Information Security Engineer 14715

Northern Arizona Healthcare Flagstaff , AZ 86002

Posted 3 months ago

Overview

The Information Security Engineer is responsible for the operations and maintenance of enterprise information security controls and for ensuring the appropriate operational security procedure is maintained for information systems, programs, and data. The Engineer will also maintain and assist in developing the processes and systems to effectively manage the operations of security systems throughout the enterprise. The Engineer will advise on security best practices, security strategy, security architecture, and security design work. The Engineer will work within the Operations and Engineering team that monitors and protects NAH systems from ongoing threats and will be responsible for enforcement of policies, standards and procedures. The Engineer ensures the organization is prepared to take a proactive stance to defend against emerging security threats and respond to active threats without delay

Responsibilities

Security Controls performance/management

  • Assists in the development, implementation, and day to day maintenance of IT security & control infrastructures. Provides on staff consulting for security requirements in system development activities, policies, standards and procedures.

  • Conducts routine information security procedures including, documentation, metrics reporting, change control, maintaining ticketing queues, vulnerability scanning, assessment, vulnerability management, etc.

  • Supports the implementation and ongoing operations of access controls and user access rights as required.

  • Conducts AV and intrusion tests to assess the probability of risks occurring and the impact on the organization.

  • Works collaboratively with multidisciplinary teams to implement new technology, support existing, and at times does so after normal business hours.

  • Monitors centrally critical systems and responds to security events according to procedure and experience.

  • Installs, configures, manages, and maintains mission-critical enterprise applications such as AV, software delivery, patching, log management and other technical controls.

  • Supports the Incident Response Team during a cyber-incident.

  • Provides technical support for day-to-day security operations, change management and business continuity programs.

  • Troubleshoots security systems and related issues.

Leadership/Decision Making

  • Provides mentoring to staff as a means to develop job satisfaction and coordinates cross-training opportunities with other technical support groups.

  • Researches and recommends security solutions and products and implements new security controls. Maintains knowledge of applicable IT security practices.

Financial Management

  • Identifies cost savings opportunities through the expanded or enhanced use of technology.

  • Assists in establishing overall IT Security budget.

Compliance/Safety

  • Responsible for reporting any safety-related incident in a timely fashion through the Midas/RDE tool; attends all safety-related training programs; performs work in a safe manner; monitors work environment for possible safety issues and ensures others are also performing work in a safe manner.

  • Stays current and complies with state and federal regulations/statutes and company policies that impact the employee's area of responsibility.

  • If required for the position, ensures all certifications and/or licenses are up-to-date and valid prior to expiration dates.

  • Completes all company mandatory modules and required job-specific training in the specified time frame.

  • Maintains up to date knowledge regarding emerging security threats and corrective action. Applies strategy and tactical responses in real-time in a high stress and changing environment.

  • Performs mock intrusion and penetration testing to identify security gaps and creates and implements corrective action

Qualifications

Bachelor's of Science Degree in Information Systems, Computer science or related field- Required

Certification & Licensures One or more senior information security certifications (CISSP, CISA, CEH, CISM, GIAC)- Required

Experience Minimum of four (4) years of relevant security and network experience- Required

Minimum of two (2) years experience with End User Workstation security and configuration- Required

Experience in at least one of the following disciplines: Endpoint Security (AntiVirus/AntiSpyware/IPS), Web Content Filtering, Application Aware firewalls, and/or Encryption, Security Event/Incident Monitoring- Required

Technical knowledge and extensive hands on experience with security and networking architecture, networking protocols, network security design, wireless security, intrusion prevention/detection, firewall architecture, and incident management response systems- Required

Experience with scripting technologies, LDAP, Active Directory; Group Policy; and domain architecture- Required

Experience with Single Sign on solutions (i.e., Imprivata, Vergence)- Required

Experience with Citrix hosted applications- Required

Implementation or IT operational experience with end user product in a healthcare environment- Required

Experience with formal security auditing process and mediation planning- Required

Healthcare is a rapidly changing environment and technology is integrated into almost all aspects of patient care. Computers and other electronic devices are utilized across the organization and throughout each department. Colleagues must have an understanding of computers, and competence in using computers and basic software programs.


icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Lead Systems Security Administrator Information Technology (0919)

