Information Security Engineers provide support by safeguarding the organization's sensitive information through planning, implementing, maintaining, and monitoring various detective, preventive, and corrective information security controls for the protection of computer systems, storage, infrastructure, and cloud applications for the enterprise.
This position focuses on protecting system boundaries, keeping systems and infrastructure hardened against attacks and securing sensitive information, along with securing user and computer identity.
They develop and maintain protocols for the safe use, entry, transmission, and retrieval of data and software assets within the enterprise.
Information Security Engineers work to ensure that the security protocols are flexible enough to remain user-friendly for employees, while also ensuring that security is strong enough to meet the needs of the enterprise.
The Security Engineer continuously reviews the IT environment for information security weaknesses and develops plans/implements risk mitigation approaches.
This role reviews documentation (i.
e.
architecture/network/system diagrams, vendor system/software requirements, network flow diagrams, test results, vendor implementation guides, reports, external threat intelligance, source code, etc.
), identifies vulnerabilities, correlates data, and coordinates remediation plans in order to reduce organizational risk.
They engage various external vendors on risk mitigation approaches or support issues.
Documentation, such as formalized Configuration Standards for secure IT technology implementation, as well as communication to both non-technical and technical audiences is common.
Job Duties & Responsibilities:
Demonstrates knowledge of and supports hospital and Enterprise Security mission, vision, value, and promise statements, policies and procedures, operating instructions, confidentiality standards and code of ethical behavior.
Designs, configures, implements, troubleshoots, tests, and monitors detective, preventive, and corrective security controls designed to minimize organizational risk.
Ability to manage moderately complex issues and develop solutions.
Reports anomalies to management.
Directly audits internal and/or third-party security controls to validate no change in organizational risk posture has taken place.
Develop comprehensive reports including assessment-based findings, outcomes, and recommendations for risk mitigation.
Develop, document, and continuously maintain standard operating procedures, protocols, and IT Configuration Standards.
Develop techniques, code solutions, and/or recommend software/tools to automate information security tasks/processes.
Support the investigation and resolution of security incidents.
Participates in 24x7 on-call rotation with team.
Documents and communicates key metrics to management for inclusion into the Enterprise Security dashboard.
Participates in proof of concepts and other technical evaluations of technologies, designs, and solutions.
Provides technology evaluation recommendations.
Leads small to medium sized projects and provides stakeholders with status reports regarding project assignments.
Provides regular updates to essential business continuity documentation (IT Disaster Recovery Plan, Business Impact Analysis, and Incident Response Plan).
Education & Certifications:
Technical Training
Computer Sciences
Preferred Education:
Bachelor's Degree
Preferred Certifications, Credentials and Licenses:
CISSP - Certified Information Systems Security Professional.
Security+.
HCISPP - Healthcare Information Security Privacy Practitioner.
Lean Six Sigma and/or ITIL certification
Preferred Experience:
3-5 years Previous Information Technology and/or Information Security work experience (without a college degree).
1-2 years Previous Information Technology and/or Information Security work experience (with a college degree).