What are the responsibilities and job description for the Senior Security Engineer Public Health position at BGSF?
Job Description
Recruiting a Senior Security Engineer Public Health. In this role, you will ensure that Agencies that manage processing public health information and other sensitive information are compliant with applicable regulations such as HIPAA, best practices, and the city’s IT security standards. The ideal candidate will have experience performing risk and compliance assessments, prioritizing the results, and implementing security controls.
Sr Security Engineer Public Health responsibilities may include but are not limited to:
Recruiting a Senior Security Engineer Public Health. In this role, you will ensure that Agencies that manage processing public health information and other sensitive information are compliant with applicable regulations such as HIPAA, best practices, and the city’s IT security standards. The ideal candidate will have experience performing risk and compliance assessments, prioritizing the results, and implementing security controls.
Sr Security Engineer Public Health responsibilities may include but are not limited to:
- Drive collaboration with city agencies such as the Health Department, Mayor Office of Children and Family Services, Mayor Office of Homeless Services, Fire Dept Emergency Medical Technicians, and others that handle processing personal health information and other sensitive data to ensure compliance with HIPAA, best practices and the city’s IT standards.
- Document the use cases and requirements that describe how a system will be used, what processes it will support, and who will use the system.
- Perform risk assessment and threat modeling to find and quantify vulnerabilities against new systems and legacy systems.
- Find HIPAA regulations, compliance standards, or City IT security standards that must be met by the system.
- Document the security controls needed to mitigate threats and vulnerabilities and to meet regulations, compliance, or city IT security standards.
- Review system design documentation to ensure security requirements are met, and to surface and address any added vulnerabilities that are found in the design phase.
- Review and contribute to test plans and test cases to ensure security requirements are evaluated.
- Review implementation plans and standard operating procedures to ensure controls and secure processes are being developed and implemented.
- Monitor system implementation to ensure security controls are running effectively.
- Find and address gaps in the city’s system engineering and security engineering processes to drive improvements.
- Collaborate effectively with all agencies, departments, and other federal, state, and local government partners and vendors.
- Supply regular status to Information Security leadership.
- Support analysis of security events and incident response as needed.
- Bachelor of Science degree in Information Technology, Computer Science, or Computer Engineering or related discipline from an accredited college or university; and
- Six years of security engineering experience including healthcare systems, compliance frameworks, and choice and implementation of security controls.
- Relevant certifications (e.g., CISSP, CCSP, GCED, CEH, CCNP) preferred.
- Requires the utmost integrity, judgment, and discretion in performing duties and managing sensitive matters.
- Ability to pass background checks by national law enforcement.
- Requires proven understanding and experience with network and security architecture, multiple operating system platforms, databases, web applications, and other evolving mobile and cloud technologies, along with the following: malware inspection, traditional and application layer firewalls, VPN, identity management systems, data loss prevention, and network and host-based intrusion detection/prevention systems.
- Knowledge of HIPAA, NIST Cyber Security Framework, security risk assessment processes, and other information security control frameworks.
- Knowledge of network communication using TCP/IP protocols, basic system administration, virtual systems, active directory architecture, web proxies, etc.
- Requires excellent verbal and written communication skills.
- Ability to multi-task and work under pressure in a challenging environment.
- Diligence and proven critical thinking skills.
- Collaborator, self-confident, motivated, with excellent communication skills
- Current knowledge of technology capabilities and trends; types, and techniques of threat actors
