Senior Cybersecurity Engineer

Description
Penn Medicine is dedicated to our tripartite mission of providing the highest level of care to patients, conducting innovative research, and educating future leaders in the field of medicine. Working for this leading academic medical center means collaboration with top clinical, technical and business professionals across all disciplines.

Today at Penn Medicine, someone will make a breakthrough. Someone will heal a heart, deliver hopeful news, and give comfort and reassurance. Our employees shape our future each day. Are you living your life's work?

Entity: Corporate Services

Department: CyberSecurity - Engineering

Location: 3535 Market Street, Philadelphia, PA

Hours: M-F, 8 hr days, hybrid

Summary:

• The Senior Endpoint Engineer provides advanced planning, engineering, implementation, monitoring, enhancement, and analysis of endpoint security systems and applications that are the responsibility of the Information Services Cybersecurity Group. The role specifically focuses on the security aspects of endpoint infrastructure, including workstations, servers, mobile devices, medical devices, and IoT devices, with the primary goal to keep Penn Medicine patients, employees, and data secure while enabling the business to provide world class health care services. The role is responsible for the highly technical engineering of endpoint security architecture, with a focus on establishing skill and practical implementation of tools and technologies to secure the organization's endpoints, detect and respond to threats, and prevent data loss while maintaining operational efficiency

Responsibilities:

• Engineers, implements, and manages technical endpoint security controls and countermeasures with a goal of preventing, detecting, and eliminating security threats and risks to the organization's endpoints and data.
• Designs and implements secure endpoint configurations, including hardening, access controls, and monitoring systems to protect critical assets and sensitive data.
• Identifies opportunistic improvements to endpoint security through feature enhancement, process development/improvement, automation, technology improvements, or other innovative means.
• Provides tier III complex engineering analysis and cybersecurity focused support for endpoint security solutions, security applications, and endpoint infrastructure.
• Identifies security risks, threats, misconfigurations, and vulnerabilities in existing endpoints, systems, and applications, and develops solutions to remediate identified threats.
• Acts as a liaison with other engineering groups to ensure that endpoint security issues are addressed as systems are being designed and implemented while fully considering enterprise impact to operations teams and obtaining their buy-in and support for changes.
• Validates and tests complex endpoint security architecture and design solutions to produce detailed engineering specifications with recommended vendor technologies.
• Implements and maintains security systems such as endpoint detection and response (EDR), data loss prevention (DLP), mobile device management (MDM), endpoint protection platforms (EPP), application control, and device encryption technologies.
• Develops, implements, enforces, and communicates security policies and/or plans for endpoint protection, data security, software applications, hardware, and endpoint management.
• Performs endpoint security assessments and vulnerability scans to identify potential security gaps and recommends remediation strategies.
• Monitors endpoint activity for suspicious behavior and investigates potential security incidents related to endpoint infrastructure.
• Collaborates with incident response teams to analyze and mitigate endpoint-related security incidents, including malware, data leakage, and unauthorized access.
• Provides complex technical oversight and enforcement of security directives, orders, standards, plans, and procedures related to endpoint security.
• Performs duties in accordance with Penn Medicine and entity values, policies, and procedures
• Other duties as assigned to support the unit, department, entity, and health system organization

Credentials:

• Cert IS Security Professional. (Preferred)

Education or Equivalent Experience:

• Bachelor's degree. (Required)
• 6+ years of Information Technology experience. (Required)
• Demonstrated experience in security research, seminar/conference, writing or community leadership. (Preferred)
• Experience with security standards and frameworks such as HIPAA, HITRUST, NIST, etc. (Preferred)

We believe that the best care for our patients starts with the best care for our employees. Our employee benefits programs help our employees get healthy and stay healthy. We offer a comprehensive compensation and benefits program that includes one of the finest prepaid tuition assistance programs in the region. Penn Medicine employees are actively engaged and committed to our mission. Together we will continue to make medical advances that help people live longer, healthier lives.

Live Your Life's Work

We are an Equal Opportunity employer. Candidates are considered for employment without regard to race, ethnicity, color, sex, sexual orientation, gender identity, religion, national origin, ancestry, age, disability, marital status, familial status, genetic information, domestic or sexual violence victim status, citizenship status, military status, status as a protected veteran or any other status protected by applicable law.