IT Security Engineer

HIPAA/HITECH, SQL, ISO27001, NIST 800-53, CIS, DISA, Metasploit, Nessus, Kali
Full Time
Depends on Experience
Travel not required

Job Description

  • Acts as a Subject Matter Expert for Information Security and recommends best practices as needed
  • Assess existing platform and application hardening guidelines against industry standards.
  • Perform Risk Assessments against the technology environment and systems, work with appropriate teams to ensure proper understanding of potential gaps, and propose strategic but practical response plan
  • Identify and access risk findings within the environment with respect to risk definition and development of associated remediation plans
  • Provide support for ID Governance initiatives e.g. Access Recertification, user provisioning/deprovisioning etc. technologies and related processes
  • Provide support for Web filtering, Encryption, Data Leakage Prevention tools and related processes
  • Implement Application listing controls across the environment
  • Perform threats and vulnerability assessment and provide subject matter expertise on appropriate threats mitigation and patch management processes
  • Assist with the development and implementation of global security policy, standards, procedures and work instructions to ensure ongoing maintenance of security
  • Oversee key IS defense elements including network security architecture, network access and monitoring policies
  • Perform incident response planning as well as the investigation of security breaches, and assist with such breaches as necessary
  • Oversee execution of approved information security project plans and provide regular status reporting on progress of such projects.
  • Develop and generate appropriate metrics (key risk and performance indicators) to measure the IS program and related processes
  • Assist with and provide response and remediation plans to internal and external Audit findings
  • Perform mandatory periodic review of Security Controls logs/activity
  • Coordinate reporting from internal systems & external monitoring services
  • Assist helpdesk personnel with security-related items
  • Drive resolution of security alerts or incidents
  • Assist Information Security Director in technical implementation of company policy
  • Recommend, plans, designs, implements, & monitors complex security solutions
  • Utilize penetration testing tools to perform periodic vulnerability assessments (internal / DMZ / external)
  • Other duties as assigned

 

Qualifications:

 

  • 10+ years IT experience
  • 5+ years IT Security experience
  • Understanding of the healthcare/financial regulatory environment
  • Solid understanding of technology and Information Security domains
  • AS/BS degree in Engineering/Mathematics/Computer Science or related discipline
  • CISSP certification a plus

Technologies:

  • Microsoft
  • Active Directory
  • Server 2016/2019
  • Windows 10
  • Oracle Enterprise Linux
  • PKI/Certificate Services Administration
  • Database Security Administration
  • SIEM/Log Management
  • Email Security
  • Web filtering
  • Identity and Access Management (IAM)
  • Data Leak Prevention (DLP)
  • Vulnerability Scanning
  • Web Application Scanning
  • Anti-Malware Technologies
  • Cisco Switches, Routers
  • SQL Server Admin and Reporting
  • PowerShell Scripting
  • HIPAA/HITECH knowledge
  • Knowledge of ISO27001, NIST 800-53, CIS, DISA and similar standards
  • Experience with audits
  • HSM/Key Management Experience
  • Metasploit, Nessus, Kali, other penetration testing tools

 

 

 

Dice Id : 10230081
Position Id : 7011619
Originally Posted : 1 month ago
Have a Job? Post it