Fallon Health Information Security Engineer in Worcester, Massachusetts
About Fallon Health
Founded in 1977, Fallon Health is a leading health care services organization that supports the diverse and changing needs of those we serve. In addition to offering innovative health insurance solutions and a variety of Medicaid and Medicare products, we excel in creating unique health care programs and services that provide coordinated, integrated care for seniors and individuals with complex health needs. Fallon has consistently ranked among the nation’s top health plans, and is accredited by the National Committee for Quality Assurance for its HMO, Medicare Advantage and Medicaid products. For more information, visit fallonhealth.org.
Brief Summary of Purpose:
The Information Security Engineer works under the guidance and direction of the Manager, Information Technology Security and Risk and is focused on proactive vulnerability assessment, threat detection, forensic investigation, and application security, and will participate in systems architecture, development, and deployment with a focus on security best practices. This position will be responsible for cyber security incident response, network monitoring and protection, understanding network exploitation techniques, and providing a strategy to mitigate risk while maintaining intrusion containment.
Primary Job Responsbilities
Provide information security subject matter expertise to developers, engineers, and business customers on risk assessments, vulnerability remediation, and threat detection techniques
Implement standards that meet existing and newly developed policy and regulatory requirements.
Perform regular and ad-hoc application security reviews, threat modeling, and vulnerability analysis
Perform information security assessments of information technology assets based on the NIST framework
Prepare technical reports based on findings and recommendations
Assist IT resources with analysis and interpretation of information system vulnerabilities identified.
Maintain the inventory and software baseline of servers used to scan non-enterprise information systems and applications.
Support the security posture of the organization through analysis of vulnerabilities of systems that host critical information, such as common web application and databases (e.g., Internet Information Server, Apache Web Server, SQL Database Server, and Oracle Database Server). This area may also include evaluating underlying vulnerabilities within Unix-like operating systems.
Enforce, maintain, and clarify the policies and procedures of the company.
- Bachelor's degree in Information Technology field (dependent upon experience)
- CISSP, GCIA or CISA preferred
7-10 years IT security or information security experience with a proven ability to engage with Senior Management and regulators.
Working knowledge of and experience with NIST CSF, NIST SP 800-53, HIPAA, and PCI DSS
Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk.
Experience with IPS/IDS and SIEM technologies.
Experience with information security incident handling, incident response, and reporting practices
Team player with excellent consultative, communication, writing and project management skills
Ability to prioritize and complete assigned tasks within defined timeframes
Demonstrated ability to develop, test, and implement remediation plans
Strong knowledge of current security threats, techniques, and landscape
Exceptional analytical, critical thinking and decision making skills
Demonstrated sound judgment and integrity
Experience in security aspects of multiple platforms, operating systems, software, communications, and network protocols.
Working knowledge of information security risk remediation.
Must be highly skilled and proficient in problem solving, with an aptitude and willingness to learn new technologies.
Strong technical background in networking and malware analysis.
This position requires predictable attendance to meet workload demands.
Fallon Health provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.
Posted Date 4 weeks ago (3/15/2021 4:28 PM)
Job ID 6272
# Positions 1
Category Information Technology