The Senior Security Engineer is responsible for the ongoing Information Security operations in order to maintain the confidentiality, integrity, and availability of Springfield Clinic information systems and Electronic Protected Health Information (ePHI). The ideal candidate will have a deep background in Azure cloud solutions, Office 365 security & governance policy design experience, along with a demonstrated skillset and passion for security technology. Springfield Clinic is undergoing an exciting digital transformation where a high standard for security will be paramount.
Reports to the Information Security Manager
Perform technical application and infrastructure security vulnerability assessments across a wide range of IT/OT systems, including applications, wireless and wired networks, web services, mobile applications, thick clients, Cloud solutions, etc. Solid understanding of the security tools used to realize vulnerabilities within the environment. i.e. Nessus, Nmap, BURP Suite, Kali.
Assist and lead application security architecture reviews, threat modeling, and application security standards.
Penetration testing, enforcement of OWASP best practices, securing infrastructure
Secure user experience and contribute to the engineering team's best practice.
Assist in the design and management of secure network communications.
Responsible for security processes and how they apply to the organization's infrastructure management.
Build regular and automated reporting processes for infrastructure vulnerabilities.
Assist in architecture, design and implementation of solutions centered on security via on premise solutions, cloud-based solutions, or hybrid environments
Work primarily with other Information Security Department staff, key departments, and project teams to ensure the organization follows appropriate administrative procedures, physical safeguards, technical security services and mechanisms to guard integrity, confidentiality and availability of all Springfield Clinic data.
Influence the development of strategic road maps for the organization's entire security stack
Assist in the management of the organizations internal PKI Infrastructure.
Work with staff, vendors, outside consultants, and other third parties to improve the information security posture of Springfield Clinic.
Participate in ongoing information risk assessments and audits to ensure that information systems are adequately protected and meet applicable legal requirements.
Comply with the Springfield Clinic incident reporting policy and procedures.
Adhere to all OSHA and Springfield Clinic training & accomplishments as required per policy.
Provide excellent customer service and adhere to Springfield Clinic's Code of Conduct and Ethics Standards.
Perform other job duties as assigned.
Bachelor's degree in related field or at least 2-4 years of experience in Cloud Security and/or Information Technology, or a combination of education and experience.
Experience with Infrastructure as code (IaC).
Experience with DevSecOps tools, Docker, and Kubernetes.
Security certifications are a plus. (CISSP, Security+, CISA or CISM)
Knowledge, Skills and Abilities
Knowledge of O365 Governance and Policies.
Knowledge of penetration testing methodologies.
Broad knowledge of API Security, Container Security, Azure Cloud Security.
Good understanding of cloud networking, infrastructure management concepts and tools including VPN, Firewalls, VMWARE, Servers and Storage
Ability to work in a collaborative manner with technical and non-technical personnel.
Requires good interpersonal skills, ability to function in a fast paced, short deadline environment, and the ability to come up with innovative cost-effective decisions.
Experience scripting in PowerShell, Python, Perl or other languages.
Ability to weigh business risks and enforce appropriate information security measures. These measures may include items such as virus protection, security monitoring, intrusion detection, access control to facilities, and access control to computers.
Must possess the ability to obtain full support and cooperation from upper management and the executive level of the organization.
Professional office environment.
Ability to lift, move, or carry equipment or supplies of varying sizes and shapes, weighing up to 45 lbs.