The IT Security Engineer develops and maintains enterprise-wide security architecture and strategies for all aspects of the security domain in alignment with the business strategy and goals. He she provides technical and security expertise to IT and business teams to understand technical constraints, identify security technology solutions, and develop security reference architectures and strategies to achieve business results. The IT Security Engineer identifies and drives remediation for vulnerabilities discovered across Tanner Medical Center's systems and applications. He she builds on platforms to automate processes for triage, as well as prioritize security deviations for closure and to provide insight into the state of security at Tanner Medical Center. In this role, the IT Security Engineer will also act as a consultant to other analysts and development teams for planning and implementation of IT initiatives across the Tanner Business Units.

Required Knowledge & Skills

Education: Bachelor's Degree plus at least one year of training in a specialty resulting in certification

Experience: Six years of related experience. Requires advanced knowledge in highly specialized systems and procedures.

Licenses and Certifications

*NONE REQUIRED

Qualifications

*Bachelor's degree in computer science or IT Technology

*Prior experience performing in the role of an IT Security Engineer.

*Prior experience working in IT within the healthcare industry.

*Understanding of Information Security frameworks and good practices (e.g. ISO, NIST, MITRE ATT&CK), and ability to strike a balance between an academic and pragmatic approach.

*Understanding of computer, application and network exploits and vulnerabilities.

*Knowledge of authentication, authorization, and access control methods.

*Knowledge of Identity Management Protocols and Software (e.g. ADFS, SAML, OKTA)

*Knowledge of cryptography and cryptographic key management concepts.

*Working knowledge of how system components are installed, integrated, and optimized.

*Working knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

*Demonstrated experience in applying cybersecurity methods, such as firewalls, demilitarized zones, and encryption.

*Working knowledge of network access, identity, and access controls.

*Working knowledge of network protocols such as TCP IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.

*Knowledge of network design processes, to include understanding of security objectives, operational objectives, and tradeoffs.

*Working knowledge of key concepts in security management (e.g., Release Management, Patch Management, etc.)

*Working knowledge of configuration management techniques.

*Working knowledge of device and client firewall policies within endpoint management systems targeting Windows, iOS, Android, MacOS, and ChromeOS devices.

*Ability to create technical procedural documentation.

*Experience working with Security Information Event Management (SIEM) and event log management.

*Experience working with Privileged Access Management Systems (PAM).

*Experience working with Vulnerability Management, Managed Detection and Response, and Intrusion Detection Prevention Systems.

*Experience in incident response processes and procedures related to cyber incidents and forensic investigations.

*Strategic thinking and strong tactical execution.

*Strong written and verbal skills

*Strong customer service skills during interactions with clinical staff, end-users, contractors, and vendors.

*Preferred Licenses and Certifications: CISSP, GIAC

Functions

Area of Responsibilities

*Provides technical and security expertise to IT and business teams to identify security technology solutions and implements security reference architectures and strategies to achieve business results. Ensures appropriate implementation of security technology and reference architectures within both the development and production environments.

*Works with IT Security Team to further develop cybersecurity designs for systems and networks with multilevel security requirements or requirements.

*Provides input on security requirements to be included in statements of work and other appropriate procurement documents.

*Provides technical guidance and security expertise in the areas of secure application development, security risk management and assessment, security policies and standards, and security implementations.

*Provides technology and security expertise and advice to leadership in the development of strategic security technology and plans to support business strategies, translating those proposed capabilities into technical requirements.

*Establishes, maintains, and enhances relationships with business and technology partners. Communicates status to key stakeholders on a regular basis.

*Implements, troubleshoots, and maintains perimeter and network segmentation firewalls.

*Configuration of device and client firewall policies within endpoint management systems targeting Windows, iOS, Android, MacOS, and ChromeOS devices.

*Maintains awareness of trends and issues in area of security expertise, evaluates new security technologies or technology opportunities, and provides analysis of their potential impact to advantage the business.

*Develops and maintains security policies, procedures, and guides encompassing the systems used by Tanner Health System.

*Works across multiple technologies and major platforms to perform vulnerability impact assessments, root cause analyses, and to identify strategic opportunities for security posture.

*Develops, deploys, and maintains services and third-party tools that detect vulnerabilities and drives remediation.

*Provides subject matter expertise for vulnerability management processes and controls for multiple compliance frameworks.

*Independently analyzes the Tanner Health System environment to proactively identify critical exposure points.

Required Knowledge & Skills

Education: Bachelor's Degree plus at least one year of training in a specialty resulting in certification

Experience: Six years of related experience. Requires advanced knowledge in highly specialized systems and procedures.

Licenses and Certifications

*NONE REQUIRED

Supervision

*Exercises no supervision, work direction, or instruction of other employees or students.

Qualifications

*Bachelor's degree in computer science or IT Technology

*Prior experience performing in the role of an IT Security Engineer.

*Prior experience working in IT within the healthcare industry.

