Our client is a large, non for profit healthcare organization seeking a Senior-level IT Security Engineer who can take ownership of penetration testing, cyber security audits, vulnerability scanning, and investigations of cybersecurity incidents.
The primary responsibilities for this Senior Information Security Engineer will include:
- Working under the direction of the Chief Information Security Officer and the Director of IT, as a Senior team member
- Contributing to the evaluation and selection of cyber security technologies (firewalls, monitoring platforms, intrusion prevention platforms, malware detection, log analysis tools, etc)
- Leading the implementation and configuration of cyber security technologies
- Adopting cyber security frameworks (NIST 800-53, ISO 27001/2, FISMA, FIPS) as well as healthcare specific RMF (HIPAA, HITRUST CSF, HITECH)
- Participating in the development and evaluation of security policies and procedures.
- Contributing to enterprise security policies related to network access, appropriate use of computer equipment, and data usage.
- Coordinating cyber threat mitigation activities, security breach detection, containment, and restoration activities and contribute to HUH’s disaster response plan.
- Conducting cyber security audits, penetration tests, and investigations of cybersecurity incidents.
- Evaluating, Implementing and using a variety of information security devices and applications
- WAF Devices: Barracuda, Imperva / SecureSphere or Incapsula, F5 / BigIP ASM, Penta / WAPPLES, Sophos / XG, Radware / Appwall, Akamai, etc
- Vulnerability Scanning Tools: Netsparker, Qualys, BurpSuite, Nexpose, Acunetix, WireShark, Nessus, Nikto, OpenVAS, Retina, Tripwire, etc.
- PenTesting Tools: Nmap, Metasploit, w3af, John the Ripper, Cain & Abel, etc.
- Responding to security alarms and mission-critical issues.
- Creating and distributing cyber security awareness bulletins and training materials for staff
Required Experience & Qualifications
- Bachelor of Science in Computer Science, Engineering or a related field, OR the equivalent in hands-on experience
- CISSP Certification, and/or other Security Certifications (CEH, CISA, are highly preferred)
- Advanced knowledge of Risk Management Frameworks (RMF): NIST 800-52, ISO 27001/2, FISMA, FIPS,
- Specific healthcare RFM is also required: HIPAA, HITRUST, HITECH, etc.
- Strong knowledge of WAF, Vulnerability Scanning and PenTesting tools
Position Type: 6+ Months Contract to Hire
Hourly Rate: $70 + / hour W2
Compensation Range: $125,000 – $150,000 / year