IT Security Engineer III
Facility: Valleywise Health Medical Center
Department: IT Security
Schedule: Regular FT 40 Hours Per Week
Help us build a strong foundation. Valleywise depends on technology in every shape and form-creating, connecting, and powering care. Our IT professionals are an integral part of our success, utilizing cutting-edge tools to truly make a difference in the communities we serve. Explore what a career at Valleywise can offer you.
Under the direction of the IT Director, the Security Engineer is a key member of the IT Department and will serve as the subject-matter expert (SME) on security technologies and architecture, protocols, processes, topographies, and will serve as a trusted security partner to the business units of Valleywise Health. The role of the Security Engineer is to ensure the secure operation of computer systems, servers and network infrastructure and protect Valleywise Health data and systems from unauthorized access. A solid knowledge of information security principles and practices, with an understanding of advanced security technology and standards, is required. This position will utilize highly technical and physical forensics to ensure that security policies, standards and best practices are followed in and around the Valleywise Health wide area network. In addition, this position will use penetration testing tools to perform regular IT vulnerability assessments of internal and external devices; proactively protect the confidentiality, integrity and availability of information in the custody of or processed by Valleywise Health and its business partners; and assume the role of subject*matter expert in investigations of suspected information security misuse or in compliance reviews.
This position is also responsible to evaluate and develop security approaches for solutions; conduct periodic reviews to ensure compliance with established policies and procedures; and proactively assess potential items of risk and opportunities of vulnerability in the network. The Security Engineer will coordinate with various IT teams on system security compliance and research, evaluate, design, test, recommend, and plan implementation of new or improved information security software or devices. This is a hands-on position, not a management position, supporting real-time security operations under a comprehensive Infrastructure Security architecture.
- Requires a Bachelor's degree in Computer Science or related field; or an equivalent combination of training and progressively responsible experience that will result in the required specialized knowledge and abilities to perform the assigned work.
- Requires at least five (5) years' experience in Information Security or related system support.
- Information security, computer systems engineering or network/server engineering training is preferred.
- Requires CISSP or GAIC Certification or equivalent within 18 months of accepting this position.
- Palo Alto Certified Network Security Engineer (PCNSE) is required within 18 months of hire into position.
Knowledge, Skills & Abilities:
- Requires excellent troubleshooting skills and attention to detail.
- Must have knowledge of security analysis tools, system logging, and security incident diagnosis.
- Requires technical knowledge of the following: intrusion detection or prevention systems; Windows, Active Directory, and UNIX environment knowledge and experience (both physical and virtual); TCP/IP, SNMP, HTTP, HTTPS, SMTP, NTP, LDAP, KERBEROS, RADIUS, SFTP, DNS, PGP, and FTP; security configurations for hardware and software on network eevices such as firewalls, routers, switches, laptops, workstations and servers; malware defenses (anti-virus); wireless network (802.11b/g/n) security 802.1x, EAP-TLS, PEAP, common wireless attacks and countermeasures; and network security knowledge (7 layers of OSI, etc.).
- Must have knowledge of the following processes: inventory of authorized and unauthorized devices; enterprise patch management; threat management (extensive knowledge of security vulnerabilities, attack methods, tools and mitigation strategies.); vulnerability assessment and remediation; and control/limit use of administrative privileges.
- Prior experience in project management (leading projects and leading teams) is required.
- Must have conceptual knowledge of any of the following regulations: PCI, Sarbanes-Oxley, HIPAA, GLBA, FISMA, NIST, etc. Public Key Infrastructure design and maintenance.
- Must have knowledge of disaster recovery and business continuity practices.
- Must be able to exercise principles of least privilege.
- Must have ability to maintain, monitor and analyze security logs.
- Must be familiar with principle of controlling access based on role.
- Knowledge of data loss prevention.
- Requires the ability to read, write and speak effectively in English.