UofL Health Visa Sponsorship USA

Primary Location:

Med Plaza One - UMC

Address:

100 E Liberty St
Louisville, KY 40202

Shift:

First Shift (United States of America)

Job Description Summary:

The Senior Security Engineer is the process owner for all ongoing activities related to the availability, integrity, and confidentiality of patient, provider, employee, and business information, ensuring compliance with UofL Health’s information security (IS) program.

This employee performs all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction and interfaces with user community to understand their security needs and implements procedures to accommodate them. They ensure that user community understands and adheres to necessary procedures to maintain security and may require familiarity with domain structures, user authentication, and digital signatures. They conduct accurate evaluation of the level of security required. The employee must be able to weigh business needs against security concerns and articulate issues to management and may require understanding of firewall theory and configuration.

The Senior Security Engineer assists in the overall mission of the UofL Health Information Security Program to identify, assess, manage and investigate risks potentially impacting the patients, providers and workforce. This position provides the opportunity to work in a strong, creative team environment with other information security professionals on complex and rewarding projects that positively impact the entire system.

Job Description:

• Identifies, drafts, maintains, and discusses security policies, guidelines, procedures, and documentation based on industry standards
• Maintains a high security posture by assuring adherence to compliance and standards, policies and procedures and by monitoring the systems, hardware/software, and infrastructure
• Assists the AVP IT Security in the vetting, design and implementation of newly acquired network security technologies and to create strategies to mitigate organizational risk
• Assists in the development of security event monitoring and alerting content related to network security toolsets; works with other teams to develop end user security awareness and training and monitoring solutions, prevention tools, penetration testing and Incident Response
• Advances the cyber threat analytic tradecraft of the team and program
• Stays abreast of emerging threats and threat actors; utilizes existing and open source security investigation toolsets to identify attack vectors and reduce the overall attack surface; uses up-to-date technical insight on current threat and attack vectors to identify vulnerabilities and risks in the design of ULP infrastructure (networks, systems, applications) and uses this information to draft, discuss, and implement solutions and adjust the solution quickly based on new information as it arises
• Provides support to investigations & incident management team on matters of information security, intrusion mitigation/detection and computer forensics
• Manages and oversees security policies/configuration for DBMS, applications, systems, etc in both on-premise and cloud-hosted solutions (e.g., encryption keys, access controls, separation of duties, database audit logging, Central Audit Logging/Monitoring, etc.)
• Manages the team to ensure the configuring, tuning, and review and of security logs (e.g., central systems logging, database logging) to reduce false positives and improve detection of anomalies
• Manages and oversees vulnerability security scans of systems to help identify and correct infrastructure security issues found in environment; conducts security scans, vulnerability analysis and risk assessments
• Advises leadership through the creation of scorecards and reporting that displays current risk profile and provide insight for decision making
• Advises leadership when new regulatory rules (draft and final) are released, organizes meetings to present the results and helps to provide comments for CMS and proposes solutions to implement the rules (controls) in the system
• Provides proactive analysis and options for systems and operations changes to implement regulatory requirements; manages technical security requirements and designs sessions to ensure that solution architecture complies with all applicable State and Federal regulations

Education:

• High school diploma or GED/ equivalent (required)
• Bachelor’s degree (preferred)

Experience:

• Bachelor’s degree AND four (4) years of experience in an information systems security environment (required)

OR

• Eight (8) years of experience in an information systems security environment working with data, software, hardware, network, web and access management (required)
• Prior account administration experience, including Active Directory LDAP and IAM (required)
• Experience leading, executing and operating enterprise scoped security projects in the following domains: platform security, end point security, network security, infrastructure, cloud security, data security and threat prevention (preferred)

Certification:

Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) (preferred)