Information Systems Security Engineer

Job Overview

The primary responsibility of the Information Systems Security Engineer position is to ensure the confidentiality, availability and integrity of Parkland's data, computer systems and network devices by recommending, implementing and utilizing security defense systems to reduce the opportunity of cyberattacks. This position serves as the entry-level role supporting the Senior Information Systems Security opening.

Responsibilities:

• Research and investigate the potential impact of new threats and exploits. Conducts log analysis and other network forensic investigations.
• Supports security technologies and processes for scanning, testing, monitoring, and reporting.
• Support the execution of security projects that improve detection and response capabilities.
• Develop alerting and detection strategies to investigate any unusual behavior.
• Develop new defensive techniques to recognize any changes in adversary techniques and tactics.
• Conduct various network security scans and penetration tests to detect cybersecurity threats and identify weaknesses that may be exploited by malicious parties.
• Responsible for playing an active role in minimizing the negative impact if a security breach should occur. Conduct a cooperative in-depth technical investigation on how the breach occurred to gain an understanding of the extent of the damage.
• Supports performing implementation analysis and technical risk assessments on systems to ensure conformity to current security standards and operational support requirements are being met.
• Supports technical risk assessments for Parkland technology and identifies items requiring remediation. Examples of targeted technologies include but are not limited to firewalls, routers, switches, servers, AIX systems, and applications.
• Supports Information Security tools and infrastructure systems maintained by the Parkland Information Security Organization. Examples of such tools are web filtering technology, IDS/IPS appliances, SIEM tools, antispam/antivirus systems, data leakage appliances, content screening servers, VPN systems and firewalls.
• Maintains knowledge of applicable rules, regulations, policies, laws and guidelines that impact Parkland. Participates in the creation of effective security controls designed to promote adherence with applicable laws and accreditation agency requirements. Seeks advice and guidance as needed to ensure proper understanding.
• Stays abreast of new developments in the field of technology and security by attending seminars/workshops, reading professional journals, and actively participating in professional organizations. Integrates knowledge gained into current work practices.

Requirements:

• Must have a Bachelor s degree in Management Information Systems.
• Must have two years of experience in an information systems security domain with a background in mobile device security, endpoint protection, wireless protection, vulnerability management, incident response and mitigation, threat research and cyber intelligence analysis or other cyber security domain.
• Must have a current CompTIA Security+ Certification or equivalent in industry certification, background and knowledge within 6 months of placement into position.
• Knowledge of NIST, HITRUST, PCI, HIPAA Security Rule and associated common security frameworks.
• Professional experience in a system administration role supporting multiple platforms and applications.
• Ability to communicate complex security issues to peers and management.
• Ability to comprehend results of mobile code, malicious code, and anti-virus software Critical thinking skills and the ability to solve problems as they arise.
• Must have the ability to perform research in order to determine industry standard products and solutions in response to security requirements.
• Must have the ability to support project plans, organize and monitor tasks, and be able to produce quality results in a timely manner.
• Must be able to perform technical risk assessments and implement corrective actions regarding the safeguarding of information systems.
• Must be able to support complex information security tools and provide guidance to other technical staff on proper use of the tools.
• Must have superior writing skills and the ability to communicate effectively.
• Working knowledge of design, implementation, and maintenance of: Local area networks, Microsoft Active Directory / GPO, Data Loss Prevention, Encryption Technologies, Vulnerability Management, Intrusion Detection Systems, Intrusion Prevention Systems, Linux Operating Systems, Windows Operating Systems, Communication Protocols, Multi-factor authentication, Cloud Access Security Broker, Endpoint Detection and Response Technologies, Security Information and Event Management Tools.
• Must have working knowledge of the HIPAA Security Rule and PCI.