Information Security Engineer III

CareOregon

$113K — $139K *
US-AnywhereRemote in Oregon, US
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Minimum 5 years of experience in information security solutions and services.
  • Expertise in WAN firewalls, load balancers, and proxies.
  • Proficient in designing and supporting network DMZs.
  • Strong understanding of computer security with a focus on risk analysis and compliance.
  • Relevant certifications such as CISSP, GIAC, or Security+.
  • Ability to use scripting languages like Python or PowerShell.

Responsibilities

  • Lead design and management of security technologies.
  • Provide expertise for security-related projects.
  • Advise on best practices in security design.
  • Execute complex service requests and manage network ticket escalations.
  • Analyze business needs and recommend security solutions.
  • Develop and maintain documentation for security systems.
  • Coordinate with vendors for product recommendations and service contracts.

Benefits

  • Comprehensive medical, dental, and vision insurance.
  • Health savings and flexible spending accounts available.
  • Robust wellness program and employee assistance program.
  • Generous PTO and sick leave accrual based on hours worked.
  • Strong retirement plan with employer contributions.
  • Paid holidays and additional leave types like bereavement and volunteer time.
Full Job Description
Information Security Engineer III

The IS Security Engineer III is responsible for managing corporate security as well as designing and developing effective solutions to support business strategies. This role is essential toward maturing CareOregon's security model. This position spends substantial time partnering with business leaders, architecting, and implementing IS policies and systems (plan, design, install, and maintain).

Estimated Hiring Range:
$113,940.00 - $139,260.00

Bonus Target:
Bonus - SIP Target, 5% Annual

Current CareOregon Employees: Please use the internal Workday site to submit an application for this job.

Essential Responsibilities

Security Design and Development
  • Lead the design and management of security technologies, including but not limited to firewalls, proxy systems, logging, and other security devices.
  • Provide security technology expertise to the organization; participate in and consult on projects.
  • Advise other IS teams on best practices for security design.
  • May serve as a resource to developing engineers.


Security Management and Operations
  • Execute tasks related to tickets and service requests for advanced to complex activities, and provide escalation support for network tickets.
  • Oversee the maintenance of security systems, including firewalls, proxy systems, logging, and other security devices, and vendor provided services.
  • Analyze business needs; partner with leaders across the organization in order to research and recommend solutions which balance business need and risk mitigation.
  • Define, build, and review reports on information security system performance and event anomalies; ensure internal adjustments are made and substantial gaps documented and elevated to management.
  • Develop and maintain appropriate technology documentation, including current design and operation.


Standards and Policy Administration
  • Author and serve as subject matter expert to define requirements and standards for information security.
  • Monitor and continually review existing systems to ensure they are designed to comply with established standards and to empower business operations.
  • Develop and maintain information securing policies.
  • Integrate network engineers in the development and management of security policies and systems, such as firewalls, intrusion detection, and intrusion prevention devices.
  • Lead the planning for and support of disaster recovery and business continuity initiatives.


Vendor Coordination and Relations
  • Conduct product and vendor research, and present recommendations to management.
  • Manage relations with vendors and equipment suppliers, including installation and repair of services.
  • Oversee the development of, monitor, and maintain electronic data exchanges with outside entities
  • Maintain service contracts and licensing; negotiate with outside parties; escalate issues as needed.

Organizational Responsibilities
  • Perform work in alignment with the organization's mission, vision, and values.
  • Support the organization's commitment to equity, diversity, and inclusion by fostering a culture of open mindedness, cultural awareness, compassion, and respect for all individuals.
  • Strive to meet annual business goals in support the organization's strategic goals.
  • Adhere to the organization's policies, procedures, and other relevant compliance needs.
  • Perform other duties as needed.


