The Security Engineer will report to the Information Security Officer for a healthcare technology company. The Security Engineer will be the primary person responsible for maintaining and running security systems for a healthcare technology company. Security systems include: Patch Management System, Anti-Virus, Web Filter, SIEM (Security Incident Event Manager), Firewalls, Intrusion Detection/Prevention Systems. This person will also be responsible for education, training, and awareness activities; monitoring compliance with company security policy and applicable laws; and coordinating investigation and reporting of security incidents.
- Support with patching; deploying updates on desktops and servers
- Day-to-day administration of security systems: Anti-Virus/Malware, Data Encryption/DLP, Web Filter, Security Incident Event Manager (SIEM), Firewalls, Intrusion Detection/Prevention Systems
- Vulnerability Management scans of environment (Nessus, Qualys, GFI Languard)
- Security administration of individual and system accounts
- Proactively assesses potential items of risk and opportunities of vulnerability in the network.
- Document and maintain standard operating procedures (SOP)
- Support building reports for management and audits
- Research, evaluate and recommend technology products and services.
- Works on multiple projects as a project team member and occasionally as a project leader.
- Bachelor's degree preferred or equivalent combination of education and experience required for specific job level
- Experience with PCI a plus.
PERSONAL CHARACTERISTICS, SKILLS & KNOWLEDGE:
- 3-5 years security operations experience desired
- 5-7 years of IT work experience having a high level of expertise in multiple system environments; or equivalent combination of education and experience
- Ability to communicate effectively verbally and in writing
- Ability to establish and maintain effective working relationships with employees, vendors, clients and public
- Ability to work independently as well as with a team
- Experience with being on a CSIRT team
- Experience with cloud computing
- Experience with Microsoft Windows operating system is essential
- Experience with patch management systems (GFI Languard)
- Extensive knowledge of systems mentioned above
- Extensive knowledge of VMware VSphere
- General knowledge of storage management
- Knowledge of Disaster Recovery practices and concepts
- Security certifications preferred (CISSP, CISA, CISM, GIAC, CEH)
- Skill to effectively analyze and solve problems
- Working knowledge of any of the standards or regulations PCI, HIPAA, GLBA, SOX, ISO27001
- Working knowledge of ethical hacking or penetration tests