Cyber Security Engineer
Brentwood, TN 37027 | Contract
- Bachelors degree or equivalent years of experience in Computer Science or other related field is required. Equivalent years of experience are determined as one year of technical experience for every year of college requested.
- Must possess a solid understanding of Information Technology, Information Security, and Risk Management.
- 3-5 years information security experience preferred.
- Information Security certifications such as the Certified Information Systems Security Professional Certification (CISSP) or Certified Information Security Analyst Certification (CISM) is required. Appropriate certification in risk management and/or healthcare compliance is desirable.
- Knowledge of security and control frameworks, such as ISO 17799, HITRUST, and NIST CyberSecurity Framework.
- Strong troubleshooting and analytical abilities required
- Understanding of Core Security Infrastructure and architectural design required
- Understanding of RBAC access control systems required
- Understanding of ABAC authorization policy services required
- Understanding of multi-tier environments required
- Understanding of client/server relationships required
- Understanding of relational databases and structured query language required
- Understanding of system automation across various applications/systems/environments required
- Understanding of event and log correlation, including log analysis and troubleshooting required
- Understanding of process structure and workflow design/implementation required
- Comprehensive knowledge of Security Methodologies and Principals required
- Comprehensive knowledge and proven ability to Lead projects to completion and produce architectural design, run-books, procedures and job-aids required
- Comprehensive knowledge of working with Vendors for problem resolution and product enhancements required
- Advanced experience with engineering support for operating systems, applications and networks
- Advanced experience with vulnerability assessments, HITRUST, and SOC2 compliance
Responsibilities: General Summary
The Information Security Analyst II is responsible for establishing and maintaining appropriate components of an enterprise-wide information security program to assure information assets are adequately protected and information risks are managed appropriately. The Information Security analyst is required to maintain a comprehensive understanding of core technologies and services used or provided by Onlife Health. He/She must be knowledgeable of Information Security best practices and regulatory and compliance requirements that affect security for the enterprise. This includes, but is not limited to HIPAA, HITECH, HITRUST, SOC2 Reporting, NST Cybersecurity Framework, NIST 800-53, and ISO 27001/2.
The Information Security Analyst II recommends policies and enterprise standards that guides security functions relative to information technology systems, networks, applications, voice and data communications and computing services within the enterprise. The Information Security Analyst II also works in partnership with IS and business management to assure business practices meet defined policies and standards for information security.
Job Duties & Responsibilities
- Maintain current knowledge of applicable regulatory and compliance issues related to Information Security.
- Recommend policies to manage security functions relative to information technology systems (including systems under development), networks, applications, and voice and data communications that are consistent with applicable regulatory and compliance requirements.
- Perform analysis using the information risk management program to facilitate risk decisions with decision making authorities and being an engaged partner with lines of business.
- Report business-relevant metrics to measure the efficiency and effectiveness of the Information Security Program, facilitate appropriate resource allocation and increase the maturity of the security program.
- Work with Information Security Leaders, CISO and appropriate stakeholders to prepare and present relevant information on security status as required.
- Core Technology Implementation
- Process development/improvement
- Cybersecurity engineering subject matter expert for ISS and enterprise projects
- Security solution architecture, design, documentation, and implementation
- Consulting with project teams and employees regarding corporate leading practices
- Application and platform security design and integration with core security technology
- Incident and problem resolution
- System automation and connections through multiple applications/systems
- Capacity, Performance, Availability, and System management of core security technologies
- Develop technology standards and roadmaps
- Information Systems Security (ISS) project lead responsible for ISS projects as needed
- Provide technology support to other ISS teams as needed
- Other responsibilities as needed