Sr. Security Engineer

Overview

The Sr. Security Engineer will play a critical role in advancing the organization’s overall security maturity by continuously evaluating and improving the organization’s security framework, ensuring alignment with industry’s best practices, and driving initiatives that reduce risk and enhance the security posture across the organization. This role is critical in safeguarding theorganization’s data, applications, and systems by designing, implementing, and managing advanced security solutions. The Sr. Security Engineer will focus on security posture, vulnerability discovery and remediation, protections, CVE monitoring, vendor security, and will collaborate with cross-functional teams to enhance security practices, as well as back up other security team members. Daily familiarity with current threats, tools used in-house, risk remediation, and IRT leadership is essential.

Responsibilities

▪ Design and Implementation: Develops and implements robust security architectures and solutions to protect against threats. This includes systems, network devices, intrusion detection/prevention systems, VPNs, and other various security tools.▪ Monitoring and Analysis: Continuously monitors for suspicious activities and potential security breaches. Utilizes advanced analytics tools to identify and mitigate threats in real time.▪ Incident Response: Leads and coordinates incident response activities related to security breaches. Conducts thorough investigations, root cause analysis, and develop mitigation strategies to prevent future incidents.▪ CVE Monitoring and Remediation: Monitors and manages CVEs (Common Vulnerabilities and Exposures) relevant to the organization. Implements remediation strategies and ensure all vulnerabilities are addressed promptly.▪ Vendor Risk Management: Oversees vendor risk management for assigned vendors. Conducts regular assessments, monitoring, and communication to ensure vendors adhere to security standards and practices.▪ Security Assessments: Performs regular vulnerability assessments and penetration testing systems. Identifies and remediates vulnerabilities to enhance the overall security posture.▪ Policy and Compliance: Develops and enforces security policies, procedures, and standards. Ensures compliance with industry regulations and best practices, including but not limited to GDPR, HIPAA, and PCI-DSS.▪ Collaboration: Works closely with internal teams, including IT, DevOps, and application development, to integrate security best practices into the design and deployment of new technologies and services.

▪ Training and Mentorship: Provides guidance and training to junior team members on security principles, practices, procedures, and technologies. Fosters a culture of continuous learning and improvement within the team.▪ Documentation: Maintains comprehensive documentation of security configurations, incidents, and remediation activities. Ensures all security assets are accurately inventoried and tracked.▪ Threat Intelligence: Stays updated with the latest threats in the marketplace and the tools used within the organization. Leads threat intelligence initiatives to enhance the security posture of the organization.▪ Must carry a cell phone and be available for consult or assistance when needed 24 hours a day/7 day a week to respond to security breaches and other related duties.▪ Other duties as assigned.

Qualifications

Education and Experience

Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field. A Master’s degree is a plus. Minimum of 7 years of hands-on experience in security engineering

Special Skills, Licenses and Certifications

Relevant certifications such as CISSP, CCSP, CCNP Security, GIAC, or similar are highly desirable. In-depth knowledge of security principles, protocols, and technologies. Proficiency in configuring and managing firewalls, IDS/IPS, VPNs, and other security appliances. Experience with security monitoring and analysis tools (e.g., SIEM, Wireshark, Snort). Strong understanding of TCP/IP, routing, and switching, Windows and Linux environments. Familiarity with cloud security best practices for platforms such as AWS, Azure, and Google Cloud.

Performance Based Competencies

Excellent problem-solving and analytical skills. Strong communication and interpersonal skills, with the ability to convey complex security concepts to non-technical stakeholders. Proven ability to work independently and as part of a team in a fast-paced, dynamic environment.

Work Environment And Physical Demands

More than 50% of work time is spent in front of a computer monitor. May be required to bend, stoop, kneel, crawl, or work in other nonstanding and non-sitting positions to install cabling, systems hardware, and other related equipment.

All HealthPlan employees are expected to:

• Provide the highest possible level of service to clients;
• Promote teamwork and cooperative effort among employees;
• Maintain safe practices; and
• Abide by the HealthPlan’s policies and procedures, as they may from time to time be updated.

HIRING RANGE:

$136,296.78 - $177,185.82

IMPORTANT DISCLAIMER NOTICE

The job duties, elements, responsibilities, skills, functions, experience, educational factors and the requirements and conditions listed in this job description are representative only and not exhaustive of the tasks that an employee may be required to perform. The employer reserves the right to revise this job description at any time and to require employees to perform other tasks as circumstances or conditions of its business, competitive considerations, or work environment change.