Security Engineer

Overview

The Security Engineer will play a critical role in advancing the organization’s overall securitymaturity by continuously evaluating and improving the organization’s security framework,ensuring alignment with industry’s best practices, and driving initiatives that reduce risk andenhance the security posture across the organization. This role is critical in safeguarding theorganization’s data, applications, and systems by designing, implementing, and managingadvanced security solutions. The Security Engineer will focus on security posture, vulnerabilitydiscovery and remediation, protections, CVE monitoring, vendor security, and will collaboratewith cross-functional teams to enhance security practices, as well as back up other security teammembers. Daily familiarity with current threats, tools used in-house, risk remediation, and IRT isessential.

Responsibilities

▪ Design and Implementation: Implements robust security architectures and solutions toprotect against threats. This includes systems, network devices, intrusiondetection/prevention systems, VPNs, and other various security tools.▪ Monitoring and Analysis: Continuously monitors for suspicious activities and potentialsecurity breaches. Utilizes analytics tools to identify and mitigate threats in real time.▪ Incident Response: Participates in incident response activities related to securitybreaches. Conducts thorough investigations, root cause analysis, and develop mitigationstrategies to prevent future incidents.▪ CVE Monitoring and Remediation: Monitors and manages CVEs (CommonVulnerabilities and Exposures) relevant to the organization. Assists in remediationstrategies and ensure all vulnerabilities are addressed promptly.▪ Vendor Risk Management: Provides vendor risk management for assigned vendors.Conducts regular assessments, monitoring, and communication to ensure vendors adhereto security standards and practices.▪ Security Assessments: Performs regular vulnerability assessments and penetration testingsystems. Identifies and remediates vulnerabilities to enhance the overall security posture.▪ Policy and Compliance: Assists with the development and enforcement of securitypolicies, procedures, and standards. Ensures compliance with industry regulations andbest practices, including but not limited to GDPR, HIPAA, and PCI-DSS.▪ Collaboration: Works closely with internal teams, including IT, DevOps, and applicationdevelopment, to integrate security best practices into the design and deployment of newtechnologies and services.

▪ Documentation: Maintains comprehensive documentation of security configurations,incidents, and remediation activities. Ensures all security assets are accurately inventoriedand tracked.▪ Threat Intelligence: Stays updated with the latest threats in the marketplace and the toolsused within the organization. Performs threat intelligence initiatives to enhance thesecurity posture of the organization.▪ Must carry a cell phone and be available for consult or assistance when needed 24 hours aday/7 day a week to respond to security breaches and other related duties.▪ Other duties as assigned.

Qualifications

Education and Experience

Bachelor’s degree in Computer Science, Information Technology,Cybersecurity, or a related field. Minimum of five (5) years of handson experience in security engineering.

Special Skills, Licenses and Certifications

Relevant certifications such as CISSP, CCSP, CCNP Security, GIAC,or similar are highly desirable. In-depth knowledge of securityprinciples, protocols, and technologies. Proficiency in configuring andmanaging firewalls, IDS/IPS, VPNs, and other security appliances.Experience with security monitoring and analysis tools (e.g., SIEM,Wireshark, Snort). Strong understanding of TCP/IP, routing, andswitching, Windows and Linux environments. Familiarity with cloudsecurity best practices for platforms such as AWS, Azure, and GoogleCloud.

Performance Based Competencies

Excellent problem-solving and analytical skills. Strong communicationand interpersonal skills, with the ability to convey complex securityconcepts to non-technical stakeholders. Proven ability to workindependently and as part of a team in a fast-paced, dynamicenvironment.

Work Environment And Physical Demands

More than 50% of work time is spent in front of a computer monitor.May be required to bend, stoop, kneel, crawl, or work in other nonstanding and non-sitting positions to install cabling, systems hardware,and other related equipment.

All HealthPlan employees are expected to:

• Provide the highest possible level of service to clients;
• Promote teamwork and cooperative effort among employees;
• Maintain safe practices; and
• Abide by the HealthPlan’s policies and procedures, as they may from time to time be updated.

HIRING RANGE:

$118,518.94 - $154,074.63

IMPORTANT DISCLAIMER NOTICE

The job duties, elements, responsibilities, skills, functions, experience, educational factors and the requirements and conditions listed in this job description are representative only and not exhaustive or definitive of the tasks that an employee may be required to perform. The employer reserves the right to revise this job description at any time and to require employees to perform other tasks as circumstances or conditions of its business, competitive considerations, or work environment change.