Information Security EngineerLocation: Birmingham, AL
Work Schedule: Hybrid schedule with regular work onsite at the VIVA HEALTH corporate office and some work-from-home opportunities.
The
Information Security Engineer will participate in the planning, design, enforcement, and audit of security policies and procedures which safeguard the integrity of and access to enterprise systems, files, and data elements. This position will recognize and identify potential areas where existing data security policies and procedures require change and where new ones need to be developed, especially regarding future business expansion.
This role will provide management with risk assessments and security briefings to advise them of critical issues that may affect customers, members, or corporate security objectives. This individual will participate in the evaluation of security products, services, and/or procedures to further enhance the security posture of the organization.
The Information Security Engineer will work closely with other areas including Information Services Operations and Development to collaborate on security best practices. This role will foster an environment of heightened security through presenting at employee orientation, crafting organizational articles, and end-user education when required.
Benefits- Comprehensive Health, Vision, and Dental Coverage
- 401(k) Savings Plan with company match and immediate vesting
- Paid Time Off (PTO)
- 9 Paid Holidays annually plus a Floating Holiday to use as you choose
- Tuition Assistance
- Flexible Spending Accounts
- Healthcare Reimbursement Account
- Paid Parental Leave
- Community Service Time Off
- Life Insurance and Disability Coverage
- Employee Wellness Program
- Training and Development Programs to develop new skills and reach career goals
- Employee Assistance Program
See more about the benefits of working at Viva Health - https://www.vivahealth.com/careers/benefits
Key Responsibilities- Aid in the development of security plans and policies.
- Recommend and implement protections.
- Assist in vulnerability assessment and reparation.
- Using organizational tools, monitor for threat intelligence.
- Research weaknesses and find ways to counter them.
- Monitor for and investigate any security breaches.
- Participate in the vetting of 3rd party vendors and Business Associates.
- Perform enterprise risk assessments.
REQUIRED:- Bachelor's degree in Information Systems or related field or equivalent work experience
- 5 years' experience in a related field of work
- Knowledge of risk assessment tools, technologies, and methods
- Knowledge of security tools such as endpoint detection and response, monitoring of internet traffic for both onsite & remote users, and intrusion prevention
- Knowledge of database (MSSQL/MongoDB/MySQL)
- Knowledge of IDS/IPS, penetration, and vulnerability testing
- Knowledge of firewall and intrusion detection/prevention protocols
- Ability to function in a system administration role supporting multiple platforms and applications (Windows, UNIX, Linux OS, etc.)
- Ability to plan, research, and develop security policies, standards, and procedures
- Ability to communicate network security issues to peers and management
- Ability to read and use the results of mobile code, malicious code, and anti-virus software
PREFERRED:- CISSP or CISM
- Knowledge of disaster recovery, computer forensic tools, technologies, and methods
- Strong understanding of software development frameworks and code review
- Knowledge of virtualization technology
