technology and process architecture as part of the new application or system selection process to ensure minimum security standards are considered and enforced. Provide recommendations and advise management regarding best, security compliant products.
9. Provide security oversight and approval for proposed environment changes, including but not limited to architecture, configuration settings, firewall/access changes, partner or vendor access, and any artifacts that have the potential to alter the security profile of an environment.
10. Manage and maintain security operations applications and associated hardware/software, as well as associated documentation of these systems.
11. Mentor, guide and support IT and broader organization members with respect to security questions, needs, and concerns. Advise and recommend solutions based on need, as appropriate.
12. Perform internal audits based on a defined schedule and coordinate audit remediation efforts. This will include proactive security scans, analysis of security permissions, and network/hardware/software architecture reviews and scans.
13. Respond to security alerts provided by the organization’s managed security provider, and lead remediation and documentation efforts, in accordance with the department's policies and procedures. Recommend changes based on retroactive issue review.
14. Assist with hardware, application and network event log review to facilitate IT (non-security) oriented incident resolution and root cause analysis.
15. Provide periodic on-call coverage team support and on occasion, provide unplanned support of incidents or operational issues after hours.
Employees are expected to uphold its core values by striving for continuous quality improvement; being respectful and honoring psychosocial, spiritual and cultural beliefs of each other and patients, clients and community members; acting ethically in all aspects in performing job duties; being team spirited; and exhibiting exemplary customer service in all interactions.Employees are required to abide by the Code of Conduct, Building Great Relationships (BGR) standards, Corporate Compliance (HIPAA and Corporate Integrity), safe work practices, and privacy rules related to patient, employee, and volunteer information.
QUALIFICATIONS REQUIRED • Bachelor’s degree in computer science, information technology, information systems or related field, or equivalent work experience.
• A minimum of six (6) years’ experience in an IT role.
• Plus, a minimum of three (3) years’ experience in a healthcare environment or environment subject to compliance requirements and serving in a similar security role.
• Strong understanding of key platforms such as, Windows Server 2012-2019, SQL server, Exchange 2010, Office365, VMware, Nutanix, Citrix, Active Directory, Rapid7, SolarWinds, and network/firewall design and security.
• Understanding of HIPAA Privacy and Security Rule and the HITECH Act.
• Understanding of industry-standard security technologies such as IDS, IPS, DLP, MFA, scanning tools, SIEM, email protection and antivirus/anti-malware
• Knowledge of applicable practices and laws relating to data privacy and protection.
QUALIFICATIONS DESIRED • Experience working in a Federally Qualified Health Center or healthcare environment.
• Experience with SOC/vendor management as part of a security role.