HybridJob Description:Reporting to the Information Security Manager, the Information Security Engineer is responsible for maintaining and implementing the cybersecurity infrastructure and program at Community Healthcare System. This position will work very closely and collaborate with other technical teams to respond to threats as well as on a daily basis to maintain the security posture of the environment.
This position works on highly complex projects and maintains knowledge across multiple domains (networking, server, end points, mobile, cloud, etc). The Information Security Engineer has a thorough understanding of network defense technologies, TCP/IP networking, Active Directory, DHCP, DNS, network security monitoring tools, secure engineering principles and technical security testing.
This is a hands-on role which will be involved in patching, maintaining firewalls, scanning for vulnerabilities, keeping current on the latest security threats and trends, and reviewing technical architecture for security compliance. This individual will be regarded as an expert in all things cybersecurity related.
- Demonstrate knowledge of internal control concepts, objectives and practices; business process analysis and risk assessment practices; generally accepted documentation standards; and the operations that impact information technology and security. Understanding of control frameworks (i.e. COSO model, NIST Cybersecurity Framework, COBIT model, CIS Controls Framework, ISO 27001 & 27002, or CMMC) and IIA Standards & Guidance.
- Conduct highly confidential and complex technology, operational and integrated audits under the direction of Information Security Officer.
- Through audits, evaluate manual and automated processes; identify areas of non-compliance and process weaknesses and inefficiencies.
- Properly document audit results, commenting on the adequacy and effectiveness of the controls and processes being audited and presenting remediation solutions where control weaknesses and root cause have been identified.
- Assess risks and internal controls: identify areas of non-compliance, evaluate manual and automated processes, and identify process weaknesses and inefficiencies.
- Work collaboratively and independently on special assignments that may require specialized knowledge and experience.
- Participate in discussions with Information Security Officer and the Security Teams to communicate audit results and recommendations.
- Identifies approaches to correct information systems control deficiencies and maturity gaps to ensure that deficiencies are appropriately considered and remediated.
- Comply with company code of conduct and professional ethical standards.
- Performs technical risk assessments and impact analysis as assigned.
Required Skills & Qualifications: - Bachelor's Degree in Business, Computer Science or related field.
- 3-5 years of enterprise IT security engineering experience. CISSP preferred.
- Must possess expert understanding of Information Technology, Information Security, and Risk Management.
- Knowledge of security and control frameworks, such as ISO 27001, COBIT, and NIST Cybersecurity Framework.
- Systems Security Certified Practitioner (SSCP), CompTIA Security+, or GIAC Security Essentials Certification (GSEC) certification required or must be obtained within 2 years of hire.
- Experience with ProofPoint, Cisco AMP, SpecOps and other industry standard security tools.
- Experience with Palo Alto Firewalls
- Advanced knowledge of Network Security
- Advanced knowledge of Endpoint Security
- Advanced knowledge of Server hardening, patching, and baselining
- Advanced knowledge of Mobile device security
- Advanced knowledge of Data Loss Prevention
- Advanced knowledge of IDS/IPS
- Advanced knowledge of Log analysis
- Skilled critical thinking
- Cisco ISE or NAC experience desired
- Keeps current on emerging threats and mitigation strategies.
- Scripting (Python, Perl, PowerShell) knowledge preferred.
