ConnectiveRX is seeking an Engineer of Information Security Operations to join our team. The Engineer of Information Security Operations will monitor, manage, and maintain the technologies and processes used to secure company information systems and networks. The successful candidate must demonstrate a strong ability to manage and improve operational security functions, implement risk-based solutions, develop and maintain security metrics, promote security best practices and training across the organization and partner with stakeholders from various IT and business teams.Focus areas will include managing security requests, investigating and responding to alerts and incident tickets from the Security Operations Center, conducting user access reviews, developing and maintaining security documentation, network and endpoint security management,vulnerability management, identity and access management, incident response, SIEM and log management, cloud security operations, overall security monitoring, and reporting. Additionally, the candidate will be responsible for contributing to internal control testing related to client and regulatory audits (e.g. PCI, HIPAA, SOC1/2) by gathering and submitting proper technical evidence based on control testing needs and ensuring controls tests are completed comprehensively and on time.
This position is responsible for responding to and managing all security events and incidents to ensure the protection of patient and client data across the business.
This position works with other stakeholders and the Information Security leadership team on matters related to security events and risks to the organization.
Your Day to Day:
Monitor and manage the Information Security request queue, including analysis and resolution of outstanding issues and process improvement.
Manage endpoint and network security environments including overall health, policy modifications, troubleshooting/resolving issues and producing monthly health metrics for workstations, servers, and identities.
Work directly with the Security Operations Center (SOC) to analyze and resolve security events/alerts.
This includes some monitoring and management of the SIEM platform, managing the logging health of various log sources (e.g. Windows and Linux systems, cloud infrastructure and services, and network and security infrastructure).
Works directly with Information Security Engineering and Governance, Risk and Compliance (GRC) resources as needed to investigate and resolve issues.
Supports and manages the vulnerability management platforms for infrastructure and application scanning.
Includes the development and maintenance of scanning policies, onboarding assets, reporting, validation and false positive research, remediation tracking, and process improvement.
Conduct internal security control testing. Includes gathering, uploading, and reviewing evidence within the GRC (Governance, Risk and Compliance) tool.
Supporting PCI, SOC1/2, HIPAA, and client security assessments.
Manage and maintain Information Security training and awareness campaigns (e.g. training, phishing).
Developing/monitoring campaigns, ensuring required training is complete, producing reports/metrics and recommending improvements to the current process.
3+ years of Information Security / Cybersecurity experience
Strong knowledge of Information Security / Cybersecurity related technologies, processes, and tools.
Working knowledge of Office 365 security concepts, policies, settings, alerting, audit logging, security and compliance center, cloud app security and investigations is required.
Minimum working knowledge of:
identity and access control
policy and governance
Staying up to date on recent threats, security tools and concepts is required.
Experience implementing Amazon AWS security tools and concepts.
Experience identifying assets (e.g. servers, network devices, applications), identifying network layouts and determining security risk and potential solutions.
Security focused degree and/or certifications a plus (e.g. BS/MS in Cybersecurity or related discipline, CEH, OCSP, CISSP, CISA, CompTIA Security+, etc.)
Familiar with network security concepts and products (e.g. firewall (Palo Alto, Cisco), network (e.g. Cisco, Meraki), email (O365). Cisco Umbrella a major plus).
Familiar with endpoint security products and concepts (e.g. malware protection, network protection, forensics, DLP, compliance. Bitdefender a plus).
Familiar with security monitoring (SIEM), analysis and resolution of security events/alarms (AlienVault a plus).
Familiar with identity and access management concepts (e.g. Azure Active Directory, SSO, user access reviews).
Familiar with implementing NIST CSF, CIS top 20, SOC1/2, PCI, HIPAA, or related security frameworks.
Strong analytical skills
ability to work autonomously or in groups toward a common goal
resourceful and able to make progress quickly
ability to build relationships, influence and educate on matters related to Information Security.
HIPAA and healthcare experience a plus
Understanding of SDLC process is a plus
Strong Windows Active Directory and Networking experience a plus