*Understanding of Information Security frameworks and good practices (e.g. ISO, NIST, MITRE ATT&CK), and ability to strike a balance between an academic and pragmatic approach.

*Understanding of computer, application and network exploits and vulnerabilities.

*Knowledge of authentication, authorization, and access control methods.

*Knowledge of Identity Management Protocols and Software (e.g. ADFS, SAML, OKTA)

*Knowledge of cryptography and cryptographic key management concepts.

*Working knowledge of how system components are installed, integrated, and optimized.

*Working knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

*Demonstrated experience in applying cybersecurity methods, such as firewalls, demilitarized zones, and encryption.

*Working knowledge of network access, identity, and access controls.

*Working knowledge of network protocols such as TCP IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.

*Knowledge of network design processes, to include understanding of security objectives, operational objectives, and tradeoffs.

*Working knowledge of key concepts in security management (e.g., Release Management, Patch Management, etc.)

*Working knowledge of configuration management techniques.

*Working knowledge of device and client firewall policies within endpoint management systems targeting Windows, iOS, Android, MacOS, and ChromeOS devices.

*Ability to create technical procedural documentation.

*Experience working with Security Information Event Management (SIEM) and event log management.

*Experience working with Privileged Access Management Systems (PAM).

*Experience working with Vulnerability Management, Managed Detection and Response, and Intrusion Detection Prevention Systems.

*Experience in incident response processes and procedures related to cyber incidents and forensic investigations.

*Strategic thinking and strong tactical execution.

*Strong written and verbal skills

*Strong customer service skills during interactions with clinical staff, end-users, contractors, and vendors.

*Preferred Licenses and Certifications: CISSP, GIAC

Definitions

The IT Security Engineer develops and maintains enterprise-wide security architecture and strategies for all aspects of the security domain in alignment with the business strategy and goals. He she provides technical and security expertise to IT and business teams to understand technical constraints, identify security technology solutions, and develop security reference architectures and strategies to achieve business results. The IT Security Engineer identifies and drives remediation for vulnerabilities discovered across Tanner Medical Center's systems and applications. He she builds on platforms to automate processes for triage, as well as prioritize security deviations for closure and to provide insight into the state of security at Tanner Medical Center. In this role, the IT Security Engineer will also act as a consultant to other analysts and development teams for planning and implementation of IT initiatives across the Tanner Business Units.

Position Responsibilities

Contact with Others: Appreciable contacts as regular part of the job with others outside of the department or organization. Requires discretion and tact to give or get specialized information to perform duties of job.

Effect of Error: Probable errors not easily detected and may adversely affect external as well as internal relationships and may result in major expenditures for equipment, materials, or procedures detrimental to the patient's welfare or the organization's interest. Work is subject to general review only and requires considerable accuracy and responsibility. Continually works with reports, records, plans, and programs of a major functional area of the organization where integrity is required to safeguard the organization's position. Duties may involve the preparation of data on which the administration bases important decisions and are highly confidential.

People Management Responsibilities

Supervisory Responsibility: Exercises no supervision, work direction, or instruction of other employees or students

Work Environment/Physical Effort

Mental Demands: A wide variety of complex, changing problems, most of which cannot be anticipated, and there is little existing precedent. Requires careful analysis for the effect of solution on other activities and overall coordination in the organization. Accuracy is essential and not subject to further check. Work involves high degree of resourcefulness, independent judgment, initiative, and long-range planning to achieve major functional objectives.

Working Conditions: Generally pleasant working conditions/normal office environment.

Working Conditions Aspects for Immunizations

Performs tasks involving contact with blood, blood-contaminated body fluids, other body fluids, or sharps (needles): No

Directly works with Patients less than 12 months of age: No

Physical Effort: Minimum physical effort - Physical demands encountered are those of a typical office job.

Physical Aspects

Bending: Not required

Typing: Constant = 67% - 100% of the time.

Manual Dexterity -- picking, pinching with fingers etc.: Constant = 67% - 100% of the time.

Feeling (Touch) -- determining temperature, texture, by touching: Not required

Hearing: Constant = 67% - 100% of the time.

Reaching -- above shoulder: Occasional = 1% - 33% of the time

Reaching -- below shoulder: Occasional = 1% - 33% of the time

Visual: Constant = 67% - 100% of the time.

Color Vision: Constant = 67% - 100% of the time.

Speaking: Frequent = 34% - 66% of the time

Standing: Frequent = 34% - 66% of the time

Balancing: Not required

Walking: Not required

Crawling: Not required

Running - in response to an emergency: Not required

Lifting up to 25 lbs.: Occasional = 1% - 33% of the time

Lifting 25 to 60 lbs.: Occasional = 1% - 33% of the time

Lifting over 60 lbs.: Not required

Handling -- seizing, holding, grasping: Occasional = 1% - 33% of the time

Carrying: Occasional = 1% - 33% of the time

Climbing: Not required

Kneeling: Not required

Squatting: Not required

Tasting: Not r