IS Security Engineer
firstPRO is seeking a qualified IS Security Engineer for our client, a large health organization located out of Philadelphia, PA. They’re looking for someone with strong experience with InfoSec, Regulatory, Risk Management, Security Architecture/Engineering, COBIT/NIST, and HIPAA/PCI/Joint Commission. The ideal candidate will be able to define and document information security principles to assist enterprise solution architects in security decisions for the enterprise, including access control, security information, event monitoring, data loss prevention, and perimeter (e.g, firewalls, IPS, web filtering).
IS Security Engineer
- Type: Contract
- Compensation: $75 – $78/hour with benefits (Health, Dental, Vision)
- Location: Philadelphia, Pennsylvania
- Schedule: Standard hours, Monday through Friday, 8:30 AM to 5:00 PM
- Exhibits proven technical knowledge in multiple information security disciplines (access control, monitoring, GRC), and industry standards frameworks, and security operations models.
- Exhibits proven technical knowledge in multiple security engineering disciplines and understands different firewall architectures.
- Demonstrates proficient skills in designing, implementing information security solutions, risk management platforms, and providing input on information security strategic plans.
- Provide leadership support to IS teams around security initiatives.
- Proven knowledge of security applications such as intrusion detection systems and forensics packages.
- Assists with budget planning, provide input on our customer’s information security strategic planning, GRC, technology and engineering standards and practices.
- Co-facilitates cross-functional work teams and exhibits ability to clearly articulate problems, issues, and potential solutions to team members and clients (written & verbal) across multiple levels within the enterprise.
- Exhibits the ability to manage multiple concurrent projects, manage, mentor, and coach staff and client expectations.
- Exhibits extensive knowledge of related best practices and advocates their use throughout our customer.
- Performs analysis and fulfills requests of eDiscovery & forensics investigations independently.
- Participates in functional team members in activities related to incident response, change management, business continuity, and escalation planning.
- Understand and comply with all enterprise and IS departmental information security policies, procedures and standards.
- Support the integration of information security in the development, design, and implementation of Hospital Technology Resources that process, transmit, or store our customer’s information.
- Support all compliance activities related to state, federal regulatory requirements, healthcare accreditation standards, and all other applicable regulations that govern the use and disclosure of patient, financial, or other confidential information.
- Comprehensive know of information security regulations, standards and leading practices, including understanding of EHR application access controls.
- Good knowledge of basic database query techniques and data mining to analyze data (e.g., Excel, SQL, Quickbase, Business Objects) or other related database functionality
- Knowledge of MS Active Directory, UNIX, and Clinical Applications a plus.
- Experience implementing application-level security in clinical and financial systems (e.g., Epic, Lawson). ERP experience a plus (PeopleSoft, SAP).
- Understands different firewall architectures (packet filter, application firewalls, application proxy, and VPN) and brands (Checkpoint, Cisco)
- General understanding of networking and communication techniques including WANs, LANs, Internet, Intranet, protocols, such as TCP/IP and their impact on security.
- Some knowledge of security applications such as intrusion detection systems and forensics packages (EnCASE), ArcSight, Foundstone.
- Understands differences in perimeter and DMZ architectures and experience with industry standards with system architectures including various UNIX and Microsoft Windows server and desktop platforms.
- Has experience with application layer formats, usage and characteristics (HTTP, FTP, SSH, DNS, SMTP).
- Has knowledge of system architecture and design.
- Microsoft, UNIX, Lawson, and Clinical Applications (e.g., Epic).
- Experience with industry standard SDLC methodologies; hands-on experience in Project Server methodologies, PMO project management skills, including use of MS productivity tools (Access, Word, PowerPoint, Visio, Project).
- Experience with risk management frameworks.
- 5 – 12 years related work experience; 4+ years of experience with information security, regulatory compliance, and risk management concepts
- 3 years of security architecture/engineering required
- Comprehensive understanding of InfoSec risk management concepts, security engineering principles & practices, (e.g., COBIT or NIST)
- Demonstrates a basic knowledge and understanding of Information security principles, System Development Life Cycle (SDLC), general and IT controls, security engineering principles, and related information security policies and procedures
- Exhibits knowledge of industry regulatory standards and accreditation requirements (HIPAA, PCI, and Joint Commission)