Junior Security Engineer
The Junior Security Engineer will assist in the ongoing implementation, maintenance, and support our network and security infrastructure. You will be part of a team that is responsible for scalable, maintainable, highly available network architectures that support multiple product lines.
DUTIES & RESPONSIBILITIES:
- Manage and monitor security through SIEM and connected or relevant tools such as antivirus/malware, intrusion prevention/detection, content filtering, vulnerability management, etc.
- Assist in the Vulnerability Management Program including vulnerability scanning and penetration testing including the tracking and reporting of remediation efforts.
- Provide regular security reports and security metrics based on security tools, incidents, vulnerabilities and awareness efforts.
- Assists in providing direct support to all staff for security related issues; educating the staff about security policies and consults on security issues.
- Assists management in the development of effective security processes and procedures.
- Assist management in the organization’s security awareness program
- Assist in creation and documentation of IT controls to support security and compliance requirements and monitor ongoing compliance of the controls.
- Assist in Disaster Recovery testing efforts and track/report on any gap remediation tasks.
- Assist in supporting network infrastructure and devices, including firewalls, IDS, IPS
- Timely and thorough completion of projects and tasks.
- Other duties as assigned in support of the Enterprise Security Admin, Director of Enterprise Architecture and Security, and/or CISO.
EDUCATION, KNOWLEDGE AND SKILLS:
- Strong analytical, verbal and writing skills.
- Demonstrate initiative, attention to detail, multi-tasking ability, organizational skills and effective prioritization of workflow.
- Knowledge of computer systems, networks, telecommunication, internet, intranet and extranet technologies; strong technical acumen: application and operating system hardening, vulnerability assessments, security audits, forensics investigations, intrusion detection systems, and firewalls.
- Ability to weigh business risks and enforce appropriate information security measures.
- Ability to explain information security concepts to audiences outside of the field.
- Security designations (CISSP, CISM, CISA, SSCP) and knowledge of “best practices” Frameworks (COBIT, NIST, ITIL, HITRUST) are preferred but not required.
- Ability to evaluate business processes and IT technology, identify risks, process gaps, and evaluate control
- Knowledge of HIPAA/HITECH, and other data privacy regulations and standards that apply to the organization
- Extensive knowledge of data security and access control systems, encryption and related matters.
- Extensive knowledge of information protection methodologies and concepts, such as identification and authentication, access control, inception and audit trails.
- Knowledge of system and network exploitation, attack pathologies and intrusion techniques, such as denial of services, Sync attack, malicious code, password cracking, etc.
- Knowledge of Directory Services (LDAP, AD) and Internet/Intranet architecture and design.
- Extensive knowledge of addressing and remediating malware security incidents
- Ability to conduct network security assessments and audits against policies/procedures/best practices.
- Demonstrate knowledge of all equipment and systems/technology necessary to complete duties and responsibilities.
- Ability to research and keep up to date of industry technical/business security requirements and translate those requirements into the healthcare information environment.
- Bachelor’s degree in discipline appropriate to assignment or an equivalent combination of education and experience. Related certifications (e.g., CISSP, CISM) will be helpful.
- 2+ years’ experience in the field of security, health care and/or government compliance is preferred