Senior Security Engineer
The Senior Security Engineer, Technical Services will be responsible for providing active and engaged engineering support to business and IT teams relative to security. They will support the company’s strategic and tactical initiatives. This individual will liaise and collaborate directly with internal departments and company’s affiliates to engineer, document, and monitor multiple technical security solutions and processes simultaneously to protect the organization's information assets. This role will be responsible for ensuring IT solutions acquired or developed are implemented and managed in a secure manner which meets company standards and policies. This individual will also ensure regulatory compliance requirements and IT security risks are addressed for all IT functions.
• Proficient in patch and vulnerability management tools and practices with SCCM, Configuration Manager, Intune.
• Create packages for third party software to maintain software level compliance across all Microsoft systems.
• Collaborate with Senior Engineers to design and Implement information security technologies and best practices improving confidentiality, integrity, and availability of MEDHOST services
• Monitor and respond to alerts for any security and infrastructure during and after business hours
• Responsible for overseeing all security-related needs for Microsoft operating systems, including but not limited to Windows 10/11, server platforms, Azure, and Office 365. This encompasses the development and enforcement of security policies, managing identity and access controls, ensuring data protection across all Microsoft platforms, and staying up-to-date with the latest security features and updates offered by Microsoft.
• Maintains security by monitoring and ensuring compliance to standards, policies, and procedures; conducts incident response analyses and develops controls to mitigate recurrence.
• Experienced in threat hunting and the use of open-source security tools (e.g., Metasploit, BloodHound).
• Strong understanding of network security protocols, encryption techniques, and authentication mechanisms.
• Create API integrations for enhancing security operations and automation.
• Conduct regular security audits and vulnerability assessments to identify potential risks and provide recommendations for remediation.
• Prepares system security reports by collecting, analyzing, and summarizing data and trends.
• Updates job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
• Enhances department and organization reputation by accepting ownership for accomplishing new and different requests; exploring opportunities to add value to job accomplishments.
• Understanding of security policies, procedures, and guidelines for the organization, including disaster recovery and business continuity plans in regards to the technologies the security team engineers are responsible for.
• Overseeing the security aspects of the entire technology stack, including applications, network infrastructure, and cloud-based platforms
• Enhances security team accomplishments and competence by assisting in delivery of solutions; answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring other team members
To fulfill the responsibilities of this position, the Security Engineer should have the following skills, training, and knowledge:
• Excellent analytical, problem-solving, and decision-making skills.
• Minimum of 5 years of experience in cybersecurity, with a strong focus on Windows environments and Active Directory.
• Effective communication skills, capable of explaining complex security concepts to non-technical stakeholders.
• Comprehensive knowledge of and experience with security engineering or risk management tasks, techniques and tools
• Thorough understanding of security controls and their integration and implementation with IT components and operations
• Maintain knowledge of the latest security technologies, some of which include;
* Intrusion Detection
* Log Aggregation, Correlation and Monitoring
* Vulnerability Management
* Next Generation Firewalls
• Knowledge of application security, hosted offerings, data centers, networks, facility operations, and business units
• Able to see and understand:
* The business needs for security in the context of a growing healthcare software and services company
* Key underlying issues in complex situations
• Ability to gain knowledge of MEDHOST business requirements and strategy
The Security Engineer candidate should also possess:
• Good interpersonal skills that include the ability to effectively communicate both written and verbal
• Relevant certifications (e.g., CISSP, CEH, Microsoft Certified: Security, Compliance, and Identity Fundamentals) are highly desirable.
• Technical Security and/or related education/experience
• Ability to automate / script solutions
• Exposure to large Information Systems organizations
• Must be detail oriented, organized, and have the ability to multi-task
• Ability to demonstrate supportive relationships with peers, clients, partners, and corporate executives
• Must be flexible with a “can do” attitude and have the ability to remain professional under high pressure situations
• Negative pre-employment drug tests
• Criminal and MVR backgrounds meet our company's hiring criteria