The Senior IT Security Engineer is responsible for identifying, evaluating, and implementing technical security controls to prevent, detect, contain, and respond to information security threats, which includes supporting the technology efforts of AltaMed. This person is required to analyze threats using a variety of security technologies, including email filtering, anti-malware, access control, phishing detection, Cloud Access Security Broker (CASB)/web filtering, firewalls, intrusion detection/prevention, data loss prevention, and data encryption. Reviews and guides security configuration of a variety of applications and endpoint systems, including servers, desktops, network devices, and Internet of Things (IOT)/Operational Technology (OT) devices. Required to lead projects and project teams within and outside the security department. Must maintain an in-depth understanding of current and emerging security threats, recommending technical and process improvements to protect against such threats. This individual also assists in the development and maintenance of information security strategy and will be required to provide support across other technology and business units, ensuring the implementation and operation of the appropriate security controls across the organization are aligned with Information Security policies and standards.

• Bachelor’s Degree in Computer Science, Health / Business Administration, or Information Technology, and 4 years of progressive experience in information security as an engineer, architect, or analyst.
• Instead of a college degree, 6 years of progressive experience in information security as an engineer, architect, or analyst.
• Knowledge and understanding of relevant legal and regulatory requirements (i.e., HIPAA, PCI, Privacy, etc.) are required.
• Must hold an active Certified Information Systems Security Professional (CISSP) certification.

Skills and Abilities

• Strong analytical skill set to decipher business needs and recommend solutions.
• Must have the ability to manage multiple deadlines.
• Excellent problem-solving abilities.
• Detail-oriented and able to follow up and follow through on project actions and tasks.
• Demonstrated ability to address IT risk by coming up with the appropriate security controls to mitigate the risk to the business.
• Excellent communication and organization skills, both written and verbal
• Superior customer focus and the ability to manage customer expectations.
• Demonstrated commitment to and leadership of continuous process improvement.

Essential Job Functions

• Serves as the primary technical security engineer responsible for maintaining and managing controls over secure email, anti-phishing, vulnerability management, anti-malware, Cloud Access Security Broker (CASB) / web filtering, Data Loss Prevention (DLP), and mobile device security, helping AltaMed Health Services comply with enterprise and IT security policies, Federal/State law, industry regulations, and best practices.
• Designs and implements security controls to address information security policies, standards, and other requirements as they relate to specific internal and externally hosted IT systems. Where appropriate, collaborates with internal and external technology teams to understand and implement AltaMed's information security requirements.
• Conducts risk and vulnerability assessments of existing and potential new systems and, as appropriate, recommends information security controls and remediation activities to address identified risks, threats, and vulnerabilities and identifies integration issues and potential cost estimates for recommended solutions.
• Leading threat hunting activities and assisting in audits and third-party penetration tests to identify areas of risk to AltaMed.
• Proactively reviews information security news sources for risk and threat trends as well as third-party software updates for systems potentially impacting AltaMed.
• Proactively monitors updates to legal, regulatory, and industry requirements and control frameworks, such as HIPAA Security Rule, PCI Data Security Standards, State and Federal Privacy Laws, NIST Cyber Security Framework, NIST 800-30, NIST 800-53, etc.
• Assists in the designing and engineering of internal information handling processes so that information is appropriately protected from a wide variety of problems, including unauthorized disclosure, unauthorized use, inappropriate modification, premature deletion, and unavailability
• Assists in incident response efforts by investigating suspicious activity under direction from the VP, documenting work performed, and providing timely updates to the VP on progress and results.
• Ensure all areas of the Information System and Technology environment adhere to regulatory requirements (HIPAA, CPRA/CCPA, HRSA, etc) and established standards of good practice or defined information security frameworks (NIST Cyber Security Framework, NIST 800-30, NIST 800-53, PCI Data Security Standard, etc.)

About AltaMed

As the nation’s largest Federally Qualified Health Center (FQHC), AltaMed is at the forefront of providing affordable, high-quality health care to underserved communities in Los Angeles and Orange Counties. At AltaMed, you will have the opportunity to work with a diverse team of dedicated professionals who are passionate about making a difference and supporting our community of over 400,000 patients.

Connections working at AltaMed