The Information Security Engineer is responsible for the design, implementation and operation of the Information Security systems, applications and tools. He/she works with IT groups to ensure that security standards and requirements are met and to govern the access and acceptable use of the systems, network and applications. He/she oversees security administration and contributes to IT Security policies, procedures and standards.
The Information Security Engineer provides outstanding client service and contributes to the organization-s mission of utilizing information technology to improve patient care
The Information Security Engineer will be responsible for the Applications and Infrastructure Risk assessment -process, penetration and vulnerability testing. This position requires hands on experience with secure coding practices, ethical hacking, web application firewalls and vulnerability assessment methodologies. In the role of Information Security Engineer, the candidate will also be responsible for reviewing, analyzing Systems web portals and maintain the security safeguards for the infrastructure.-
The Security Engineer performs all the comparison analysis for new security applications and tools that will provide compliance with the HIPPA and NIST security regulations. —
General Description of Duties:
- Conduct Risk Assessments for Applications and Infrastructure
- Domain expert in the application and network scanning tools to assess infrastructure and applications for security risks
- Oversee installation and maintenance of remote access solution, portals, firewalls in the DMZ
- Provide DMZ infrastructure application security.
- Protect mission infrastructure and critical applications and corresponding databases in the public domain
- Monitor threats and provide mitigation when threats for the infrastructure and applications
- Translate business and technical requirements into extensible, scalable, and maintainable applications
- As new portals are deployed, add any additional security permissions and roles that may be needed.–
- Update any additional security settings for the enterprise Portals
- Work with Vendor for implementation of enterprise infrastructure, portals in the DMZ and internal
- Monitor alerts and coordinate patch management with corresponding teams
- Work with state-of-the-art infrastructure and application/database layer intrusion/prevention technology
- Demonstrate best-practice knowledge and apply skills to deliver an effective solution specific to client needs
- Experience with any application and network scanning tools for infrastructure and applications (Nessus, Metasploit-)
- Experience with intrusion detection/ prevention appliance
- Experience with Firewalls, including Web Application Firewall
- Experience with Mobile Applications Security Tools (EMM) ENterprise Mobile Management
- Experience with ethical hacking and remediation efforts
- Expertise in infrastructure and application security assessment methodologies and tools
- Knowledge of secure coding principles and practices
- Knowledge of security standards and techniques for web applications
- Understand browser-specific compatibility issues
- Expertise in the design, implementation, and deployment of user-centric software, with focus on usability
Risk Assessment, security monitoring (Stealwatch IDS, Firewall, app security, suspicious email) Knowledge of hospital information systems is a plus.
- Ability to work effectively as an individual, within a team, or as a team lead
- Maintain current technical knowledge to support rapidly changing technology, always on a look out for new technologies and work with management and development team in bringing new technologies
- EDUCATION REQUIREMENTS: – B.S. in Computer Science and Equivalent work experience — – CISSP or other Secuirty Certifications.
If you are interest for the position, you can send your CV at the hr department of Manager’s Office via email firstname.lastname@example.org noting the position code.