Develop Information Security Plans and Policies
The Information Security Engineer will help plan and carry out an organization’s information security strategy. The selected candidate will develop a set of security standards and best practices for eClinicalWorks and recommend security enhancements to management as needed. The selected candidate will develop strategies to respond to and recover from a security breach. The Information Security Engineer will also be responsible for educating the workforce on information security through training and building awareness.
• Responsible for collaborating inter-departmentally on secure infrastructure/network engineering
• Assist in maintaining security awareness program including monthly end-user training and track metrics for reporting to management
The Information Security Engineer will install and use software, such as firewalls and data encryption programs, to protect organizations’ sensitive information. They also assist computer users with installation or processing of new security products and procedures.
• Provide analysis and trending of security log data from relevant security applications and services
Test for Vulnerabilities
Conduct periodic scans of internal networks and systems looking for vulnerabilities, misconfigurations, and out-of-date software packages. Conduct penetration testing, in which they simulate an attack on the system to highlight or find any weaknesses that might be exploited by a malicious party.
• Review vulnerability scans and compile reports to deliver to security management
• Provide threat and vulnerability analysis as well as security advisory services
• Analyze and report on software or hardware vulnerabilities
• Assists with providing detection, identification, and reporting of possible cyber-attacks/intrusions, anomalous activities, and misuse activities.
Monitor for Security Breaches
The Information Security Engineer must constantly monitor our networks and systems for security breaches or intrusions. They will install software that helps us notify of intrusions and be aware of irregular system behavior.
• Provide Incident Response (IR) support when analysis confirms actionable incident.
• Provide on-call support, as needed, for emergency security issues.
Investigate Security Breaches
If a breach has occurred, the Information Security Engineer leads incident response activities to minimize the impact. Afterwards, the will lead a technical and forensic investigation into how the breach happened and the extent of the damage. They will prepare reports of their findings and be reported to the Compliance team.
• Analyze, respond to and advise end-users and business stakeholders on incoming threats including phishing and potential threats reported by employees
• Investigate, document, and report on information security issues and emerging trends.
A strong multi-tasker with a keen eye for detail. They are well organized and thrive in fast-paced, high-stress scenarios. Engineer candidates with the following skills.
• Must be expert level user of Splunk, Sourcefire, Kali Linux, Websense and IDS/IPS
• Experience with Active Directory and SIEM tool
• Direct experience with anti-virus software, intrusion detection, firewalls and content filtering
• Knowledge of risk assessment tools, technologies and methods
• Experience designing secure networks, systems and application architectures
• Knowledge of disaster recovery, computer forensic tools, technologies and methods
• Experience planning, researching and developing security policies, standards and procedures
• Professional experience in a system administration role supporting multiple platforms and applications
• Ability to communicate network security issues to peers and management
• Ability to read and use the results of mobile code, malicious code, and anti-virus software