Information Security Engineer
United States
Full Time
1 hour ago
$103,000 - $110,000 USD
No H1B
Key skills
Information SecurityMicrosoft AzurePenetration TestingEncryption TechnologiesCloud Security Best PracticesDoD Approved CertificationPython ScriptingCommunication SkillsProblem SolvingPythonAzureSplunkServiceNowCollaborationCloud Security
About this role
TriWest Healthcare Alliance is committed to serving America's heroes by connecting them to healthcare in the community. The Information Security Engineer plays a crucial role in safeguarding the organization's digital assets by implementing security measures, conducting risk assessments, and ensuring compliance with security standards.
Responsibilities:
- Implements security controls to meet or exceed the Federal Information Security Management Act (FISMA), the National Institute of Standards and Technology (NIST) and the Federal Information Processing Standards (FIPS) in “high” information classification boundary
- Implements Information Security Technology, Physical Security Controls and Federal data security requirements
- Verifies security control compliance by developing, implementing and maintaining test scripts
- Maintains security by monitoring and ensuring compliance to standards, policies, and procedures; conducts incident response analyses; in collaboration with Training department, develops and conducts security education and training programs
- Upgrades security systems by monitoring security environment; identifies security gaps; evaluates and implements enhancements
- Prepares system security reports by collecting, analyzing, and summarizing data and trends
- Tracks and understands emerging security practices and standards; participates in educational opportunities; reads professional publications; maintains personal networks; participates in professional organizations
- Performs detailed and routine assessment to ensure use of established security policies, practices and expectations across all platforms, operating systems and applications
- Conducts network/system forensics and traffic analysis using protocol and intrusion detection analyzers
- Accepts ownership for accomplishing new and different requests; explores opportunities to add value to job accomplishments
- Performs other duties as assigned
- Regular and reliable attendance and on call availability is required
Requirements:
- High School Diploma or GED
- U.S. Citizenship
- Must be able to receive a favorable Interim and adjudicated final Department of Defense (DoD) background investigation
- 3-5+ years of experience in information security involving the implementation and administration of security requirements and security technologies
- 2+ years of experience designing, and supporting security in Microsoft Azure, including the use of native tools
- Understanding of cloud security best practices, encryption, authentication, authorization, and audit capabilities
- Strong oral and written communications skills that demonstrate a professional demeanor and the ability to interact with a variety of cross-functional roles with occasional executive presence
- Understanding of threats, vulnerabilities, and exploits common to cloud applications or environments and experience implementing controls to mitigate those threats
- Bachelor's degree in computer science, Computer Information Systems, Criminal Justice or Business
- Relevant DoD Approved 8570 Certification (e.g., CISSP, SSCP)
- Direct technical experience in building, conducting and performing penetration testing, audits and assurance programs in compliance with FISMA Moderate/High, HITRUST, URAC and/or similar data security requirements
- One of the following ServiceNow GRC, CyberArk, SailPoint, MathCraft, Purview, or Splunk
- Python Scripting
- Microsoft Azure technology