CareOregon is a healthcare organization, and they are seeking an Information Security Engineer III to manage corporate security and develop effective solutions. This role involves partnering with business leaders to design, implement, and maintain information security policies and systems.
Responsibilities:
- Lead the design and management of security technologies, including but not limited to firewalls, proxy systems, logging, and other security devices
- Provide security technology expertise to the organization; participate in and consult on projects
- Advise other IS teams on best practices for security design
- May serve as a resource to developing engineers
- Execute tasks related to tickets and service requests for advanced to complex activities, and provide escalation support for network tickets
- Oversee the maintenance of security systems, including firewalls, proxy systems, logging, and other security devices, and vendor provided services
- Analyze business needs; partner with leaders across the organization in order to research and recommend solutions which balance business need and risk mitigation
- Define, build, and review reports on information security system performance and event anomalies; ensure internal adjustments are made and substantial gaps documented and elevated to management
- Develop and maintain appropriate technology documentation, including current design and operation
- Author and serve as subject matter expert to define requirements and standards for information security
- Monitor and continually review existing systems to ensure they are designed to comply with established standards and to empower business operations
- Develop and maintain information securing policies
- Integrate network engineers in the development and management of security policies and systems, such as firewalls, intrusion detection, and intrusion prevention devices
- Lead the planning for and support of disaster recovery and business continuity initiatives
- Conduct product and vendor research, and present recommendations to management
- Manage relations with vendors and equipment suppliers, including installation and repair of services
- Oversee the development of, monitor, and maintain electronic data exchanges with outside entities
- Maintain service contracts and licensing; negotiate with outside parties; escalate issues as needed
- Perform work in alignment with the organization’s mission, vision, and values
- Support the organization’s commitment to equity, diversity, and inclusion by fostering a culture of open mindedness, cultural awareness, compassion, and respect for all individuals
- Strive to meet annual business goals in support the organization’s strategic goals
- Adhere to the organization’s policies, procedures, and other relevant compliance needs
- Perform other duties as needed
Requirements:
- Advanced knowledge of data loss prevention (DLP), Intrusion Detection systems (IDS), and Intrusion Prevention systems (IPS)
- Expert troubleshooting of system performance issues and root cause
- Expert knowledge of network transport protocols and industry standards
- Strong process-orientation with knowledge of ITIL concepts
- Knowledge of Vulnerability Management systems and processes
- Knowledge of Security Incident and Event Management (SIEM) systems
- Ability to program using scripting languages Python, Powershell, VB, C++, and/or others
- Strong, clear communication skills, including listening, verbal, written, customer service, meeting facilitation, and presentations
- Ability to clearly articulate policies, instructions, goals, and objectives
- Able to convey appropriate level of detail effectively to all levels of the organization including non-technical staff and executive leadership
- Ability to simplify and present complex concepts in an easily understood way
- Ability to proactively and appropriately communicate status and needs
- Ability to author policies, document risks, and propose solutions to information technology management and senior leadership
- Possess a high degree of initiative and motivation
- Ability to effectively collaborate with coworkers, staff, leaders, and executives across all departments
- Able to lead teams of people without oversight
- Able to see the big picture beyond a request and takes appropriate holistic action, employing 'systems thinking'
- Strong project management skills
- Strong vendor management skills
- Strong organizational skills
- Prioritizes work based on business need and direction
- Strong analytical and research skills. Able to see patterns in data and draw appropriate conclusions
- Able to propose solutions and communicate business value
- Positive attitude
- Understanding of and ability to adhere to governance and process
- Ability to mentor and develop junior staff
- Ability to occasionally work outside of standard office hours
- Minimum 5 years' experience delivering information security solutions and related services. Experience should include most or all of the following: WAN firewalls, load balancers and proxies, Designing, configuration, and ongoing support of a network DMZ, Developing secure collaboration solutions for external partners or affiliates, Computer security combined with risk analysis, audit, and compliance objectives, ITIL concepts and practices
- Additional experience in related technology support and/or operational positions
- Experience with MS suite
- Certifications: CISSP, CASP+, GIAC certifications (GSEC, GCIA, GCIH, GPEN, etc.), CCSP, CISM, Security+, Microsoft Security certifications (SC-100, SC-200, AZ-500), Identity and Access Management (IAM), Privileged Access Management (PAM), Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), Vulnerability Management, Email Security and Anti-Phishing Solutions, Cloud Security (Microsoft Azure, AWS, or GCP), Network Security Controls, Data Loss Prevention (DLP), Security Monitoring and Incident Response, Secure Configuration and Hardening Standards, Security Automation and Scripting (PowerShell, Python, Bash)