Working Conditions: Full-time (M-F), Office Business Settings. This is an On-Premises position. Monday through Thursday (9-5) and remote on Fridays only.
Position Summary: The Security Engineer is responsible for securing, maintaining, and monitoring MedReview’s enterprise infrastructure and networking security. The role is tasked with detecting vulnerabilities, planning with departments for deployment, and remediating vulnerabilities within the infrastructure. The Security Information Engineer is also tasked with deploying best practices for securing information as well as platforms in the infrastructure.
Job Responsibilities: This list does not represent all responsibilities for this position. Candidates must be willing and able to assume roles and responsibilities other than these to meet the needs of the organization.
- Manage IT Security operations
- Vulnerability detection through scanning platforms (Rapid7)
- Implementation and planning with business and engineering team of found vulnerabilities
- Remediation of vulnerabilities through multiple vectors (WSUS, GPO)
- Antivirus policy creation, reporting, and remediation on malicious files (SentinelOne)
- Plan for GPO policy upgrades to secure business operations (Active Directory)
- Audit and remediation of access permissions for NFS/NTFS systems (Shared folders)
- Adhere to best practices of securing currently used applications and platforms (MFA, Certificate)
- Coordinate with staff for deployment of remediations with urgent vulnerabilities (Emergency Remediation, I.E WannaCry)
- Participate in internal and external audits (HiTrust)
- Maintain or create policies, procedures, and other documentation when necessary
- Find security gaps within the infrastructure
- Development and Documentation of Security Practices
- Lead and execute projects for security
Required Experience:
- Four-year degree or higher in Information Systems or Security, or related field or equivalent combination of work
- Very strong hands-on experience (Required 5+ years) of computer-related security experience in a technical role within Information Technology
- Previous engineering experience preferred
- Working knowledge of various Identity and Access management systems a plus
- CISSP, CISM, CISA, CCSP, ITIL, Security + or other related certification preferred
- Advanced understanding of infrastructure: Active Directory, Exchange, Windows desktop/server OS, VMware, storage systems, DNS, firewalls
- Advanced understanding of protocols: WMI, SNMP, TLS, SSL, SMB, Cipher Suites
- Advanced understanding of securing systems and platforms through device/policy hardening
- Understanding of SSL Certificates
- Ability to communicate technical information in a clear manner, both written and verbally, to end users
- Proficient knowledge of MS Outlook, Word, Excel, Visio, and PowerPoint
- Experience with HIPAA, HITRUST, HITECH, PCI, ISO 27001, ISO 27002, URAC regulations and awareness and/or experience with CMS, NIST and other healthcare industry-related regulations
- Availability to work nights and weekends during (un)planned outages and other special circumstances, with 24/7 accountability
- Availability to enter on-call rotation
- Ability to lift 50 lbs.
Benefits and perks include:
- Healthcare that fits your needs: We offer excellent medical, dental, and vision plan options that provide coverage to employees and dependents.
- 401(k) with Employer Match: Join the team and we will invest in your future.
- Generous Paid Time Off: Accrued PTO starting day one, plus additional days off when you’re not feeling well, to observe holidays.
- Wellness: We care about your well-being. From Commuter Benefits to FSAs we’ve got you covered.
- Learning & Development: Through continued education/mentorship on the job and our investment in LinkedIn Learning, we’re focused on your growth as a working professional.
Salary: 125k-145k
#J-18808-Ljbffr