Principal Cybersecurity Engineer- XDR/SIEM Job at Fairview Health Services in Mi
Fairview Health Services, Minneapolis, MN, United States
Overview:
Principal Cybersecurity Engineer SIEM/EDR provides technical leadership to craft, build, deploy and support Cyber Security and Risk management tools and help driving Cybersecurity maturity for M Health Fairview. The principal role is knowledgeable in one or more Cybersecurity functional areas and collaborate with multiple technical and business teams to craft and build usable, stable, and scalable solutions.
Some of the benefits we offer at Fairview include medical insurance - as low as $0, dental insurance - $0 option, PTO (up to 24 days per year starting), and 403B with up to a 6% employer match! To view our benefits at Fairview. Please click here to learn more!
We find those that exceed in this role exhibit these characteristics: High standard of creative prioritization skills and priority setting. Shown focus on customer service with every interaction. Excellent public relations and interpersonal skills. Work as an effective team member to deliver outstanding care. Ability to use appropriate computer applications. Capable of working independently, demonstrate critical thinking skills. Comfortable accepting change and encouraging those around you to engage in ongoing process improvement. An understanding of Dignity, Integrity, Service, Compassion and Innovation. When working at M Health Fairview, we want to support our employees growth, honor their strengths and give them the freedom to feel empowered to make a difference in the lives of others.
Responsibilities/Job Description:- Coordinate design, build, customization and configuration of Cybersecurity tools allowing integrations including applications via standard API and support on-premises and/or cloud based.
- Provide leadership to update, transform legacy IT, business systems, and provide technical mentorship to other teams to secure systems and help minimize risk
- Improve policies, procedures, standards for Cybersecurity groups and develop blueprint for updating existing security tools and technologies to meet evolving business needs.
- Collaborate with Enterprise Architecture and Security Architects, principal engineers to brainstorm, design and develop frameworks aligning with NIST CSF standards.
- SIEM design, related components, and the confidentiality, integrity, and availability (CIA) of logs.
- Implement, lead, and maintain event and log collection, reporting and compliance requirements, incident response, forensic, solving and security issues requiring event details.
- Maintain up-to-date knowledge of security threats, vulnerabilities, and mitigations set forth to reduce attack surface.
- Tune the SIEM with threat intelligence sources (e.g., premium, industry-shared, open-source and dark web), and correlate event indicators and threats.
- Server as principal EDR Engineer for design, completing engineering tasks around systems, implementation, integration, and optimization of XDR/EDR solution, preferably Palo Altos Cortex XDR.
- Build advance features in EDR (network mapper, host-based FW, dashboards, reporting tools, Etc.) and integrate SIEM/EDR with automation tool such as XSOAR
- Openly support the CISO, management team and executive leadership, even during tumultuous times.
- Analyze risk and prioritization of vulnerability remediation using MITRE ATT&CK within the greater context of assets and the control stack
- Collaborate with vendors, health and business partners to ensure security remediation landmarks; identify and remediate gaps including tool/technology deficiencies
- Lead projects related to Cybersecurity Engineering, automation, risk management, compliance, and threat management areas.
- Mentor team members as needed. Adapt and accept change and demonstrate flexibility in taking up and fulfilling other duties as assigned.
- Participate and lead/represent M Health Fairview in industry forums and relevant technical briefings to understand advancements in Cybersecurity and Risk Management areas.
Organization Expectations, as applicable:
- Ability to provide care or service adjusting approaches to reflect developmental level and cultural differences of population served.
- Communicates in a respective manner and ensures a safe, secure environment.
- Fulfills all organizational and learning requirements
- Follows and maintains knowledge of all relevant laws, regulation, policies, procedures, and standards.
- Supports improvement, efficiency, and innovative thinking.
Qualifications:
Required Qualifications
- Bachelors degree in computer science, Computer Engineering, Technology Information Systems, Engineering, or similar subject area, or combination of experience/education
- 15+ years of cumulative experience in architecture, design, customization/development and/or support of IT Systems
- 7+ years of experience in SIEM solutions, specifically Sumo Logic implementation (and) operational support and Cortex XDR deployment experience including advance features
- 3+ years of integration/automation experience in SIEM/EDR tools
- Excellent understanding of fundamentals of systems, frameworks, development methodologies, network, firewalls, communication layers, devices/end points, computing environment
- Ability to author and edit scripts such as PowerShell, Python, and domain expertise and knowledge of REST API and JSON batching and workflow automation
- Experience working crafting and/or engineering Web, Mobile, Cloud hosted Applications, software security, security frameworks
- Ability to develope in a sense-of-urgency environment and leverage standard methodologies
- Communicate both verbally and written with all levels within the organization, collaborate, and mediation skills
- Ability to visually represent technical, logical and system interaction concepts and adjust messaging based on the audience, including non-technical groups, using MS Visio Pro and PowerPoint
Preferred Qualifications
- Bachelors degree or higher in Computer Science, Computer Engineering, Digital Forensics, Cybersecurity and/or related technical subject area.
- Prior experience as Senior Security Engineer/Senior Developer or Senior Analysts engineering and/or supporting cybersecurity tools & solutions for Healthcare organizations
- Technical certifications in any of the fields Security technologies & tools, Development Methodologies and frameworks, Cloud and Mobile Applications
- Industry recognized professional certifications Security+, TOGAF, SANS, CISSP,Cism, cisa