Security Engineer

Description

Job DescriptionThe Security Engineer is responsible for the ongoing implementation and support of risk to HealthEdge Software, LLC, HealthEdge hereinafter, related to owning, operating, and maintaining information systems.Position ResponsibilitiesImplements and supports information risk management initiatives throughout HealthEdge.Owns and manages information system security event logging and monitoring.Owns and manages HealthEdge incident response procedures.Owns and supports quarterly external and internal penetration testing of HealthEdge information systems.Owns and operates HealthEdge information system vulnerability management program and ensures information system patch management processes are completed in a timely manner in accordance with HealthEdge, HIPAA, and contractual requirementsImplementation and support of information security controls and solutions in network security, access management, data loss prevention, security event analysis as applicable.Assist in incident response to investigate, identify, contain and recover from information risk and securityrelated events.Works with vendors, outside partners, customers and other third parties to address information risk and securityrelated issues.Ensures HealthEdge is compliant with HIPAA Privacy, Security, Enforcement, Breach Notification, and Omnibus Rules.Experience and General Skills RequirementsA minimum of five (5) years of experience in information risk and security management. A bachelors degree in information security or a related field or commensurate work experience.Application /System security Experience with vulnerability management process configure, execute scans, coordination for remediations /followups.Network & Data security solutions Experience with network security tools installations, configurations, patching & operational support.Access management solutions Experience with identity & privilege management solutions install, configure and operational support.Security Operations management Experience in security incident detection, response, closure. Experience in security event management systems review, analyze events and develop actionable steps to improve security posture. Experience in patch management Configurations, schedules, and execution.Scripting & automation Experience in development of Ansible scripts for batch job automationInfosec policies and procedures Exposure to regulatory requirements, and information security policies and procedures. Preference to experience in the healthcare domain, exposure to HIPAA, and HITRUST will be an added advantage. Ability to configure security tools and solutions based on security policies and compliance requirements.Indepth understanding of network and system security technology and practices across all majorcomputing areas (client/server, PC/LAN, telephony, MS Windows, Linux, database, software and application development, etc) with a special emphasis on Internet Software as a Service (SaaS) and cloudbased related technologies.A high degree of professional integrity and trust with the ability to work independently.The ability to multitask, A keen eye for detailStrong organizational skillsTechnologies HP Fortify, Nessus, Active Directory/ADFS/ADCS, DUO, Symantec Vontu, ELK, Thycotic, SIEM ELK, OSSEC, Cisco ASA