Required Knowledge, Skills, and Abilities

Technical
  • Advanced knowledge of data loss prevention (DLP), Intrusion Detection systems (IDS), and Intrusion Prevention systems (IPS)
  • Expert troubleshooting of system performance issues and root cause
  • Expert knowledge of network transport protocols and industry standards
  • Strong process-orientation with knowledge of ITIL concepts
  • Knowledge of Vulnerability Management systems and processes
  • Knowledge of Security Incident and Event Management (SIEM) systems
  • Ability to program using scripting languages Python, Powershell, VB, C++, and/or others


Communication
  • Strong, clear communication skills, including listening, verbal, written, customer service, meeting facilitation, and presentations
  • Ability to clearly articulate policies, instructions, goals, and objectives
  • Able to convey appropriate level of detail effectively to all levels of the organization including non-technical staff and executive leadership
  • Ability to simplify and present complex concepts in an easily understood way
  • Ability to proactively and appropriately communicate status and needs


Other
  • Ability to author policies, document risks, and propose solutions to information technology management and senior leadership
  • Possess a high degree of initiative and motivation
  • Ability to effectively collaborate with coworkers, staff, leaders, and executives across all departments
  • Able to lead teams of people without oversight
  • Able to see the big picture beyond a request and takes appropriate holistic action, employing "systems thinking"
  • Strong project management skills
  • Strong vendor management skills
  • Strong organizational skills
  • Prioritizes work based on business need and direction
  • Strong analytical and research skills. Able to see patterns in data and draw appropriate conclusions.
  • Able to propose solutions and communicate business value
  • Positive attitude
  • Understanding of and ability to adhere to governance and process
  • Ability to mentor and develop junior staff
  • Ability to occasionally work outside of standard office hours


Education and/or Experience

Required:
  • Minimum 5 years' experience delivering information security solutions and related services. Experience should include most or all of the following:
    • WAN firewalls, load balancers and proxies
    • Designing, configuration, and ongoing support of a network DMZ
    • Developing secure collaboration solutions for external partners or affiliates
    • Computer security combined with risk analysis, audit, and compliance objectives
    • ITIL concepts and practices

Preferred:
  • Additional experience in related technology support and/or operational positions
  • Experience with MS suite
  • Certifications: CISSP, CASP+, GIAC certifications (GSEC, GCIA, GCIH, GPEN, etc.), CCSP, CISM, Security+, Microsoft Security certifications (SC-100, SC-200, AZ-500), Identity and Access Management (IAM), Privileged Access Management (PAM), Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), Vulnerability Management, Email Security and Anti-Phishing Solutions, Cloud Security (Microsoft Azure, AWS, or GCP), Network Security Controls , Data Loss Prevention (DLP), Security Monitoring and Incident Response, Secure Configuration and Hardening Standards, Security Automation and Scripting (PowerShell, Python, Bash)


We offer a strong Total Rewards Program. This includes competitive pay, bonus opportunity, and a comprehensive benefits package. Eligibility for bonuses and benefits is dependent on factors such as the position type and the number of scheduled weekly hours. Benefits-eligible employees qualify for benefits beginning on the first of the month on or after their start date. CareOregon offers medical, dental, vision, life, AD&D, and disability insurance, as well as health savings account, flexible spending account(s), lifestyle spending account, employee assistance program, wellness program, discounts, and multiple supplemental benefits (e.g., voluntary life, critical illness, accident, hospital indemnity, identity theft protection, pre-tax parking, pet insurance, 529 College Savings, etc.). We also offer a strong retirement plan with employer contributions. Benefits-eligible employees accrue PTO and Paid State Sick Time based on hours worked/scheduled hours and the primary work state. Employees may also receive paid holidays, volunteer time, jury duty, bereavement leave, and more, depending on eligibility. Non-benefits eligible employees can enjoy 401(k) contributions, Paid State Sick Time, wellness and employee assistance program benefits, and other perks. Please contact your recruiter for more information.

Similar Jobs

More Jobs at CareOregon

More Information Technology Jobs

Find similar Information Security Engineer III jobs: