Information Security Engineer III

Job Summary

The Information Security Engineer III is responsible for designing and developing technologies and processes to monitor operation of IT systems to detect suspicious activity that could indicate an attempted or actual intrusion into the enterprise network.

• Apply creative thinking in problem solving and identifying opportunities for improvements in security
• Administer and configure network and computing devices/systems that enforce security policies and IT internal controls
• Share ideas, discuss alternatives, and recommend means to decrease vulnerability of systems, applications and processes
• Monitor vendor and other advisory systems for patches and other security alerts, actively driving ongoing vulnerability remediation efforts in cooperation with IT teams
• Design and implement technical solutions to contractual and regulatory requirements with a particular focus on HIPAA compliance needs
• Assist in completion of and responses to internal and external security assessments and audits
• Recommend, complete, and/or coordinate the application of fixes, patches, and updates assessed to be important to the security of the enterprise
• Research emerging technologies in support of security enhancement and development efforts
• Provide subject matter expertise and assistance with risk assessments, penetration tests, internet/extranet security assessments, intrusion attempts, and cyber‑crime response efforts
• Perform project leadership tasks on select security projects and other IT projects requiring security integration and coordination
• Perform any other job duties as requested

• Bachelor of Science/Arts Degree in Information Technology (IT), Management Information Systems (MIS), or related computer science field or equivalent technical work experience is required
• At least eight (8) years of hands‑on, Information Technology experience is required
• At least five (5) years of Information Security or IT audit experience is required
• Significant experience in server/network administration, network engineering, and/or application development is preferred
• Experience demonstrating HIPAA, Sarbanes‑Oxley (SOX), and/or Payment Card Industry Data Security Standard (PCI‑DSS) compliance desired
• Implementing and maintaining Azure/Office
  365 security controls required
• Implementing and maintaining a CASB (Cloud Access Security Broker) required
• Implementing and maintaining Cloud DLP (Data Loss Prevention) controls preferred
• Implementing and maintaining security controls for Amazon Web Services preferred

• Intermediate to advanced proficiency level with Microsoft Word and Excel
• Excellent written and oral communication skills
• Solid familiarity with application, server, and network security is required
• Proficient working knowledge of security technologies such as access management (authentication and authorization), security monitoring, and data encryption
• Working knowledge of computer networking and secure Internet protocols (e.g., SSL, IPSEC, and TCP/IP protocols)
• Working knowledge of Microsoft Windows operating systems, Microsoft Active Directory, and computer networking
• Customer service orientation
• Effective oral and written communication skills
• Ability to work independently and within a team environment
• Strong analytical, evaluative, and problem‑solving abilities
• Critical listening and thinking skills

• Global Information Assurance Certification (GIAC)
• Certified Information Systems Auditor (CISA)
• System Security Certified Practitioner (SSCP)
• Certified Information Systems Security Professional (CISSP)

General office environment; may be required to sit or stand for extended periods of time.

Compensation Range: $94,100.00 - $

Care Source is an Equal Opportunity Employer.

This job description is not all inclusive. Care Source reserves the right to amend this job description at any time.