Information Security Engineer

Job Title: Information Security Engineer

Department: Information Technology

Location: Remote

Hours Per Week: 40

Schedule: Monday - Friday, 9:00 AM - 5:00 PM

 

SUMMARY

The Information Security Engineer is a highly skilled technical security professional that is responsible for security at various stages of a project, system implementation, during a significant change to a system, or when implementing security controls, applications, or security systems. The Information Security Engineer will advise on risks associated with the use of third party providers, and what configurations are necessary for IT systems.

RESPONSIBILITIES

• Perform an assessment of what security controls should be put in place during the implementation, substantial change, or upgrade to an IT system. 
• Perform assessments of security control implementations to look for opportunities for improvement.
• Perform assessments of third party service providers, and recommend risk reduction measures. 
• Configure the ACM/Drugscan/DSI Active Directory domains to establish and maintain the structure by which access management is enforced. 
• Assure that connections between corporate and third party systems are configured securely.
• Work with network service providers to develop and implement network segmentation in order to reduce the risk that a compromise of a system on the intranet does not result in unnecessary risk to additional IT system resources. 
• Program network firewalls, and perform periodic reviews of network firewall configurations. 
• Consult with service providers regarding, and/or configure security appliances as needed, including data leak prevention systems, mobile device management systems, legal electronic discovery system, file integrity/monitoring systems, etc. 
  Be a primary consultation resource for designing methods to remediate risks to IT systems and data, such as by recommending and/or implementing security configurations. 
• Define and assure that system logging is appropriately established and that log review is being appropriately carried out by the managed service provider in alignment with our unique security requirements.

 

REQUIRED QUALIFICATIONS

• 7+ years technical experience related to managing information security systems.

 

PREFERRED QUALIFICATIONS

• 4 year degree in an information security or information technology program is preferred
• CISSP/CISM certification or equivalent preferred 
• Experience in designing and implementing information security controls required
• Experience working in cross-functioning security teams

EDUCATION:

LICENSES / CERTIFICATIONS: 

PHYSICAL REQUIREMENTS:

L - Light Work - Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force frequently, and/or a negligible amount of force constantly; requires occasional walking, standing or squatting.

For disease specific care programs refer to the program specific requirements of the department for further specifications on experience and educational expectations, including continuing education requirements.

Any physical requirements reported by a prospective employee and/or employee’s physician or delegate will be considered for accommodations.

PAY RANGE:

$90,000.00 - $130,000.00

CITY:

Rochester

POSTAL CODE:

14624

The listed base pay range is a good faith representation of current potential base pay for a successful full time applicant. It may be modified in the future and eligible for additional pay components. Pay is determined by factors including experience, relevant qualifications, specialty, internal equity, location, and contracts.

Rochester Regional Health is an Equal Opportunity/Affirmative Action Employer.
Minority/Female/Disability/Veterans by a prospective employee and/or employee’s Physician or delegate will be considered for accommodations.