IT Security Engineer II

IT Security Engineer II with PCI Compliance Experience Join Spartanburg Regional Healthcare System! Position Summary We are seeking an IT Security Engineer with PCI Compliance experience to join our team at Spartanburg Regional Healthcare System. This individual contributor role focuses on Technical Analysis and Identity Access Management of information systems and business process workflows. The IT Security Engineer II is responsible for supporting a global program to identify, exploit, and communicate application and network layer vulnerabilities. Additionally, this role will identify gaps in process and administrative controls and assist in remediation. Core responsibilities include participating in all Information Security incident response activities, developing strong relationships with business process owners to execute security assessments, and promoting remediation. The Engineer may also lead the care and feeding of key enterprise software packages. Other responsibilities include participating in integration efforts within Security and with IT partners, conducting tabletop exercises, and providing timely management reporting to ensure situational awareness across the security organization. Strong technical and analytical experience is essential. Minimum Requirements Education BS degree (Experience may substitute for education) Experience 5-7 years of IT experience Preferred Requirements Preferred License/Registration/Certifications PCI QSA, PCIP, PCI QIR, CSA+, GCED, CISSP, LPIC-2 Core Job Responsibilities Manage security posture to ensure compliance with PCI, HIPAA, and identify/mitigate risks to sensitive data. Conduct regular risk assessments and implement controls to safeguard confidentiality, integrity, and availability of systems. Execute incident response procedures. Work within the incident response team to mitigate threats and vulnerabilities. Strong understanding of and experience in applying security and access frameworks (NIST, ISO, COBIT). Assist in the maintenance of security controls. Assist in the design of computer security architecture and cybersecurity designs. Troubleshoot Windows, Linux, and Network environments. Configure and troubleshoot security infrastructure devices. Develop technical solutions to mitigate security vulnerabilities and automate repeatable tasks. Understand firewall rules and collaborate with the network team to implement rules, improve processes, and apply industry best practices. Identify, document, and report on risk thresholds. Work with external teams to ensure all necessary logging sources are reporting to the SIEM. Maintain SIEM operations. Create and maintain documentation of process workflows. Perform upgrading, patching, hardening, and routine maintenance of Information Security infrastructure systems. Conduct post-deployment monitoring and testing. Perform intrusion detection analysis. Support security audits, risk analysis, and assessments. Make recommendations for enhancing data systems security. Implement security solutions within hardware and software processes. Formulate recommendations for security policies and procedures. Analyze process performance, identify areas of concern, and formulate corrective action plans. May be assigned care and feeding of Security core systems. Own the Identity Access Management process. Monitor and report changes to key systems. Maintain technical knowledge within the industry. If you are a skilled IT Security Engineer with PCI compliance experience, we invite you to apply and join our dedicated team at Spartanburg Regional Healthcare System.

IT Security Engineer II with PCI Compliance Experience

Join Spartanburg Regional Healthcare System!

Position Summary

We are seeking an IT Security Engineer with PCI Compliance experience to join our team at Spartanburg Regional Healthcare System. This individual contributor role focuses on Technical Analysis and Identity Access Management of information systems and business process workflows. The IT Security Engineer II is responsible for supporting a global program to identify, exploit, and communicate application and network layer vulnerabilities. Additionally, this role will identify gaps in process and administrative controls and assist in remediation. Core responsibilities include participating in all Information Security incident response activities, developing strong relationships with business process owners to execute security assessments, and promoting remediation. The Engineer may also lead the care and feeding of key enterprise software packages. Other responsibilities include participating in integration efforts within Security and with IT partners, conducting tabletop exercises, and providing timely management reporting to ensure situational awareness across the security organization. Strong technical and analytical experience is essential.

Minimum Requirements

Education

• BS degree (Experience may substitute for education)

Experience

• 5-7 years of IT experience

Preferred Requirements

Preferred License/Registration/Certifications

• PCI QSA, PCIP, PCI QIR, CSA+, GCED, CISSP, LPIC-2

Core Job Responsibilities

• Manage security posture to ensure compliance with PCI, HIPAA, and identify/mitigate risks to sensitive data.

• Conduct regular risk assessments and implement controls to safeguard confidentiality, integrity, and availability of systems.

• Execute incident response procedures.

• Work within the incident response team to mitigate threats and vulnerabilities.

• Strong understanding of and experience in applying security and access frameworks (NIST, ISO, COBIT).

• Assist in the maintenance of security controls.

• Assist in the design of computer security architecture and cybersecurity designs.

• Troubleshoot Windows, Linux, and Network environments.

• Configure and troubleshoot security infrastructure devices.

• Develop technical solutions to mitigate security vulnerabilities and automate repeatable tasks.

• Understand firewall rules and collaborate with the network team to implement rules, improve processes, and apply industry best practices.

• Identify, document, and report on risk thresholds.

• Work with external teams to ensure all necessary logging sources are reporting to the SIEM.

• Maintain SIEM operations.

• Create and maintain documentation of process workflows.

• Perform upgrading, patching, hardening, and routine maintenance of Information Security infrastructure systems.

• Conduct post-deployment monitoring and testing.

• Perform intrusion detection analysis.

• Support security audits, risk analysis, and assessments.

• Make recommendations for enhancing data systems security.

• Implement security solutions within hardware and software processes.

• Formulate recommendations for security policies and procedures.

• Analyze process performance, identify areas of concern, and formulate corrective action plans.

• May be assigned care and feeding of Security core systems.

• Own the Identity Access Management process.

• Monitor and report changes to key systems.

• Maintain technical knowledge within the industry.

If you are a skilled IT Security Engineer with PCI compliance experience, we invite you to apply and join our dedicated team at Spartanburg Regional Healthcare System.