Hourly Pay Range:$46.64 - $72.29 - The hourly pay rate offered is determined by a candidate's expertise and years of experience, among other factors.
Position Highlights:- Position: IT Security Engineer II
- Location: Skokie, IL or Warrenville, IL or Arlington Heights, IL
- Full Time
- Hours: Monday-Friday, 8:30AM - 4:30PM
- Hybrid Position
- Local travel to other corporate sites above will be required as needed
- On-Call Rotation
Job Summary: As the Security Engineer II at Endeavor Health, you will be responsible for enhancements and continuous improvement of the cybersecurity posture of the organization while maintaining a high-level of vigilance to safeguard the organization's data, systems, and resources. This role involves participating in the development and execution of the enterprise security strategy; developing, managing and communicating security policies, procedures and standards to application and business owners; conducting system reviews to ensure compliance with security requirements; execution of risk management and governance tasks; and leading complex security incident investigation and response activities. The Security Engineer II will also design and implement security controls for various applications, devices, services, and systems; oversee security for internal and external systems; and mentor junior staff. Individuals should be proficient in using advanced security tooling. Responsibilities extend to conducting compliance audits; delivering cybersecurity projects; and ensuring alignment with HIPAA, PCI, and other applicable laws, regulations, and standards. This hybrid role, which may include a 24/7 on-call support rotation, requires excellent leadership, project management, and communication skills.
To be successful in this role, you will be expected to stay up to date on the latest solutions and technologies and advocate for the adoption of security and architecture best practices for the enterprise.
This role will manage holistic Cyber Systems within Endeavor Health including cloud security (Azure), data protection/data loss prevention, security orchestration/automation, and security incident event management.
What you will do:- Identify threats and vulnerabilities. Conduct complex security incident reviews and investigations. Lead security incident response and recovery processes and activities.
- Architect, design and implement security technologies and process as directed by leadership, and in collaboration with departmental colleagues and business and application owners.
- Manage, administer, monitor, and support 2-3 security applications. Troubleshoot and resolve problems related to cybersecurity technologies. Drive and automate operational use of said technologies to reduce risk and deliver value to the organization. Cross train team members on operational processes.
- Measure and report on enterprise security capabilities using automated and manual tools.
- Develop and maintain security policies, standards and standard operating procedures. Socialize security strategies, standards, policies, procedures, communications, and awareness efforts with IT and business partners. Create short and long-term security application capability strategies and business case documents.
- Participate in reviews of new or existing systems to ensure security requirements are satisfied, including performing various types of risk and impact assessments, before and after implementation.
- Develop, maintain, audit, and enhance enterprise security controls.
- Contribute to security awareness training and communications collateral.
- Respond to and assist with audits, assessments and compliance requests.
- Assist with system-wide compliance of the HIPAA Security and Privacy rules, Payment Card Industry (PCI) standards, and other appropriate standards and audit requirements.
- Participate in an on-call rotation with peers to address any incidents as they are assigned.
- Execute all other duties as assigned.
What you will need:- Education: Bachelor's Degree, or equivalent, in a technical discipline, or a corresponding educational background with professional-level security certifications relevant to the role.
- Certification: One advanced, professional, or expert-level security certification preferred.
- Experience: Minimum three (3) years of mid-level Cybersecurity experience at an analyst or engineer level.
- Previous experience leading, supporting, managing, and administering at least one security application.
- Previous experience leading security projects and initiatives.
- Unique or Preferred Skills:
- Ability to work independently with minimal oversight on a broad range of security projects and initiatives.
- Demonstrated in-depth knowledge of information security principles, practices, solutions, and capabilities.
- Demonstrated understanding of advanced security incident investigation techniques.
- Intermediate understanding of threats and risks.
- Intermediate-level knowledge of network, application, and systems security architecture.
- Significant experience documenting, designing, and implementing desktop, server, network, database, cloud, and application security controls.
- Significant experience with hardware and software asset inventory; configuration management; security posture and exposure management; threat detection; vulnerability identification and remediation; identity protection; incident response; security operations; and security orchestration, automation, and response (SOAR) capabilities.
- Experience with common security testing methods and tool sets such as email security, data loss prevention (DLP), vulnerability management, system hardening, intrusion detection/prevention systems (IDS/IPS), security incident and event management (SIEM), endpoint/extended detection and response (EDR/XDR), anti-malware, proxy tools, identity security services, cloud security posture management (CSPM), and cloud-native application protection platforms (CNAPP).
- Leadership and project management skills.
- Proven communication, customer service, and organization skills.
- Previous experience with HIPAA, NIST, and project management.
Benefits (For full time or part time positions):- Incentive pay for select positions
- Opportunity for annual increases based on performance
- Career Pathways to Promote Professional Growth and Development
- Various Medical, Dental, Pet and Vision options
- Tuition Reimbursement
- Free Parking
- Wellness Program Savings Plan
- Health Savings Account Options
- Retirement Options with Company Match
- Paid Time Off and Holiday Pay
- Community Involvement Opportunities
