IT Security Engineer III - Remote from Home
Facility: Valleywise Health Medical Center
Department: IT Security
Schedule: Regular FT 40 Hours Per Week
Remote - Work from Home Position
This role is more than a job or a career, it’s a calling. It’s about protecting our fellow citizens when they are most vulnerable and we are proud to serve not only the Valleywise Health mission, but we protect our precious patients, our front line and future student healthcare heroes, and our business partners from cyberattacks. This position functions not only as a public servant, but as a security engineering expert as we fend off healthcare cybersecurity attacks that are dominating the headlines and we need your expertise. This is going to be a tough job that requires a dedicated & passionate Security Engineer that lives, eats, and breathes cybersecurity and you will be constantly learning and evolving. You will not be "siloed" unlike many other cybersecurity organizations because you will be required to work across the cybersecurity spectrum ranging from threat hunting to investigations and engineering solutions. Come work with some of the smartest cyber industry veterans that will technically challenge you and further your career in a strong servitude leadership environment. We hold ourselves accountable to serve you as good leaders as well. With hard work comes a reasonable salary, an extensive employee benefits portfolio, and the peace of mind that our generous voters just passed Proposition 449 to keep funding our public mission.
Under the direction of the IT Director, the Security Engineer is a key member of the IT Department and will serve as the subject matter expert (SME) on security technologies and architecture, protocols, processes, topographies, and will serve as a trusted security partner to the business units of Valleywise Health. The role of the Security Engineer is to ensure the secure operation of computer systems, servers and network infrastructure and protect Valleywise Health data and systems from unauthorized access. A solid knowledge of information security principles and practices, with an understanding of advanced security technology and standards, is required. This position will utilize highly technical and physical forensics to ensure that security policies, standards and best practices are followed in and around the Valleywise Health wide area network. In addition, this position will use penetration testing tools to perform regular IT vulnerability assessments of internal and external devices; proactively protect the confidentiality, integrity and availability of information in the custody of or processed by Valleywise Health and its business partners; and assume the role of subject matter expert in investigations of suspected information security misuse or in compliance reviews. This position is also responsible to evaluate and develop security approaches for solutions; conduct periodic reviews to ensure compliance with established policies and procedures; and proactively assess potential items of risk and opportunities of vulnerability in the network. The Security Engineer will coordinate with various IT teams on system security compliance and research, evaluate, design, test, recommend, and plan implementation of new or improved information security software or devices. This is a hands-on position, not a management position, supporting real-time security operations under a comprehensive Infrastructure Security architecture.
- Requires a Bachelor's degree in Computer Science or related field; or an equivalent combination of training and progressively responsible experience that will result in the required specialized knowledge and abilities to perform the assigned work.
- Requires at least five (5) years' experience in Information Security or related system support.
- Information security, computer systems engineering or network/server engineering training is preferred.
- Certified HIPAA Professional (CHP), CISSP, CISA, CISM, CRISC, or SANS is preferred.
Knowledge, Skills & Abilities:
- Requires excellent troubleshooting skills and attention to detail.
- Must have knowledge of security analysis tools, system logging, and security incident diagnosis.
- Requires technical knowledge of the following: intrusion detection or prevention systems; Windows, Active Directory, and UNIX environment knowledge and experience (both physical and virtual); TCP/IP, SNMP, HTTP, HTTPS, SMTP, NTP, LDAP, KERBEROS, RADIUS, SFTP, DNS, PGP, and FTP; security configurations for hardware and software on network eevices such as firewalls, routers, switches, laptops, workstations and servers; malware defenses (anti-virus); wireless network (802.11b/g/n) security 802.1x, EAP-TLS, PEAP, common wireless attacks and countermeasures; and network security knowledge (7 layers of OSI, etc.).
- Must have knowledge of the following processes: inventory of authorized and unauthorized devices; enterprise patch management; threat management (extensive knowledge of security vulnerabilities, attack methods, tools and mitigation strategies.); vulnerability assessment and remediation; and control/limit use of administrative privileges.
- Prior experience in project management (leading projects and leading teams) is required.
- Must have conceptual knowledge of any of the following regulations: PCI, Sarbanes-Oxley, HIPAA, GLBA, FISMA, NIST, etc. Public Key Infrastructure design and maintenance.
- Must have knowledge of disaster recovery and business continuity practices.
- Must be able to exercise principles of least privilege.
- Must have ability to maintain, monitor and analyze security logs.
- Must be familiar with principle of controlling access based on role.
- Knowledge of data loss prevention.
- Requires the ability to read, write and speak effectively in English.