MetroPlus Health Plan
IT Security Engineer
MetroPlus Health Plan, New York, New York, us, 10261
IT Security Engineer
Job Ref:
99336Category:
Information TechnologyDepartment:
MHP INFORMATION SECURITYLocation:
50 Water Street, 7th Floor, New York, NY 10004Job Type:
RegularEmployment Type:
Full-TimeHire In Rate:
$117,000.00Salary Range:
$117,000.00 - $127,000.00Empower. Unite. Care.MetroPlusHealth
is committed to empowering New Yorkers by uniting communities through care. We believe that healthcare is a right, not a privilege. If you have compassion and a collaborative spirit, work with us. You can come to work being proud of what you do every day.About NYC Health + HospitalsMetroPlus Health
provides the highest quality healthcare services to residents of Bronx, Brooklyn, Manhattan, Queens and Staten Island through a comprehensive list of products. As a wholly-owned subsidiary of NYC Health + Hospitals, the largest public health system in the United States, MetroPlus Health 's network includes over 27,000 primary care providers, specialists and participating clinics.Position OverviewThe security engineer is responsible for implementing, maintaining, monitoring and managing secure solutions. The engineer delivers these solutions in accordance with the organization's architectural designs, best practices, and regulatory or compliance requirements. As risks change, the security engineer is responsible for recommending modifications and enhancements to ensure the organization is evolving with the threat landscape.The security engineer is expected to contribute to the corporate security strategy with security leadership and other senior security staffers and technologists. Recipients of the engineer's implementations and management include IT infrastructure, application development, security operations, security audit and end users.Job DescriptionHandle day-to-day implementation, monitoring and operational support of security hardware, software, customer applications, and managed solutions.Actively participate in security team meetings that facilitate secure design.Engage in information security projects that evaluate existing security infrastructure and propose changes as defined by security leadership and architects.Assist with incident response and system stability issues as they occur.Implement solutions observing compliance - Health Information Portability and Accountability Act (HIPAA), Payment Card Industry (PCI), New York State Department of Financial Services Cybersecurity Requirements (23 NYCRR 500).Work in tandem with architects, the security operations center (SOC), incident responders, and technology infrastructure and development team members.Respond to and handle service and escalation tickets within SLA expectations.Develop security test plans from architectural design. Identify deficiencies and make enhancements.Participate in change project and change management meetings as required.Research, validate and deploy solutions meeting security and business needs.Follow security engineering fundamentals and processes as outlined in NIST 800-160.Influence the planning and execution of incident response and postmortem exercises.Focus on driving security efficiencies.Conduct performance testing to stress the limitations of security solutions.Perform other duties as assigned.Minimum QualificationsBachelor's degree in computer science, information assurance, Cybersecurity or related field, or equivalent.10+ years of related experience required.Licensure and/or Certification RequiredCISSP (preferred); CISM and/or SANS certification or Cisco-related certifications a plus.Professional CompetenciesExperience with:Microsoft Azure or Amazon Web Services (AWS).Vulnerability tools such as Rapid7, Qualys, Nessus, NMAP, Kismet, Airsnort.SIEM platforms and technologies.Private and Public PKI Infrastructure.Network security management, design, and deployment.DevOps background with experience in compliance obligations.Experience with one or more of the following standard frameworks:ISO 27001, NIST, PCI Data Security Standard (PCI DSS), HIPAA, HITECH Act, CIS standards or SOC 2.Working knowledge of Windows and Linux.Familiarity with state privacy laws.Ability to think strategically and tactically, with effective decision-making skills.Highly trustworthy; leads by example.Experience supporting and utilizing SIEM platforms.Working technical knowledge of Advance Threat Protection tools.Next Generation Firewalls (NGFW), Software-Defined Wide Area Networking (SD-WAN).Detection/Prevention Systems: Anomaly-based, signature-based, and host-based.DLP and Data in rest encryption.#L-Hybrid
#J-18808-Ljbffr
Job Ref:
99336Category:
Information TechnologyDepartment:
MHP INFORMATION SECURITYLocation:
50 Water Street, 7th Floor, New York, NY 10004Job Type:
RegularEmployment Type:
Full-TimeHire In Rate:
$117,000.00Salary Range:
$117,000.00 - $127,000.00Empower. Unite. Care.MetroPlusHealth
is committed to empowering New Yorkers by uniting communities through care. We believe that healthcare is a right, not a privilege. If you have compassion and a collaborative spirit, work with us. You can come to work being proud of what you do every day.About NYC Health + HospitalsMetroPlus Health
provides the highest quality healthcare services to residents of Bronx, Brooklyn, Manhattan, Queens and Staten Island through a comprehensive list of products. As a wholly-owned subsidiary of NYC Health + Hospitals, the largest public health system in the United States, MetroPlus Health 's network includes over 27,000 primary care providers, specialists and participating clinics.Position OverviewThe security engineer is responsible for implementing, maintaining, monitoring and managing secure solutions. The engineer delivers these solutions in accordance with the organization's architectural designs, best practices, and regulatory or compliance requirements. As risks change, the security engineer is responsible for recommending modifications and enhancements to ensure the organization is evolving with the threat landscape.The security engineer is expected to contribute to the corporate security strategy with security leadership and other senior security staffers and technologists. Recipients of the engineer's implementations and management include IT infrastructure, application development, security operations, security audit and end users.Job DescriptionHandle day-to-day implementation, monitoring and operational support of security hardware, software, customer applications, and managed solutions.Actively participate in security team meetings that facilitate secure design.Engage in information security projects that evaluate existing security infrastructure and propose changes as defined by security leadership and architects.Assist with incident response and system stability issues as they occur.Implement solutions observing compliance - Health Information Portability and Accountability Act (HIPAA), Payment Card Industry (PCI), New York State Department of Financial Services Cybersecurity Requirements (23 NYCRR 500).Work in tandem with architects, the security operations center (SOC), incident responders, and technology infrastructure and development team members.Respond to and handle service and escalation tickets within SLA expectations.Develop security test plans from architectural design. Identify deficiencies and make enhancements.Participate in change project and change management meetings as required.Research, validate and deploy solutions meeting security and business needs.Follow security engineering fundamentals and processes as outlined in NIST 800-160.Influence the planning and execution of incident response and postmortem exercises.Focus on driving security efficiencies.Conduct performance testing to stress the limitations of security solutions.Perform other duties as assigned.Minimum QualificationsBachelor's degree in computer science, information assurance, Cybersecurity or related field, or equivalent.10+ years of related experience required.Licensure and/or Certification RequiredCISSP (preferred); CISM and/or SANS certification or Cisco-related certifications a plus.Professional CompetenciesExperience with:Microsoft Azure or Amazon Web Services (AWS).Vulnerability tools such as Rapid7, Qualys, Nessus, NMAP, Kismet, Airsnort.SIEM platforms and technologies.Private and Public PKI Infrastructure.Network security management, design, and deployment.DevOps background with experience in compliance obligations.Experience with one or more of the following standard frameworks:ISO 27001, NIST, PCI Data Security Standard (PCI DSS), HIPAA, HITECH Act, CIS standards or SOC 2.Working knowledge of Windows and Linux.Familiarity with state privacy laws.Ability to think strategically and tactically, with effective decision-making skills.Highly trustworthy; leads by example.Experience supporting and utilizing SIEM platforms.Working technical knowledge of Advance Threat Protection tools.Next Generation Firewalls (NGFW), Software-Defined Wide Area Networking (SD-WAN).Detection/Prevention Systems: Anomaly-based, signature-based, and host-based.DLP and Data in rest encryption.#L-Hybrid
#J-18808-Ljbffr