Overview

Certilytics an nnovative company with a dynamic infusion of actuarial, data and behavioral scientists, IT engineers, software developers, nurse clinicians, as well as experts in public health and health insurance industry. We are seeking a Senior Information Security Engineer that wants to be part of an enthusiastic dynamic team working in an entrepreneurial environment where your experience and creativity is recognized. The ideal candidate will thrive in a performance based company that allows flexibility and work life balance.

Certilytics is creating new ground-breaking analytic products within healthcare space. We are looking for the right person to join our team as a Senior Information Security Engineer to work in close cooperation with peers and leadership to help build innovative, performant, secure and maintainable software systems.

The Information Security Engineer is primarily responsible for sustaining the security tools of the organization, thus mitigating risk by supporting the design, implementation, customization, enhancements, and operations of information security solutions and services; and providing support for information security operations.

This position also protects the organization through designing detailed information security designs, identification of standards, and operational tasks including but not limited to vulnerability management, red team testing, forensics analysis, and assessing technologies and vendors.

Essential Function

Sustain

  • Implement, customize, maintain, and enhance security tools, countermeasures, technologies, and infrastructure.
  • Automation of tasks or activity by personnel.
  • Support other information security team members though the creation of reports, alerts, dashboards, and elimination of false positives and negatives
  • Respond to issues regarding security tools or technologies.
  • Analyze security systems and identify improvements.

Protect

  • Vulnerability management
  • Identify and define system security standards.
  • Recommend and evaluate security enhancements and purchases.
  • Perform security assessments of new technologies.
  • Perform third party security assessments of business partners.

Respond

  • Perform incident response.
  • Investigate security events to identify incidents, and their degree of impact. Work through to resolution, escalating and engaging others as required.
  • Perform forensics analysis.

Audit

  • Perform security reviews, and audits as required.
  • Participate in responding to risk assessments, requests for proposal, audits, and examinations.

Design

  • Develop Information security policy, procedures, guidelines, baselines, and standards.

Administrative

  • Maintains technical currency of job knowledge.
  • Generate ad hoc reports and queries in security tools as required.
  • Provide reporting on the state of the organizational security profile and activity.
  • Mentor other staff as required.

Other duties as assigned

Required Skills

  • Bachelor’s degree in Computer Science, Information Security, or similar degree program or equivalent work experience.
  • Seven to ten years’ experience in information security roles.
  • Must possess broad general knowledge of information technology, including storage, networking, systems, databases, and firewalls.
  • Experience as a software developer, systems or network engineer, database administration, or an equivalent technical role is desirable.
  • Scripting and software development skills.
  • Experience supporting a wide variety of security tools, including but not limited to host and network-based intrusion prevention/detection systems, firewalls, anti-malware, and content filtering, firewalls, vulnerability management, security information and event management; network detection and response, network and host-based data loss prevention, and asset management.
  • Knowledge of and experience with HITRUST CSF, NIST CsF (SP800-171) security frameworks, the SOC 2 common criteria, or any other security frameworks is desirable.
  • Must possess excellent communication skills, with the ability to discuss technical concepts with non-technical people.
  • Proficiency with MS Office applications, such as, Excel, PowerPoint, Word, Visio, Access, and Project.
  • Ability to work an on-call rotation, some after-hours, and weekends.
  • Project management skills preferred
  • Ability to work well with others.
  • Must be detail-oriented.

Special Qualifications: (Licenses, certifications, etc)

  • CISSP certification required.
  • Cloud Computing Security Certifications (e.g., CCSP, CCSK, CompTIA Cloud+, CCA, CCP, AWS Certified Security – Specialty, etc.) highly desired.
  • Other relevant Information Security certifications are desirable, including but not limited to: CISA, CISM, CEH, CRISC, ISSAP, ISSEP, SANS GSEC, and Security+.
  • Knowledge of or certification in ITIL desirable

#TTR

Required Experience

Information Security Requirements:

Role Specific

  • Hold and maintain a CISSP certification.
  • Perform a minimum of 40 hours annual security training as planned with your supervisor.
  • Abide by all security policies and practices defined by the organization.
  • Abide by all applicable laws and regulations.
  • Upon hire and annually, acceptance of:
    • Acceptable Use Agreement,
    • Certilytics Statement of Confidentiality,
    • Certilytics Confidentiality and Invention Assignment Agreement,
    • These information security requirements.
  • Upon hire and annually, successful completion of training in:
    • Security Awareness and Privacy,
    • Code of Business Ethics,
    • Conflict of Interest,
    • Developer Security,
    • Incident Response, and
    • Other training as directed by your manager.
  • Serve as a technical responder of the Security Incident Response Team, and the Disaster Recovery Team

General

  • Report any security incidents, breaches, violations, or non-compliance with security policy when identified or witnessed.
  • Report any identified security risks or vulnerabilities.
  • Cooperate with Company, local, state, or federal investigators in the event of a security incident and/or breach.
  • Report any complaints concerning the information security policies and procedures or the organization’s compliance with the policies and procedures program by submitting a Footprint ticket or reporting to the Information Security team.
  • Report any ideas for improvement of the organizational security program by submitting a Footprint ticket or by directly suggesting to the CISO.

recblid 6j02555pray50m9ivp9qg4w6iko5fw
Tracking

To Apply: https://www.jobg8.com/Traffic.aspx?Qw84Iwizjj81fSylEPqWKwm