United States based applicants only please.
The security specialist serves as a specialist in the development, implementation and administration of internal facility security functions including maintaining customer security requirements. This role analyzes security processes and documents and maintains appropriate levels of controls.
Essential Duties and Responsibilities include the following. Other duties may be assigned. To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required with suggested percentages of time to be allotted (where applicable). Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Monitor information security risks related to the systems, networks and processes to ensure internal security controls are appropriate and operating as intended.
- Review logs and reports from security systems. Identify abnormalities and report violations. Work with team members to resolve potential security issues.
- Defend systems against unauthorized access, modification and/or destruction.
- Configure and support security tools such as firewalls, anti-virus software, patch management systems.
- Oversee and monitor routine security administration.
- Perform risk assessments that evaluate the risk in the StayWell environment and report findings to management. Implement approved risk mitigation strategies.
- Perform vulnerability testing and security assessments.
- Assist with client and internal audit requests.
- Coordinate and execute IT information security projects.
- Coordinate response to information security incidents and provide post-incident analysis.
- Create, manage and maintain user security awareness.
- Research and recommend security upgrades.
- Conduct security research to keep abreast of the latest security issues.
- Participate in the disaster recovery program.
- Perform other related duties as assigned.
Education and/or Experience
- Qualified and successful candidates will have at least 1-3 years of experience working extensively within information security.
- Experience implementing and maintaining information security technologies, such as: IDS/IPS, malware prevention, end-point protection, multi-factor authentication, security information and event management (SIEM), web content filtering, encryption, network access control (NAC), data loss prevention (DLP), firewall administration and vulnerability scanners.
- Knowledge of LANs, WANs, SANs, Microsoft Active Directory, Microsoft Windows server and desktop operating systems, Linux operating systems, Microsoft IIS, Microsoft SQL, and Oracle.
- Experience with and involvement in Incident handling and incident response.
- Experience with tools that perform vulnerability assessment and patching.
- Expertise in technology platforms, tools and processes used in the healthcare environment required.
- Expertise of enterprise architecture, IT Operations and Security required.
- Experience with secure coding practices, ethical hacking and threat modeling
- Experience with complex project management, personnel management, vendor management, budgeting and financial management required.
- Experience in strategic planning and execution required.
- Superior understanding of organizational goals and objectives required.
- In-depth knowledge of applicable laws and regulations as they relate to IT and healthcare required, including HIPAA, NIST, GLBA, ISO 27001/27002, ITIL and COBIT frameworks.
- Demonstrate the initiative to continuously stay apprised of emerging security threats and the general information security landscape.
- Experience in performing log collection, correlation, and reviews of automated alerts for items such as, and not limited to: malware alerts, change detection alerts, and security system health alerts, exploit attempt alerts, etc.
- In-depth understanding of a variety of network and application attacks; must be able to demonstrate a minimum level of familiarity with well-known vulnerabilities and exploits.
- Excellent interpersonal, verbal, and written communication ability.
- Excellent problem-solving ability.
This position requires some weekend and evening assignments as well as availability during off-hours for participation in scheduled and unscheduled activities.