What are the responsibilities and job description for the IT Security Engineer position at Pediatric Associates Family of Companies?
Remote Opportunity
Primary Function
Under the direction of the CISO, this role is responsible for building and operating security measures across both on-premise and cloud resources at Pediatric Associates Family of Companies (PAFC). The role is an individual contributor but must have the power to lead, influence and execute leveraging vendor partners, collaborating with stakeholders, and performing work themselves.
Essential Duties And Responsibilities
This list may not include all of the duties that may be assigned.
EDUCATION: Minimum two-year post-secondary degree (e.g., Associates) required. Four-year Bachelor’s degree in information security, information systems or similar field preferred.
EXPERIENCE: 5 or more years working in information security engineering and architecture required. 2 or more years securing Microsoft365 and/or Microsoft Azure platform required. 2 or more years working in the healthcare industry in an information security capacity preferred.
LICENSURE / CERTIFICATION
Adhere to all organizational information security policies and protect all sensitive information including but not limited to ePHI and PHI (Protected Health Information) in accordance with organizational policy, Federal, State, and local regulations.
PI266619868
Primary Function
Under the direction of the CISO, this role is responsible for building and operating security measures across both on-premise and cloud resources at Pediatric Associates Family of Companies (PAFC). The role is an individual contributor but must have the power to lead, influence and execute leveraging vendor partners, collaborating with stakeholders, and performing work themselves.
Essential Duties And Responsibilities
This list may not include all of the duties that may be assigned.
- Develop and lead implementation of security standards and practices that effectively and efficiently reduce risk for the organization’s digital resources, and partner with the IT infrastructure and engineering teams to implement, operate and monitor those standards and practices.
- Develop and lead implementation of standards and practices that embed security (“DevSecOps”) into the workflow and operation of the organization’s custom-developed applications, and partner with the software development and DevOps resources to implement, operate and monitor those standards and practices.
- Assess and leverage third-party resources and solutions to maximize and streamline the implementation and operation of security processes and procedures.
- Act as a subject matter expert (SME) for security tools, applications and processes, including how they’re integrated into the Software Development Lifecycle (SDLC) and IT change management.
- Develop and maintain documentation and diagrams for security tools, system environments, and IT security operations.
- Contribute to the development, testing and maintenance of the organization’s incident response plan and procedures.
- Investigate potential threats across the organization and respond to incidents per the prescribed procedures.
EDUCATION: Minimum two-year post-secondary degree (e.g., Associates) required. Four-year Bachelor’s degree in information security, information systems or similar field preferred.
EXPERIENCE: 5 or more years working in information security engineering and architecture required. 2 or more years securing Microsoft365 and/or Microsoft Azure platform required. 2 or more years working in the healthcare industry in an information security capacity preferred.
LICENSURE / CERTIFICATION
- CISSP or similar preferred.
- Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future.
- Be a technical leader who can think strategically, has extensive technical knowledge, and can leverage technology, automation and managed services to scale delivery of capabilities.
- Understands and continuously learns modern security architecture and solution strategies across people, process and technology.
- Technical understanding of and experience with Microsoft365 and Microsoft Azure and their respective security and compliance features.
- Technical understanding of and experience with modern security technologies such as Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), firewalls, Data Loss Prevention (DLP), vulnerability assessment tools, Cloud Security and Posture Management (CSPM) platforms, etc.
- Experience with scripting and network engineering a plus.
- Incident response plan development, implementation and operation.
- Stay current with the latest security trends, threats, and regulatory changes to ensure we stay ahead of the curve.
- Assessing and developing information security policies, procedures, standards and guidelines.
- Ability to effectively leverage vendor resources and professional services to deliver results.
- Excellent verbal and written communication skills; collaboration and interpersonal skills.
- Highly organized, detail-oriented, excellent time management skills, and able to effectively prioritize tasks in a fast-paced, high-volume, and evolving work environment.
- Independent judgement and decision-making abilities.
- Non-patient facing
- Full time remote.
- Must be U.S. based.
- Indoor office work.
- Operating computer.
- May require sitting while operating computers.
- Manual dexterity.
- Vision
- Sense of sound
- Sense of touch
Adhere to all organizational information security policies and protect all sensitive information including but not limited to ePHI and PHI (Protected Health Information) in accordance with organizational policy, Federal, State, and local regulations.
PI266619868
