Sr. Information Security Engineer
Cancer care is all we do
Hope in healing
Cancer Treatment Centers of America® (CTCA), part of City of Hope, takes a unique and integrative approach to cancer care. Our patient-centered care model is founded on a commitment to personalized medicine, tailoring a combination of treatments to the needs of each individual patient. At the same time, we support patients’ quality of life by offering therapies designed to help them manage the side effects of treatment, addressing their physical, spiritual and emotional needs, so they are better able to stay on their treatment regimens and get back to life. At the core of our whole-person approach is what we call the Mother Standard® of care, so named because it requires that we treat our patients, and one another, like we would want our loved ones to be treated. This innovative approach has earned our hospitals a Best Place to Work distinction and numerous accreditations. Each of us has a stake in the successful outcomes of every patient we treat.
The Information Security Senior Security Engineer will be responsible for the management, maintenance, and engineering design of critical enterprise information security infrastructure components, including data loss prevention system, intrusion prevention, content filtering, log management (SIEM/SOAR), anti-malware, encryption, and other cyber security tools as well as IT infrastructure on premise and in the cloud. The successful engineer must be adept at installing, configuring, and updating these systems, as well as troubleshooting problems with either their performance, or with systems that integrate with them. Responsibilities will also include the utilization of these and various enterprise forensic tools to compile information in support of investigations.
- Researches, designs, implements, and operates cyber security solutions for CTCA systems and products that comply with all applicable security policies and standards including HIPAA, HITECH, CMS, and PCI. Design elements include working with vendors, advisory groups, participating in and maintaining the technical roadmap for the information security infrastructure. Meets with the Information Security team and Stakeholders at various CTCA locations when there is a business need.
Works with IT and internal and external business partners to ensure that security is factored in the evaluation, selection, installation and configuration process of hardware and software.
Analyzes and makes recommendations to improve network, system, and application architectures.
Examines network, server, and application logs to determine trends and identify and respond to security incidents. Monitor AWS, Azure, Google, Salesforce, and any other cloud infrastructure security and privacy and recommend appropriate configurations.
Assists in the review and update of cyber security policies, procedures, architectures, and standards.
Assists in conducting and responding to audits, penetration tests and vulnerability assessments. Participate in the change management and application review process.
And other duties as assigned including on call rotation.
Skills, Education and Additional Information
- Four-year university degree or college diploma in the field of Information Security, Computer Science, Information Systems, or related field is preferred. Demonstrable evidence of 13+ years’ experience as a Security Engineer may be substituted.
- Certified information systems security professional (CISSP) or Badge from winning a top CTF (capture the flag) contest.
- 8+ years of experience in cybersecurity, especially in a security engineering role.
- Direct, hands-on experience or strong working knowledge of managing security infrastructure - e.g., firewalls, IPS, web application firewalls (WAFs), endpoint protection, SIEM, and DLP technology as well as vulnerability and configuration management tools.
Demonstrate strong knowledge, skills, and competencies necessary to be highly effective in the role:
- Technical expertise in network security knowledge including VPN, firewall, network monitoring, intrusion detection, web server security, wireless security, endpoint protection, SIEM, DLP, anti-malware, content filtering, vulnerability and configuration management tools, cloud, and the Internet of Things (IoT)
- Experience with at least one scripting language (e.g., Perl, Python and PowerShell)
- knowledge of IT infrastructure including securing: Applications, Databases, Operating systems (Windows, Unix/Linux, and Mac), Hypervisors, IP networks (WAN and LAN), Storage networks, CI/CD pipelines, backup networks and media
- knowledge of IAM technologies and services using: Active Directory, Azure Active Directory, LDAP, Privileged Access Management, MFA, and AWS IAM
- knowledge of common vulnerabilities and exploitation techniques
- knowledge of manual or technical reviewing application code for security vulnerabilities.
- knowledge of legal and regulatory requirements including HIPAA, HITECH, CMS, and PCI
- knowledge of standards and frameworks including ITIL and NIST: Asset, configuration, incident, problem, change, and vendor/supplier management
- knowledge and understanding of risk management processes
Demonstrate the following key behaviors and competencies:
- Understands organizational mission, values, and goals and consistently applies this knowledge.
- the ability to interface with, and gain the respect of, stakeholders at all levels and roles in CTCA
- Confident, energetic self-starter, with strong interpersonal skills
- good judgment, a sense of urgency and has demonstrated commitment to high standards of ethics, regulatory compliance, customer service and business integrity
- Instinctive and creative
- ability to effectively influence others to modify their opinions, plans, or behaviors
- decision-making capabilities, with the ability to weigh the relative costs and benefits of potential actions and recommend the most appropriate one
- problem-solving and trouble-shooting skills
- Highest ethical standards and values
Each CTCA employee is a Stakeholder, driven to make a true difference and help win the fight against cancer. Each day is a challenge, but this unique experience comes with rewards that you may never have thought possible. To ensure each team member brings his or her best self, we offer exceptional support and immersive training to encourage your personal and professional growth. If you’re ready to be part of something bigger and work with a passionate, dynamic group of care professionals, we invite you to join us. Visit: Jobs.cancercenter.com to begin your journey.
We win together
Each CTCA employee is a Stakeholder, driven to make a true difference and help win the fight against cancer. Each day is a challenge, but this unique experience comes with rewards that you may never have thought possible. To ensure each team member brings his or her best self, we offer exceptional support and immersive training to encourage your personal and professional growth. If you’re ready to be part of something bigger and work with a passionate, dynamic group of care professionals, we invite you to join us.
Visit: Jobs.cancercenter.com to begin your journey.