Senior Information Security Engineer - Threat Management

Company: Cottage Health
Location: Santa Barbara
Posted on: May 3, 2021

Job Description:

The Senior Information Security Engineer for Cottage Health is responsible for performing services and activities to support the Cottage Health Information Security program. The incumbent would be responsible for designing, developing, configuring, and implementing security solutions. As a subject matter expert, the Senior Information Security Engineer provides guidance on the tactical implementation of relevant security initiatives and services. Areas of responsibility include security architecture, firewalls, monitoring and response, endpoint security, and vulnerability management, security incident response, and forensics. Furthermore, this position also supports the Information Security Team in performing security assessments, product evaluations, project support, and any other operational tasks needed to support the Information Security program and strategic objectives. MAJOR ACCOUNTABILITIES Operational Support Act as a lead security engineer to manage designated security platforms and services that protect the Cottage Health environment, including vulnerability management systems, forensic tools, endpoint security solutions, security governance solutions, etc. Perform penetration testing, vulnerability assessments, and security architecture reviews to help identify external threats and recommend methods for remediation. Collaborate with various IT and project teams to provide technical and tactical ("hands-on") support within security-related areas to accommodate SLAs and deadlines. Assist with reviews of company projects and provide input on potential risks, threats, and appropriate solutions to meet information security requirements. Support the Change / Release Management processes through adequate vetting and testing of system changes and ensuring adequate documentation. Be a major influence in promoting the technical understanding of new and existing information security standards or procedures, as they relate to system implementation Risk Management Support the information security audit process by providing documentation on the implementation of technical controls and remediation of previously identified gaps. Assist in the development, implementation, and management of security policies, standards, procedures, and guidelines that will assist the relevant teams in the implementation of Information Security Program requirements. Monitor the effectiveness of technical mitigations and recommend cost-effective methods to reduce risk to an acceptable level. Participate in the security exceptions process relating to IT and property activities that could negatively impact security risks and/or not adhere to established policies, standards, or procedures. Identify areas that would help automate or improve aspects of the audit process to improve efficiency. Incident Response Participate in the Information Security Incident Response team to address incidents impacting Cottage Health and provide remediation in order to restore normal operations. Participate in incident debriefing activities to help document lessons learned and support the improvement process overall for the Cottage Health incident response capability. Participate in business continuity or cyber-attack exercises to validate the adequacy of relevant response plans. Review effectiveness of technical controls and identify areas for improvement, including evaluation of new technologies and capabilities. Provide input for improvements to security workflows to make them more effective and efficient, including ticket handling, firewall change requests, WAF/application tuning, etc. Provide technical briefings to leadership on key changes to the threat landscape and or emerging technologies to enable better proactivity. Formulate planning and develop the business case for improvement projects and participate in the implementation, as necessary. Provide training and advice to less experienced security staff and/or other no security professionals, as needed. Stay current on recent security trends and technology through participation in industry forums, newsfeeds, and maintenance of security certifications. QUALIFICATIONS Bachelor's degree in Computer Science or related field. The equivalent of 8 years of progressively responsible related work experience may be substituted for a degree, One of the following certifications: Certified Information System Security Professional (CISSP), Certified Information Security Manager(CISM), Certified Cloud Security Professional (CCSP), Certified Ethical Hacker (CEH), Computer Hacking Forensic Investigator (CHFI) Preferred: One or more of the following certifications: CISSP, CISM, CCSP, CEH, CHFI, Palo Alto (PCNSE), F5 (CTS/CSE), ITIL v3 Foundation, PAM, or Cisco (CCNP), Experience in various security technologies and tools ranging from firewalls, endpoint, network scanners, etc. Knowledge of operating systems, client/server technology, WAN & LAN technologies, communications protocols, PKI & encryption, and 8 years of IT administration experience, with 6 of those years focused on IT Security.

Keywords: Cottage Health, Santa Barbara , Senior Information Security Engineer - Threat Management, Engineering , Santa Barbara, California