Information Security Engineer Senior

SUMMARY :

We are currently seeking an Information Security Engineer Senior to join our Information Security team.. This full-time role will work days.

Primarily remote work but requires ability to report to campus last minute as needed.

Purpose of this position : The Information Security Engineer Senior is responsible for protecting the organization's digital information and computer network through the design, planning, implementation, and continued support of security measures to protect the organization's computer networks and systems.

In addition to supporting the secure and compliant operations of the organization, the Information Security Senior Engineer will be expected to help identify, design, and implement new security controls based on needs and industry trends.

A senior member of the Information Security team, this position requires a mindset aimed at safeguarding the organization's network assets, digital files, user accounts, PHI, and other sensitive information, as well as a continuous focus on improving the organization’s security posture.

RESPONSIBILITIES

• Designs and implements Information Security controls and audits recommendations
• Leads the identification and remediation of risks, threats, and vulnerabilities
• Designs and conducts security and compliance assessments, including managing documentation and presentation of findings
• Identifies opportunities to operationalize and automate elements of IT security and security operations
• Leads efforts in the identification and remediation of risks, threats, and vulnerabilities
• Responsible for maturing the vulnerability management program
• Works independently to identify new vulnerabilities
• Leads and participates in security incident investigations, which may include assisting with malware containment and incident response
• Provides subject-matter expertise needed for the development and revision of existing and new IS&T security policies
• Partners with other IT teams and asset owners to mitigate vulnerabilities
• Stays abreast of the latest Information Security trends, threats, and vulnerabilities
• Provides direct end-user support for Tier 2 and 3 incidents
• Mentors and supports the development of members of the team
• Designs and implements Information Security controls and audits recommendations
• Leads the identification and remediation of risks, threats, and vulnerabilities
• Participates in external audits and assessments by collecting and providing requested evidence
• Actively participates in ongoing Risk Management efforts
• Represents Information Security at meetings, committees, and task forces
• Thinks outside the box and assists in creating multiple risk and compliance remediation options
• Responsible for the development, promotion, and maintenance of Information Security owned applications, such as a password vault, phishing simulator, authentication systems, 3rd-party risk management tools, etc.
• Leads and participates in IT projects as they relate to Information Security
• Maintains the Information Security Controls Catalog
• Leads / Facilitates 3rd party risk management assessments and ongoing vendor monitoring
• Participates in the Cyber Emergency Response Team
• Provides regular and off-hour on-call support as scheduled
• Other duties as assigned

QUALIFICATIONS :

Minimum Qualifications :

• 3-5 years working in technology / information security
• Bachelor’s Degree
• An approved equivalent combination of education and experience

Preferred Qualifications :

• Experience in HealthCare environments
• Experience with Biomedical devices and healthcare applications
• Red-Team / Penetration Testing experience
• Proficient in using Microsoft Office 365 tools
• Using APIs and developing information security tools
• Experience performing Azure / AWS Security Assessments

Knowledge / Skills / Abilities :

• Critical thinking and problem-solving skills
• Interpersonal skills and the ability to communicate with management, peers, and customers via reports, email, or verbal updates
• Experience evaluating information security risks
• Experience doing technical analysis of system vulnerabilities
• Excellent customer focus, including escalation handling and resolution
• Demonstrated ability to manage multiple priorities and deadlines
• Adaptable to changing priorities, tasks, and work schedules to meet customer service standards
• Effective written and verbal communication skills
• Experience leading projects
• Must be a self-starter, able to work under pressure, and be flexible in setting priorities
• Demonstrated ability to learn new technologies and systems quickly and provide instruction on complex processes
• Python and or PowerShell Scripting experience
• Mobile Device Security / MDM Solutions Management

License / Certifications :

• Certified CISSP or related security certification
• Required to become certified with CISSP, or another security certification within 18 months of hire
30+ days ago