IS Security Engineer

IS Security Engineer

Job Summary: Talent Software Services is in search of a IS Security Engineer for a contract position in Philadelphia, PA.  Opportunity will be Five months with a strong chance for a long-term extension.

• Exhibits proven technical knowledge in multiple information security disciplines (access control, monitoring, GRC), and industry standards frameworks, and security operations models.
• Exhibits proven technical knowledge in multiple security engineering disciplines and understands different firewall architectures.
• Demonstrates proficient skills in designing, implementing information security solutions, risk management platforms, and providing input on information security strategic plans.
• Provide leadership support to IS teams around security initiatives.
• Proven knowledge of security applications such as intrusion detection systems and forensics packages.
• Assists with budget planning, provide input on client's information security strategic planning, GRC, technology and engineering standards and practices.
• Co-facilitates cross-functional work teams and exhibits ability to clearly articulate problems, issues, and potential solutions to team members and clients (written & verbal) across multiple levels within the enterprise,
• Exhibits the ability to manage multiple concurrent projects, manage, mentor, and coach staff and client expectations.
• Exhibits extensive knowledge of related best practices and advocates their use throughout Client.
• Performs analysis and fulfills requests of eDiscovery & forensics investigations independently.
•  Participates in functional team members in activities related to incident response, change management, business continuity, and escalation planning.
• An Information Security Specialist III is a senior contributor with similar responsibilities as the Information Security Specialist II, but with a great degree of complexity. An Information Security Specialist III may be involve in some leadership activities. An Information Security Specialist III also:
  • Defines and documents information security principles and processes to assist enterprise solution architects in security decisions for the enterprise, including access control, security information and event monitoring, and data loss prevention, perimeter (e.g., firewalls, IPS, web filtering) and network security (host-based firewalls, anti-virus, disk encryption).
  • Develops, builds, tests deployment strategies for information security solutions for application development as part of the organizations System Development Life Cycle (SDLC) methodologies.
  • Defines and documents system security and compliance requirements in support of approved PMO projects, existing operational activities, trace all system security and compliance requirements, validates that requirements are addressed, including validation of the final detailed security design specifications to support PMO life cycle activities.
  • Performs analysis and fulfills requests of eDiscovery & forensics investigations independently by collecting evidence and maintaining chain of custody of records.
  • Participates as a member of the Hospital CERT team and performs various security information and event management procedures to support security investigations.
  • Participates on related InfoSec standards for business continuity and change management activities (e.g., table tops and change review board) and educates IS Hospital management on security issues (e.g., PCI, Identity and Access Management (IAM), Role Based Access Control (RBAC) models
  •  Reviews periodic risk analysis and risk assessment activities in support of regulatory requirements (e.g., HIPAA Security & Privacy Rules, PCI DSS, and Joint Commission) utilizing established Governance Risk Compliance (GRC) technology or customized solutions.
  • Facilitates analysis of information security issues and recommends solutions for remediation.
  • Meets with clinical and business units to determine specific security requirements for application development & validate that requirements, documentation, design, and build are complete and accurate for application level development projects.
  • Supports Client IS capital budget planning process.
    

•  Understand and comply with all enterprise and IS departmental information security policies, procedures and standards.
•  Support the integration of information security in the development, design, and implementation of Hospital Technology Resources that process, transmit, or store client's information.
• Support all compliance activities related to state, federal regulatory requirements, healthcare accreditation standards, and all other applicable regulations that govern the use and disclosure of patient, financial, or other confidential information.

• Comprehensive know of information security regulations, standards and leading practices, including understanding of EHR application access controls.
• Good knowledge of basic database query techniques & data mining to analyze data (e.g., Excel, SQL, Quickbase, Business Objects) or other related database functionality.
• Knowledge of MS Active Directory, UNIX, and Clinical Applications a plus.
• Experience implementing application level security in clinical and financial systems (e.g., Epic, Lawson). ERP experience a plus (PeopleSoft, SAP).
• Understands different firewall architectures (packet filter, application firewalls, application proxy, and VPN) and brands (Checkpoint, Cisco)
• General understanding of networking and communication techniques including WANs,LANs, Internet, Intranet, protocols, such as TCP/IP and their impact on security.
• Some knowledge of security applications such as intrusion detection systems and forensics packages (EnCASE), ArcSight, Foundstone
• Understands differences in perimeter and DMZ architectures & experience with industry standards with system architectures including various UNIX and Microsoft Windows server and desktop platforms.
• Has experience with application layer formats, usage and characteristics (HTTP, FTP,SSH, DNS, SMTP). Has knowledge of system architecture and design.
• Microsoft, UNIX, Lawson, and Clinical Applications (e.g., Epic).
• Experience with industry standard SDLC methodologies; hands-on experience in Project Server methodologies, PMO project management skills, including use of MS productivity tools (Access, Word, PowerPoint, Visio, Project).
• Experience with risk management frameworks. "
  

• Industry security certification required such as HealthCare Information Security andPrivacy Practitioner (HCISPP), Certified Internal Auditor (CIA), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT), Certified in Risk and Information Systems Control (CRISC) or other industry related certification a plus.
• Bachelor's degree in Computer Science, Information Systems, or related field required.
•  5-12 years related work experience; 4+ years of experience with information security,regulatory compliance and risk management concepts
• 3 years of security architecture/engineering required
• Comprehensive understanding of InfoSec risk management concepts, security engineering principles & practices, (e.g., COBIT or NIST).
• Demonstrates a basic knowledge and understanding of Information security principles, System Development Life Cycle (SDLC), general and IT controls, security engineering principles, and related information security policies and procedures.
• Exhibits knowledge of industry regulatory standards and accreditation requirements (HIPAA, PCI, and Joint Commission). "level 2a -COVID Vaccine Required.