Rally Health is looking for an Information Security Engineer to join our IT Security Team. This type of role is a unique personality set that likes to thrive on dealing with vulnerabilities and preventing intrusions. Security Team members work closely with application development and operations groups across Rally Health to ensure that new and existing technical solutions are implemented in a manner that preserve the confidentiality, integrity and availability of customer data and Rally Health intellectual property.

This individual will be a subject matter expert in the domain of information security as it relates to servers/workstations, networks, web applications, IT processes and regulatory compliance. They will be working proactively to design and implement security tools, controls and measures to ensure safety across our organization and products. 

Responsibilities

Rally Health is committed to ensuring that its workforce reflects America’s diverse population.  Rally Health knows that such diversity will enrich us with the talent, energy, perspective and inspiration it needs to achieve its mission.  Rally Health believes in a policy of equal employment and opportunity for all people based on merit and commitment to the principles of diversity.  It is our policy to recruit, hire, train, and promote individuals in all job titles, and administer all programs, without regard to race, color, religion, national origin or ancestry, citizenship, sex, age, marital status, pregnancy, child birth or related medical conditions, personal appearance, sexual orientation, gender identity or expression, family responsibilities, genetic information, disability, matriculation, political affiliation, veteran status, union affiliation, or any other category protected by applicable federal, state or local laws.

Individuals with disabilities and veterans are encouraged to apply.  Applicants who require an accommodation related to the application and/or review process should notify Jin Yoo, Sr. Manager - Talent Acquisition (recruiting@rallyhealth.com). 

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Desired Skills and Experience

  • Design, implement and manage security tools and systems (IDS, IPS, VPN, WAF, DLP, Anti-Virus, Anti-Malware, honeypots, SEIM, Vulnerability Scanners, Web Proxies, Forensic toolkits, MFA, key management) in a heterogeneous computing environment that spans multiple physical and virtual data centers.
  • Enhance the security posture of internal infrastructure and client-facing systems
  • Perform security reviews of server / network / web application design within a virtualized environment and ensure compliance with Rally Health security policies and best security practices.
  • Perform risk assessments, vulnerability management, penetration testing and patch management for Unix/Linux, Mac, Windows systems and web applications. Work closely with DevOps and Software Engineering to proactively identify and fix security flaws and vulnerabilities.
  • Identity and access management across Rally Health’s rapidly growing number of systems and applications.
  • Detect, investigate and recover from security incidents as well as assisting with incident response plans
  • Responsible for raising company-wide security awareness and monitoring information security related web sites and newsletters to stay up to date on current attacks and trends.
  • Analyze potential impact of new threats and exploits and communicate risks to relevant business units
  • Three or more years of technical experience in the information security field, preferably in an environment certified and compliant with a globally recognized Security Framework / Information Security Management System (NIST SP 800-53, ISO27001, HIPAA, HiTrust, SOX, PCI)
  • Three or more years of technical experience in the systems engineering, network engineering or software engineering field
  • Working knowledge of security and operations within AWS (EC2, S3, IAM, VPC, Route53)
  • Advanced knowledge of information systems security concepts and technologies; network architecture; general database concepts; document management; hardware and software troubleshooting and security tools such as FireEye, Encase and open source alternatives
  • Strong knowledge of cryptography for data at-rest and data in-transit
  • Demonstrated experience with systems auditing and monitoring to ensure compliance with security policies and standards.
  • Advanced knowledge and experience with Unix/Linux, Mac and Windows operating systems and OS hardening
  • Experience automating the administration of systems through scripting and APIs a plus.
  • Demonstrated programming skills in one or more language a plus (Python, Ruby, Bash, PHP, Perl, Java)
  • Experience with Chef and or Ansible
  • Ability to work extremely well under pressure while maintaining a professional image and approach
  • Exceptional information analysis abilities; ability to perform independent analysis and distill relevant findings and root cause
  • Strong analytical writing skills to articulate complex ideas clearly and effectively; experience creating and presenting documentation and management reports
  • Team player with proven ability to work effectively with other business units, IT management and staff, vendors, and consultants
  • Strong communication skills such as planning and leading effective meetings, conducting structured interviews to collect information, interpersonal and negotiation skills, and presenting to a variety of audiences
  • Advanced skills to present information to stakeholders and/or decision makers in an effective and professional deliverable
  • Bachelor’s degree in management information systems, computer science, or related discipline is required
  • Postgraduate degrees and certificate programs in relevant areas that demonstrate analytical writing will also be considered
  • CISSP, SANS GCIH or GCFA, CISA, CISM, EnCER certification(s) are preferred but not required