Desired Skills and Experience
- Monitor information security risks related to the systems, networks and processes to ensure internal security controls are appropriate and operating as intended.
- Review logs and reports from security systems. Identify abnormalities and report violations. Work with team members to resolve potential security issues.
- Defend systems against unauthorized access, modification and/or destruction.
- Configure and support security tools such as firewalls, anti-virus software, patch management systems.
- Oversee and monitor routine security administration.
- Perform risk assessments that evaluate the risk in the StayWell environment and report findings to management. Implement approved risk mitigation strategies.
- Perform vulnerability testing and security assessments.
- Assist with client and internal audit requests.
- Coordinate and execute IT information security projects.
- Coordinate response to information security incidents and provide post-incident analysis.
- Create, manage and maintain user security awareness.
- Research and recommend security upgrades.
- Conduct security research to keep abreast of the latest security issues.
- Participate in the disaster recovery program.
- Perform other related duties as assigned.
- Qualified and successful candidates will have at least 1-3 years of experience working extensively within information security.
- Experience implementing and maintaining information security technologies, such as: IDS/IPS, malware prevention, end-point protection, multi-factor authentication, security information and event management (SIEM), web content filtering, encryption, network access control (NAC), data loss prevention (DLP), firewall administration and vulnerability scanners.
- Knowledge of LANs, WANs, SANs, Microsoft Active Directory, Microsoft Windows server and desktop operating systems, Linux operating systems, Microsoft IIS, Microsoft SQL, and Oracle.
- Experience with and involvement in Incident handling and incident response.
- Experience with tools that perform vulnerability assessment and patching.
- Expertise in technology platforms, tools and processes used in the healthcare environment required.
- Expertise of enterprise architecture, IT Operations and Security required.
- Experience with secure coding practices, ethical hacking and threat modeling
- Experience with complex project management, personnel management, vendor management, budgeting and financial management required.
- Experience in strategic planning and execution required.
- Superior understanding of organizational goals and objectives required.
- In-depth knowledge of applicable laws and regulations as they relate to IT and healthcare required, including HIPAA, NIST, GLBA, ISO 27001/27002, ITIL and COBIT frameworks.
- Demonstrate the initiative to continuously stay apprised of emerging security threats and the general information security landscape.
- Experience in performing log collection, correlation, and reviews of automated alerts for items such as, and not limited to: malware alerts, change detection alerts, and security system health alerts, exploit attempt alerts, etc.
- In-depth understanding of a variety of network and application attacks; must be able to demonstrate a minimum level of familiarity with well-known vulnerabilities and exploits.
- Excellent interpersonal, verbal, and written communication ability.
- Excellent problem-solving ability.
Apply