Skip to main content

Info Security Engineer – Cyber

Website Piedmont Healthcare

Real Change Lives Here

JOB PURPOSE:
Works across the enterprise to develop and implement security requirements, security guidance, security
architecture, and technology solutions to address existing and emerging security issues. Responsible for
building, implementing and providing guidance on maintaining a broad suite of information security
infrastructure, and accountable for security and networking infrastructure components, their availability
and integrity. Duties will also include determining enterprise security requirements; planning,
implementing, and testing security systems, preparing security standards, and procedures.

KEY RESPONSIBILITIES:
1. Validate IT infrastructure and other reference architectures including Cloud security architectures for
security best practices, and recommend changes to enhance security and reduce risk where
applicable.
2. Performs security administration of vulnerability management, email gateway, user access
provisioning, and other security protection tools. Manages escalated abnormal user behavior and
policy violations incidents.
3. Provide and help implement design and product recommendations for security technologies needed
across the enterprise including but not limited to: developing requirements for local area networks
(LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related
security and network devices; designs and implements public key infrastructures (PKIs), including use
of certification authorities (CAs) and digital signatures as well as related infrastructure, implements
security application upgrades, single sign-on/password administration, and other new security
initiatives.
4. Liaise with the business continuity team to validate security practices for both disaster recovery
planning (DRP) and business continuity management (BCM) testing.
5. Liaise with the internal audit team to review and evaluate the design and operational effectiveness of
security related controls.
6. Create security documentation including requirements definitions, risk assessments, high level and
detailed design documents and risk and recommendation documentation.
7. Lead/Support security design efforts on projects and guide and collaborate within and outside the
Information Security team.
8. Consult with IT and security staff to ensure that security is factored into the evaluation, selection,
installation and configuration of hardware, applications and software.
9. Design, implement and oversee security testing procedures to verify the security of systems,
networks and applications, and manage the remediation of identified risks.
10. Effectively translates business objectives and risk management strategies into specific security
processes enabled by security technologies and services.

KNOWLEDGE, SKILLS, ABILITIES

    • Strong leadership skills and the ability to work effectively with business managers, IT engineering and
      IT operations staff.
    • Excellent verbal, written communication skills. Must be able to communicate effectively with the IT
      organization, project and application development teams, management, and business personnel.
    • Strong analytical skills to analyze security requirements and relate them to appropriate security
      controls.
    • Knowledge of threat modeling and other security risk identification methods.
    • Knowledge of system security vulnerabilities and remediation techniques.
    • Exposure to multiple security engineering disciplines including application security, secure software
      development, cryptography, network security, system security, and security policy.
    • A solid understanding of Information Security & IT controls, penetration testing, vulnerability
      assessments, HIPAA, NIST and ISO frameworks, and other information security governing bodies.
    • Demonstrate ability to develop architectures for enterprise environments.

MINIMUM EDUCATION REQUIRED:
Bachelors degree in Computer Science, Information Technology or related field required.
In lieu of degree, four (4) years of relevant work experience will be accepted in addition to the experience
requirement.

MINIMUM EXPERIENCE REQUIRED:

    • Five (5) years of experience in an information security role to include experience in security design,
      architecture or consulting capacity.
    • Experience with network or systems administration, performing IDS/IPS real-time monitoring analysis,
      network forensics, security architecture, network engineering, security engineering, or similar areas in a
      medium or large corporate environment.
    • Experience with building security architecture into security DevOps.
      (If no degree, a total of nine (9) years of experience required.)

MINIMUM LICENSURE/CERTIFICATION REQUIRED BY LAW:
None.

ADDITIONAL QUALIFICATIONS:

    • Healthcare information security and privacy experience preferred.
    • Certified in one or more of the following area(s):
      • Certified Information Systems Security Professional (CISSP)/Information System Security
        Architecture Professional (CISSP-ISSAP)
      • GIAC Certified Intrusion Analyst (GCIA), GIAC Certified
        Enterprise Defender (GCED)
      • GIAC Security Essentials Certified (GSEC)
      • Payment Card Industry Professional (PCIP)
      • Certified Information Security Manager (CISM) or equivalent certification

*Hybrid Role

To apply for this job email your details to johnny.morillo@piedmont.org

You can apply to this job and others using your online resume. Click the link below to submit your online resume and email your application to this employer.