Coconino County

Posted 6 days ago

VIEW JOBS 11/8/2019 12:00:00 AM 2020-02-06T00:00 Nature of Work As an award-winning organization with high regard for cultural diversity and the positive contributions of the many thriving cultures within our county, our nation, and our society, Coconino County leads a variety of initiatives that celebrate diversity; from our Annual Diversity Day, and monthly Heritage Lunch & Learns, to book clubs, and professional development academies which target diverse workforce segments, Coconino County's respect for diversity is shared throughout the organization. Under general direction performs work of considerable difficulty managing the County's Global Information Security Program; performs related work as assigned. Please note- this posting is open until filled. Typical Duties * Plans, organizing, implements, administers and evaluates the County's Global Information Security Program, including HIPAA compliance, Security Awareness, Risk Assessment, Business Impact Analysis, Disaster Recovery, and Business Resumption, to provide services and protection to County employees * Analyzes policies and procedures to improve security program efficiency and effectiveness * Supervises assigned personnel in addition to managing the County security tools, routine audits, security awareness, and internal IT Security processes * Negotiates, administers and documents all IT Security expenditures within the division and work cross functionally with the IT Business Manager ensuring software, hardware, maintenance, and warranties are active and contracts are up to date * Drives the development, adoption and enforcement of information security policies, procedures and standards including annual review and update accordingly with Chief Information Officer / IT Director approval * Communicate regularly to the County Chief Information Officer / IT Director regarding budget, risk, compliance, policy governance, and project timelines * Builds and maintains County security procedures including incident response and incident reporting * Maintains working relationships with community agencies and organizations * Support and participate in programs to protect the Confidentiality, Integrity and Availability of the Counties technology infrastructure and information resources * Present to the Board of Supervisors or management team regarding security topics * Lead the audit and compliance of the County infrastructure, security monitoring, firewalls, intrusion detection, remote access logs, scrutinizing network traffic, ensuring adherence to IT security policies, coordinating incident response to detected anomalies. * Continuously partner with stakeholders regarding patch management to ensure all systems are compliant based off daily vulnerability assessments * Investigates security violations, maintains records and writes reports * Develops, promotes, trains and presents security awareness education to County departments Essential functions of this position include but are not limited to: walking; working with and around other staff and County employees; dealing with interruptions; repetitive motion (hand-wrist) for keyboarding; vision-acuity (near) for monitoring PC screen data; Color vision necessary for working with color coded cables; hearing and speech (ordinary conversation) for communicating with staff and customers; touch (finger dexterity) for keyboarding; Environmental hazards include electrical hazards associated with working with computers, servers and circuits, and potential for falls from ladders. Minimum Qualifications Bachelor's Degree in communications, computer science, information processing or a related field and five years of information technology experience including two years managing large-scale, complex information technology security requirements including writing, implementing and maintaining security policies and development managing disaster preparedness/recovery plans; OR, any equivalent combination of education, training and experience which demonstrates the ability to perform the duties of the position. Must obtain an Arizona driver's license by date of hire and maintain it throughout employment. Final job offer will be contingent upon a satisfactory 5-year Arizona Motor Vehicle Report. This position is safety sensitive - driving. The ideal candidate would be an energetic, enthusiastic self-starter with an emphasis on the customer experience. This position will be working to protect 100+ server VMware environment providing critical services to Coconino County internal/external partners. Preferred qualifications: Experience with network security management tools; vulnerability scanning and remediation; security information event management (SIEM); and tools to defend against and/or respond to attacks when they occur. Knowledge, Skills and Abilities Working knowledge of: * Principles and practices related to positive supervision * Principles and methods used in the analysis and development of information security systems and procedures * Experience with network security management tools; vulnerability scanning and remediation; security information event management (SIEM); and tools to defend against and/or respond to attacks when they occur. Hunt Operations for malicious files or actors * Operating systems, OSI-Layers, Networks * Security Operations/Network Monitoring * Network Mapping, Vulnerability/Application Scanners, Firewalls, Routers, IDS/IPS, AI * Public Key Infrastructure and other encryption techniques * Penetration/System Testing Skill in: * Preparing and presenting effective, clear and concise reports and correspondence * Identifying and recommending information security needs for the County * Analyzing and assessing policies and operational needs and making appropriate recommendations Ability to: * Effectively evaluate the work of others * Analyze and interpret complex data * Analyze problems and identify alternative solutions * Train and effectively manage assigned staff * Work safely and support the culture of workplace safety * Establish and maintain effective working relationships with employees, other agencies, service providers, and the public * Follow written and verbal instructions * Communicate effectively verbally and in writing Coconino County Flagstaff AZ

Information Security Engineer 14715

Northern Arizona Healthcare