Senior Cybersecurity Engineer

Summary

Join AssistRx, Inc. as a Cyber Security Engineer and contribute to a secure environment for the business. You will identify and mitigate threats and vulnerabilities, implement high-tech solutions, and manage operational security functions. Responsibilities include managing security requests, investigating alerts, conducting user access reviews, and maintaining security documentation. You will also contribute to internal control testing related to audits and manage endpoint and network security environments. The ideal candidate will have strong knowledge of information security technologies and processes, experience with various security tools, and excellent communication skills.

Requirements

• A Bachelor's degree or higher in Computer Science, Electrical Engineering, Information Assurance, Network Security Computer Engineering or a related field, or equivalent experience
• 5+ years of Information Security / Cybersecurity experience
• Strong knowledge of Information Security / Cybersecurity related technologies, processes, and tools
• Working knowledge of Office 365 security concepts, policies, settings, alerting, audit logging, security and compliance center, cloud app security and investigations is required
• Experience identifying assets (e.g. servers, network devices, applications), identifying network layouts and determining security risk and potential solutions
• Excellent oral and written communication skills

Responsibilities

• Monitor and manage the Information Security request queue, including analysis and resolution of outstanding issues and process improvement
• Manage endpoint and network security environments including overall health, policy modifications, troubleshooting/resolving issues and producing monthly health metrics for workstations, servers, and identities
• Work directly with the Security Operations Center (SOC) to analyze and resolve security events/alerts. Including
• Monitoring and management of the SIEM platform
• Managing the logging health of various log sources (e.g. Windows and Linux systems, cloud infrastructure and services, and network and security infrastructure)
• Works directly with Information Security Engineering and Governance, Risk and Compliance (GRC) resources as needed to investigate and resolve issues
• Supports and manages the vulnerability management platforms for infrastructure and application scanning. Including
• Development and maintenance of scanning policies
• Onboarding assets
• Reporting
• Validation and false positive research
• Remediation tracking
• Process improvement
• Conduct internal security control testing. Includes gathering, uploading, and reviewing evidence within the GRC (Governance, Risk and Compliance) tool
• Supporting PCI, SOC1/2, HIPAA, and client security assessments
• Manage and maintain Information Security training and awareness campaigns (e.g. training, phishing)
• Developing/monitoring campaigns, ensuring required training is complete, producing reports/metrics and recommending improvements to the current process

Preferred Qualifications

• Security focused degree and/or certifications a plus (e.g. BS/MS in Cybersecurity or related discipline, CEH, OCSP, CISSP, CISA, CompTIA Security+, etc.)
• Familiar with network security concepts and products (e.g. firewall (Palo Alto, Cisco), network (e.g. Cisco, Meraki), email (O365). Cisco Umbrella a major plus)
• Familiar with endpoint security products and concepts (e.g. malware protection, network protection, forensics, DLP, compliance. Bitdefender a plus)
• Familiar with security monitoring (SIEM), analysis and resolution of security events/alarms (AlienVault a plus)
• Familiar with identity and access management concepts (e.g. Azure Active Directory, SSO, user access reviews)
• HIPAA and healthcare experience a plus
• Understanding of SDLC process is a plus

Benefits

• Competitive pay structure
• Matching 401(k) with immediate vesting
• Medical, dental, vision, life, & short-term disability insurance