Demo

Sr IT Security Engineer (Hybrid)

American Medical Association
Chicago, IL Full Time
POSTED ON 1/30/2025
AVAILABLE BEFORE 4/29/2025

Sr IT Security Engineer

Chicago, IL (Hybrid)

The American Medical Association (AMA) is the nation's largest professional Association of physicians and a non-profit organization. We are a unifying voice and powerful ally for America's physicians, the patients they care for, and the promise of a healthier nation. To be part of the AMA is to be part of our Mission to promote the art and science of medicine and the betterment of public health.

We continuously work to embed equity in our internal practices and are committed to increasing the diversity of our staff across all levels of the organization. We intentionally work to create the right conditions to enable our employees to feel that they can be their authentic selves and fully participate in the life of the enterprise.

We encourage and support professional development for our employees, and we are dedicated to social responsibility. We invite you to learn more about us and we look forward to getting to know you.

We have an opportunity at our corporate offices in Chicago for a Sr IT Security Engineer on our Information Technology team. This is a hybrid position reporting into our Chicago, IL office, requiring once a month in the office.

As a Sr IT Security Engineer, you will be responsible for security and cyber threat intelligence, industry bestpractices research, threat detection / prevention, threat triage, and response. Thisrole is responsible for designing, implementing and maintaining securityplatforms and operational solutions to secure cloud-based technology and on-premiseapplications. This role is responsible for the day-to-day security technologies(e.g., firewalls, SIEM, data loss prevention, web application firewalls, applicationsecurity testing, VPN etc.) and supporting processes. Collects and generatesreports and metrics for security trends and audit compliance purposes. Also designs security use cases based onbusiness requirements and lead security tool administration and configuration; worksclosely with IT Engineering and Infrastructure teams to achieve securityobjectives and goals.

RESPONSIBILITIES : IT Security Policy

Research, design and advocate new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendors

Plan, document, and execute enterprise-wide security programs, including vulnerability identification and testing, network scanning framework for public and private networks and other technologies

Configure and troubleshoot vulnerability assessment tools and endpoint solutions; perform scans, and identify and research threats; summarize results and corrective actions where appropriate

Consult with IT, compliance, audit, and others to ensure development, implementation, and administration of applications and infrastructure meets standards for IT security and regulatory audit compliance

Communicate IT Security policies and procedures to management and end users across businesses

Collect and analyze defined metrics to report to leadership, including security dashboards and results of trainings

Develop and / or deliver information security awareness training, including phishing simulations and risk-based training content for high-risk users

Identify, collect, and organize credible, new intelligence and subject matter relative to current and emerging threats using all the tools, applications and open-source information

Define and document, application security standards for developers; ensure compliance with applicable security controls when writing such standards Design, lead, and project manage the development and configuration of security tools and automation based on use cases.

Incident Detection and Response

Proactively monitor, analyze, block, and respond to malware and other emerging threats; serve as technical point of contact during and after security incidents including digital forensics procedures

Conduct operational threat hunting exercises to proactively find incidents in the AMA environment

Perform threat modeling and risk assessments using standard security frameworks for cloud services

Monitor and audit networks, on-premise and cloud systems and service changes

Document incident response procedures; support management communication during incidents

Assist in management of security services providers

Security Operations (including processes, monitoring, configuration, and maintenance)

Responsible for researching new threats, attacks, and risks to infrastructure and software

Define and document operating procedures for incident identification, investigation, and response

Work with businesses to identify and address data security risks in business processes

Analyze and make recommendations to enhance our security posture within cloud and hybrid environments and associated services and configurations

Improve security reporting, including coordinating vulnerability management, penetration testing, and infrastructure compliance

Create or update of detailed operational processes and procedures related to security operations, incident management & code development

May include other responsibilities as assigned

REQUIREMENTS :

Bachelor's degree required in Information Security, Engineering, Computer Science, or related field

Demonstrated progression towards one or more security of the following certifications; GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), CISSP / CISA certification, CISM

5 years of Security Operations experience is required, including cyber incident investigations

Strong understanding of various network and host-based security applications and host-based security applications and tools

Exposure to enterprise web application programming and Application Security (AppSec).

Knowledge of browser security controls, web application security frameworks, and authentication infrastructures (SAML, OAUTH), technical infrastructure, end points, networks, databases, and systems in relation to IT Security and IT Risk

Understanding of cloud networking concepts and architecture to promote and develop new designs and security strategies across all types of cloud-based applications (including infrastructure, platform, and software as a service)

Excellent written and verbal communication skills; able to communicate technical concepts to business leaders and users clearly, with appropriate emphasis on urgency and priority of potential threats and possible security incidents in progress

Ability to respond to security incidents promptly and independently, addressing incidents under time pressure

Excellent analytical, organizational and communication skills; demonstrated ability to facilitate cross-functional teams

Experience in continuous improvements and agile methodology

Additional Technical Background & Skills Requirements ( proficiency and / or past experience) :

Familiar with security standards, principles, techniques, and Frameworks (NIST, PCI, HIPAA etc.)

