Information Security Engineer

Job Summary:

Under the general supervision of the Information Security Chief, the Information Security Engineer implements and maintains information security solutions for the organization. The individual is expected to provide leadership and support for all security and related technical operations. Requires a diverse set of skills including advanced problem solving, solid verbal and written communication, excellent relationship building experience, multi-tasking, and strong leadership skills. Maintains a diverse knowledge of computer systems architecture and administration (workstation, server and network). This position requires full understanding and active participation in fulfilling the Mission and Vision of the organization. It is expected that the employee demonstrates behavior consistent with the Core Values while supporting the strategic plan, goals, and performance improvement initiatives at the organization.

Required Skills and Experience:

• Bachelor's degree and/or typically 5 or more years related work experience with a track record of risk assessment, problem identification, analytical problem solving, and issue resolution
• Ability to learn quickly and multitask
• Process-oriented
• Excellent written/verbal communication skills
• One or more of the following security certifications required: CompTIA Security
• CompTIA Advanced Security Practitioner (CASP)
• GIAC Security Essentials (GSEC)
• Certified Information Systems Security Professional (CISSP)
• Healthcare Certified Information Systems Security Professional (HCISSP) or able to obtain within 1 year.

Key Responsibilities:

• Update Customer Service database with appropriate information
• Active participation in departmental committees as needed
• Strong team player that takes and provides direction as necessary Assist with authoring, reviewing, and documenting of security and departmental policies, procedures and technical guides.
• Identify and solve a wide variety of user and procedural problems to ensure security while allowing for user functionality
• Assists with security awareness activities and promotes information security throughout the organization in accordance with the Information Security Officer.
• Maintains utmost confidentiality of data in handling sensitive security incidents and issues.
• Maintains broad knowledge of best practices and trends in the field of Information Security. Includes relevant security certification and continuing education.
• Assists leadership with development of short and long-range goals and objectives that are consistent with those of the organization.
• Serves as an internal information security consultant to the organization. Reviews new system designs and major modifications for security implications prior to implementation.
• Assists in leading the research, development/configuration, and implementation of IT security solutions. Work with hardware and software vendors as needed. Provide project status and reporting to key stakeholders.
• Implement, configure, monitor, and support encryption systems. Includes full disk and removable media encryption. Implement, configure, monitor, and support security tools such as anti-virus/anti-malware software for all environments. Respond to and remediate malware incidents on workstations and servers.
• Implement, configure, monitor, and support data loss prevention systems. Implement, configure, support, and monitor perimeter and internal security systems such as firewalls and intrusion detection systems.
• Implement, configure, monitor, and support remote connectivity between local network and external networks including employee VPN, site-to-site VPN, SFTP/FTPS, etc.
• Implement, configure, monitor, and support patient privacy monitoring systems. Coordinate/complete technical tasks to maintain regulatory compliance with HIPAA, PCI-DSS, and other healthcare regulations.
• Responds to IS compliance and security issues (including but not limited to downtimes, data integrity and security breaches) by fully assessing and documenting the situation and recommending and/or implementing solutions to solve the immediate issue and proactively prevent the issue from recurring in cooperation with the ISO. Escalates security incidents/questions/issues as needed to appropriate leaders or colleagues.
• Implement, configure, support, and monitor internal/external vulnerability scanning systems. Includes vulnerability testing and risk analyses. Inform leadership of the risk and coordinate activities to reduce the risk. Track new vulnerability and patch alerts and ensure multiple teams take appropriate actions.
• Review and fulfill requests for employees, contractors, alliances, and other third parties for system access. Includes implementation, configuration, monitoring, and support of vendor remote access systems.
• Creates, coordinates, and assists in the development and maintenance of the organization's disaster recovery plans.
• Performs internal audits in accordance with corporate security policies to maintain regulatory compliance.
• Implement, configure, support, and monitor email security systems.
• Implement, configure, support, and monitor security information and event management (SIEM) systems. Implement, configure, support, and monitor minor/support security systems (including but not limited to Active Directory auditing system, Secure credential storage system, etc.)