Senior Information Security Specialist

Job Description:

Under the leadership of the department director and management, the Senior Information Security Specialist is responsible for implementing, maintaining, and improving advanced security tools and processes to improve the security of enterprise networks, servers, endpoints, applications, and databases and to meet regulatory requirements, including HIPAA, PCI, and any other federal and state requirements. Must be able to assess and audit system configurations, and implement, test, document configurations and security controls. Must be able to work with a high degree of independence and creativity. Must be able to make sound judgments independently that follow industry standards, best practices, and enterprise standards and policies and provide recommendations to meet them. Must have knowledge and awareness of system, network, and compliance implications of implementations and changes. Must be able to track system configuration and implementation tasks and decisions. Must be able to investigate and correlate information to detect, assess, and respond to threats, alerts, and incidents. Must be able to independently investigate and determine cause of security incidents when needed; must be able to understand, execute, and/or coordinate technical preventative and remediation measures. Must be able to perform ongoing vulnerability assessments including vulnerability scanning, reporting, threat identification, and coordination of mitigation and remediation related to networked devices and systems, and other duties as assigned. Participates in on-call rotation for after-hours alerts as member of Cyber Security Team. Due to the sensitive and critical nature of this position, must abide by security policies, processes, and procedures and timelines set within them and must exercise good judgment in handling sensitive information. Implements new controls and security measures and performs other duties as assigned. Relies on experience and judgment to plan and accomplish goals. Works under minimal supervision. A certain degree of creativity and latitude is required. Is familiar with standard concepts, practices, and procedures for various operating systems. Must be very proactive, a self-starter Participates in on-call rotation for after-hours alerts as member of Cyber Security Team. Due to the sensitive and critical nature of this position, must abide by security policies, processes, and procedures and timelines set within them and must exercise good judgment in handling sensitive information. Implements new controls and security measures and performs other duties as assigned. Relies on experience and judgment to plan and accomplish goals. Works under minimal supervision. A certain degree of creativity and latitude is required. Is familiar with standard concepts, practices, and procedures for various operating systems. Must be very proactive, a self-starter.

Experience

Must have experience implementing and supporting a variety of security tools, including a combination of the following: CASB, DLP, IAM, PAM, 2FA, vulnerability management, email security, network security, system auditing and testing, and endpoint security. Six (6) or more years of information security experience, and additional experience in systems and/or network administration required. Experience in healthcare is preferred but is not required. Knowledge of a scripting and system command language required. Knowledge of security best practices, threats, data processing concepts, computer operations procedures, and software applications. Familiarity with networking and system monitoring and hardening tools. Ability to read and follow complex technical instructions, maintains written records, and communicates both verbally and in written format. Ability to multi-task, make independent judgments in solving problems and work as a team member, track and report on tasks. Familiarity with security frameworks, organizations, and standards.

Education

Bachelor’s Degree in Computer Science or in a technical field with heavy emphasis on information security, operating systems, and/or computer hardware, or equivalent experience in information technology or security.

Licensure/Certifications

A combination of CISSP or CASP obtained within 6 months of hire, and other certifications required.

Equal Opportunity Employer