Cyber Security Engineer

ScionHealth is recruiting for a Cyber Security Engineer to join our team!  Remote candidates will be considered for this role. 

Job Summary

The Cyber Security Engineer will investigate security incidents through log analysis, interviewing, evidence collection and preservation.  Perform security analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, UNIX, and Linux systems.

Candidates will be expected to have familiarity with security systems and principles and be able to function interchangeably within a team of security engineers to support a cross functional approach within a highly complex and interconnected networked environment.

A well-qualified candidate will be responsible for the analysis of and response to 2^nd level security events.  This will require knowledge for working information security alerts through the use of an Endpoint Detection and Response (EDR) System and Security Information and Event Manager (SIEM) to triage, mitigate, and escalate issues as needed while capturing essential details and artifacts.  On-call responsibilities will be required.  The candidate will need to demonstrate proficiency with the tools and processes mentioned below.

Essential Functions

• Acts as liaison with solution owners and IT groups to ensure understanding of security principles.
• Collaborate with team members of the ScionHealth Security teams, application owners, software architects, and administrators.
• Ability to keep the Director of Cyber Security informed of security incidents and answer security related questions/concerns in a clear, concise, understandable manner.
• Ability to work independently as needed.
• Stay informed on attacks and vulnerabilities on all types of systems, including all Microsoft Windows systems, Linux, Unix, Cisco IOS, PAN-OS, and known threats.
• Make recommendations for changes to the environment that can help in the removal of vulnerabilities and a reduction in the risk of exploitation that may result in potential incidents.
• Initiate and produce custom scripts needed to make logging and alerting requirements easy and effective.
• Analyze and recommend security controls and procedures in business processes related to the use of information systems and assets, and monitors for compliance.
• Monitor information systems for security incidents and vulnerabilities; develop monitoring and visibility capabilities; report on incidents, vulnerabilities, and trends.
• Respond to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches; interact and coordinate with third-party incident responders, including attorneys and law enforcement, if needed.
• Analyze and develop information security procedures, standards, baselines and guidelines with respect to information security.
• Assess, plan, and enact security measures to help protect our organization from security breaches and attacks on its computer network and systems.
• Oversee vulnerability scans to identify vulnerabilities and consult with technical teams on remediation of identified vulnerabilities.
• Assist with the coordination of penetration testing, and work with technical teams on remediation efforts of pen testing results.

Education

• Bachelor’s degree in Computer Science, Information Systems, Cyber Security or a related field. Relevant experience may be substituted in some cases.

Licenses/Certifications (Desired)

• Certified Information Systems Security Professional (CISSP)
• Certified Cloud Security Professional (CCSP)
• Certified Incident Handler (GCIH)
• Certified Ethical Hacker (CEH)

Experience

• 3 years of experience in Network Security or a Cyber Security discipline.
• Experience working security events and/or working security audit items in a team environment.
• Familiarity of network controls such as firewall rules, IDS Systems, Network logging, DLP, and Network segmentation.
• Ability to consult with IT stakeholders as needed.

Knowledge/Skills/Abilities

• Healthcare experience is preferred.
• Previous Cyber Security, Network Security or SOC experience preferred.
• Working with Vulnerability Management Tools a plus.
• Working with SIEM platforms a plus.
• Strong analytical, collaborative, problem-solving, organizational and planning skills.
• Excellent written and verbal and interpersonal skills.
• Possess a high level of technical knowledge of security platforms including:
  • Palo Alto Firewalls/IDS/IPS
  • Proofpoint email protection
  • Mimecast email protection
  • CrowdStrike EDR
  • Google Chronicle SIEM
  • Microsoft Sentinel SIEM
  • Microsoft Purview DLP

Depending on a candidate's qualifications, this role may be filled at a different level.