Anti-Virus, Intrusion Detection Systems, Firewalls, Active Directory, Web Proxies, Vulnerability Assessment tools

Data Loss Prevention (DLP), Security Information and Event Management (SIEM)

Various network and host-based security applications and host-based security applications and tools

Perimeter security monitoring (i.e., router / firewall / switches)

Endpoint programs / applications (Anti-Virus, malware, etc.)

Email monitoring (DLP, SPF, DKIM, SPAM)

Network scanning

Static Application Security Testing (SAST) tools (such as SonarQube)

Dynamic Application Security Testing (DAST) tools (such as Snyk or Rapid7)

Source code management tools (Git, SVN, etc.)

Forensic tools (Sleuth Kit, X-Ways, CAINE)

Cloud-based security tools (CloudTrail, WAF, Security Center, etc.)

Browser security controls, web application security frameworks, and authentication infrastructures (SAML, OAUTH).

Code scanning tools (Dynamic, Static and Opensource)

Programming languages (Java, JavaScript, Python, etc.)

Web services, API, REST, RPC

Infrastructure as Code (CloudFormation, Terraform) preferred

Vulnerability Management solutions (Qualys, Tenable)

Candidates with Digital and Media Analysis (DMA) and prior computer forensics

The salary range for this position is $107,865 - $131,937. This is the lowest to highest salary we believe we would pay for this role at the time of this posting. An employee's pay within the salary range will be determined by a variety of factors including but not limited to business consideration, geographical location, and internal equity, as well as candidate qualifications, such as skills, education, and experience. Employees are also eligible to participate in a bonus plan. To learn more about the American Medical Association's benefits offerings, please click here.

The American Medical Association is located at 330 N. Wabash Avenue, Chicago, IL 60611 and is convenient to all public transportation in Chicago.

We are an equal opportunity employer, committed to diversity in our workforce. All qualified applicants will receive consideration for employment. As an EOE / AA employer, the American Medical Association will not discriminate in its employment practices due to an applicant's race, color, religion, sex, age, national origin, sexual orientation, gender identity and veteran or disability status.

THE AMA IS COMMITTED TO IMPROVING THE HEALTH OF THE NATION

Apply Now

Share

Save Job

Salary : $107,865 - $131,937

If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution. Compensation Planning
Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right. Surveys & Data Sets

What is the career path for a Sr IT Security Engineer (Hybrid)?

Sign up to receive alerts about other jobs on the Sr IT Security Engineer (Hybrid) career path by checking the boxes next to the positions that interest you.
Income Estimation: 
$152,549 - $188,894
Income Estimation: 
$194,072 - $240,547
Income Estimation: 
$135,994 - $168,063
Income Estimation: 
$161,209 - $233,553
Income Estimation: 
$70,462 - $84,818
Income Estimation: 
$77,991 - $108,747
Income Estimation: 
$87,093 - $107,335
Income Estimation: 
$140,233 - $181,029
Income Estimation: 
$161,209 - $233,553
Income Estimation: 
$87,093 - $107,335
Income Estimation: 
$111,725 - $147,313
Income Estimation: 
$112,673 - $137,290
Income Estimation: 
$140,233 - $181,029
Income Estimation: 
$161,209 - $233,553
Income Estimation: 
$112,673 - $137,290
Income Estimation: 
$139,945 - $168,577
Income Estimation: 
$140,233 - $181,029
Income Estimation: 
$161,209 - $233,553
Income Estimation: 
$139,945 - $168,577
Income Estimation: 
$164,835 - $201,088
Income Estimation: 
$135,994 - $168,063
Income Estimation: 
$161,209 - $233,553
View Core, Job Family, and Industry Job Skills and Competency Data for more than 15,000 Job Titles Skills Library

Job openings at American Medical Association

American Medical Association
Hired Organization Address Chicago, IL Full Time
Product Manager Chicago, IL (Hybrid) The American Medical Association (AMA) is the nation's largest professional Associa...
American Medical Association
Hired Organization Address Chicago, IL Full Time
Sr. Evaluator Remote - Chicago IL, California, Florida, Illinois, Indiana, Maryland, Massachusetts, New Jersey, New York...
American Medical Association
Hired Organization Address Chicago, IL Full Time
Communications Specialist II Chicago, IL (Hybrid) The American Medical Association (AMA) is the nation's largest profess...
American Medical Association
Hired Organization Address Chicago, IL Full Time
Customer Service Rep II Remote Chicagoland Area (IL, IN, WI) The American Medical Association (AMA) is the nation's larg...

Not the job you're looking for? Here are some other Sr IT Security Engineer (Hybrid) jobs in the Chicago, IL area that may be a better fit.

Sr Security Engineer 29892

Solving IT, Chicago, IL

AI Assistant is available now!

Feel free to start your new journey!