Information Security Engineer

Vacancy expired!

Landmark is hiring a

Information Security Engineer. This position is responsible for designing network and computer security systems, developing secure procedures, and leading response to suspected security incidents. The position will work closely with the Director of Information Security and members of the IT Department to ensure Landmark Health systems and electronic data are protected from internal and external unauthorized access, modification, deletion, or disclosure in compliance with LMH policies, standards and security best practices. Defines processes and procedures, develops metrics and measurements, conducts regular system audits, leads investigation of suspected security incidents, and provides tier two user support.

Preferred candidates will reside in Eastern Time Zones. Position is being considered full time work from home (Virtual Continuous)

• Designs security architecture and establishes configuration policies for security technologies. • Develops and implements network traffic and log monitoring procedures for visibility into systems. • Manages Information Security team response to suspected security incidents, acting as Incident Response Leader when required. • Develops automation to perform regular system audits for information security compliance, such as user access rights. • Performs and/or oversees regular vulnerability scanning, penetration testing, and security assessments in support of customer and information security requirements. • Defines security benchmark criteria and maintains procedures for acceptance testing of systems. • Defines standards for secure application development and works with the Director of Applications to ensure that any Landmark proprietary code undergoes code review for security vulnerabilities. • Provides technical security guidance to IT staff, particular on secure coding and vulnerability remediation. • Researches, evaluates, and recommends security products, services, and standards. • Provides on-call support on security issues during non-business hours.

• Bachelor's degree in a computer-related field, or equivalent experience.• 2-4 years of IT technical experience or software engineering AND 3-5 years of continuous information security experience at progressive levels of responsibility.• Preferred certifications: CISSP, CISA, GIAC IA.• Information Security experience in Healthcare is preferred.

Technical requirements:

• Expert knowledge of the security issues / concerns that impact the healthcare industry. Understanding of the technical or administrative controls commonly used to resolve them. • Experience selecting, architecting, and implementing security solutions at the enterprise level. • Advanced experience operating open-source and proprietary / commercial vulnerability scanners. • Experience determining appropriate vulnerability remediation procedures, communicating them to system owners, and maintaining metrics. • Functional knowledge of network packet captures and analysis of them to support incident forensics. • Advanced functional knowledge of Windows server and desktop operating systems. • Expert-level experience with one or more Linux distributions and security tools developed for them. • Advanced experience using scripting languages to automate security functions and reporting. • Experience designing and implementing security solutions for Windows, Apple, and Linux technologies. • Understanding of mobile device security issues and management or remediation technologies. • Preferred: Experience programming PHP, Java, Perl, Python, C, C# or Dot Net. • Preferred: Experience with static code review and secure coding requirements such as OWASP top ten.

Vacancy expired!