Senior Security Engineer - Testing

Spectrum Health   •  

Grand Rapids, MI

Industry: Healthcare

  •  

5 - 7 years

Posted 29 days ago

Company Description

Spectrum Health is a not-for-profit, award winning, integrated health system based in West Michigan. Our organization includes a medical center, regional community hospitals, a dedicated children's hospital, a multispecialty medical group and a nationally recognized health plan, Priority Health. We invest in our people by supporting a dynamic, high-performing workplace. Our collaborative approach to patient care includes a commitment to provide an exceptional experience for patients and their families. Spectrum Health supports successful career growth in an innovative environment.

Position Summary

  • The candidate should be capable of independently performing hands-on security tests on running web applications, focused on finding common web application vulnerabilities as described in the OWASP Top 10.
  • The candidate should be capable of producing detailed reports on testing that clearly explain any identified issues and how to reproduce them. The reports must also clearly communicate the risks associated with any issues in a way that can be easily understood by a non-technical audience.
  • The candidate should be capable of organizing and managing third party resources (contractors) hired to perform security testing on running web applications.
  • The candidate should be capable of interpreting reports on testing produced by third parties and confirming the presence of any issues in those reports.
  • The candidate should be capable of examining network traffic (packet captures) looking for signs of malicious activity.
  • The candidate should be capable of running vulnerability and port scans on devices on network and interpreting those results in order to identify any issues that require remediation.
  • The candidate should be capable of investigating new vulnerabilities and emerging threats in the wild and producing formal threat advisories for leadership.
  • The candidate should be capable of self-directing his or her day-to-day operations.
  • The candidate should be comfortable communicating with other staff members to ensure that effective security solutions are in place throughout the environment.
  • The Senior Security Engineer will be mainly working with the web applications testing team and will also rotate in the SOC for Incident Response training and on-call rotation.

Qualifications

Basic Qualifications:
Education - Bachelor's Degree or equivalent
Experience - 5 years of experience typically gained through skills/knowledge/abilities in in the field

Preferred Qualifications:
Education - Master's Degree or equivalent
Experience - 7 years of experience typically gained through skills/knowledge/abilities in in the field Full-time experience and demonstrated maturity in security engineering, including experience with network intrusion detection systems, packet capture techniques and analysis of raw packet captures Extensive experience with or knowledge of network topology/ infrastructure, client/server, databases, Web security, multiple operating systems (Windows, nix, mainframe, IOS/mobile, embedded), web operations, encryption, authentication, vulnerability scanning, virus/malware management, data loss/leakage prevention, logging/security information management, firewall and intrusion detection systems Experience with security information management systems and common system log formats, including syslog and Event Log, as well as vulnerability assessment systems to test enterprise networks and applications Experience leading security incident response procedures Strong experience with the theory and practice of information risk analysis and risk management

Licenses -
Information security certification, such as: SANS GSEC or GCIH, Cisco CCSP, Microsoft MCSE: Security, CISSP, CISA or CRISC.

Position Requisition #: 63448