Cyber Security Engineer III

The Cybersecurity Engineer III position requires a seasoned information security professional who is a self-starter, results-oriented, multi-disciplined, and comfortable in leading the implementation of system security solutions in multi-vendor complex healthcare environment. The individual in this role will serve as a senior level Engineer supporting Cyber Security Operations and Engineering efforts from a technical perspective in conjunction with the team. This position is responsible for leading efforts in security research, technical analysis, recommendations, configuration, and administration of systems. This role will also be responsible for defining associated processes and procedures to ensure the protection of information processed, stored, or transmitted in Atlantic Health Systems computing environments. This position ensures that security design, consultation, and technology governance oversight is provided for various projects and initiatives in an effective and timely manner. The incumbent also assists system users relative to information security matters and undertakes complex projects requiring additional specialized technical knowledge. This position acts as information security liaison to various business units and other corporate entities as well as the Information Services & Support department. Must have extensive experience in developing, implementing, and maintaining an organizational data protection strategy.

Responsibilities:

In depth knowledge of industry standard security technologies, protocols, and best practices. Should have experience in developing and maintaining working relationships both within the organization and with external partners. Demonstrated conceptual, analytical, and innovative problem-solving and evaluative skills, demonstrated ability to understand and apply security controls broadly, including for system, application, and network resources. Strong knowledge and work experience with logical access controls to ensure confidentiality, integrity, and assurance of proprietary information. Knowledge and understanding of business processes and information systems of a healthcare institution a plus.

Excellent interpersonal skills: including the ability to work effectively in a team environment as a participant as well as team leader. Capacity to work independently along with a willingness to follow and/or seek advice/assistance as needed. Excellent time management, organizational and motivational skills.

• Will focus primarily on the design, architecture, and implementation of Zero Trust networking technologies, specifically Zscaler.

• Subject matter expert level knowledge of major world-class secure networking platforms such as those offered by vendors like Microsoft and Zscaler, as well as, CASB platforms like Microsoft Defender for Cloud Apps and Zscaler.

• Will maintain secure networking policies & rules and respond to associated events which support compliance to the company’s information security policies.

• Maintain a working relationship with a 24×7 external cyber security operations center monitoring service (MSSP).

• Assist in responding to and managing security events. Lead efforts to implement and manage solutions in the areas of virtualization, cloud technologies, data protection, threat protection, and security event monitoring.

• Lead and/or participate in technical discussions around projects and initiatives that require a security architecture and design component.

• Develop operational support plan as well as KPIs and other metrics around the technologies implemented specifically those implemented in the cloud or through virtualization platforms.

• Collaborate with infrastructure architecture, networking, server, endpoint, web and application development teams

Competencies/Security Technologies

• Expert level knowledge of Zero Trust Networking technologies from Zscaler. Related certifications a plus.

• Cloud Security – AWS – Certifications a plus

• Virtualization Technologies

• Network Security

• Security Information and Event Management (SIEM)

• Security Incident Handling/Response

• Computer, Network, and Policy Auditing

• Experience with Endpoint Security and Endpoint Detection and Response (EDR) Tools i.e., Crowdstrike

Educational/Technical Requirements

• Bachelor’s Degree in Computer Information Systems, Computer Science, MIS, Cybersecurity, or related technical discipline desired. Active Cyber Security Certifications will be considered in lieu of a formal degree.

• 7+ years of direct cyber or information security experience.

• Experience in a healthcare organization a plus but not required.

• Equivalent work experience in the Information Technology field may be considered.

• Will be able to illustrate a consistent and logical pattern of strategic career investments and professional development that have helped them develop the skills and experience required to be an effective Information Security leader.

• This can include advanced education, industry certifications, professional development, industry thought leadership, and other external interests and pursuits. (I.e., community involvement, philanthropy, etc.)

• Active certifications from Microsoft, SANS, ISACA and/or ISC2 not required but preferred.