| Company | Stanford Health Care |
|---|---|
| Location | Remote-USA |
| Preferred GIAC Certifications | GSEC, GCIH, GDSA |
| Travel | 10% |
| Salary | Not provided |
| URL | https://careers.stanfordhealthcare.org/us/en/job/R2444549/Sr-IT-Security-Engineer |
| Contact Name | Anonymous |
| Contact Email | donotemail/at/sans.edu |
| Expires | 2025-01-19 |
Job Description
As a Sr IT Security Engineer, your primary responsibilities include implementing network segmentation strategies for campus environments using Cisco Identity Services Engine (ISE) to ensure proper access control and security measures. You will also utilize Network Admission Control (NAC) technology to enforce security policies and control device access. Additionally, you will be collaborating closely with Device owners, IT, Cybersecurity, and Network Operations teams to ensure seamless integration of these network segmentation solutions. You will be expected to stay updated on the latest security trends and best practices to effectively manage and secure our network infrastructure.
A Brief Overview
The Senior IT Security Engineer is responsible for leading the development of a robust IT security program designed to protect SHC assets from vulnerabilities and malicious activity, software, and code. Senior IT Security Engineers will additionally be responsible for analyzing and correlating information collected from a variety of sources to identify, investigate, and report vulnerabilities in the SHC environment, developing and implementing mitigation countermeasures for identified and potential threats, and leading the resolution of identified security incidents.
Locations
Stanford Health Care
What you will do
Document, maintain, and implement standards, policies, and procedures within security disciplines that may include vulnerability management, forensics, host and network-based intrusion detection, anti-virus/malware management, or data loss prevention.
Conduct research, analysis, and correlation across a wide variety of source data to identify and prevent compromise of SHC networks, host systems, and data, including:
o Analyze network traffic and host data to identify anomalous activity and potential threats to SHC resources;
o Establish alerting thresholds/triggers, analyze alerts from various sources within the enterprise, and determine possible causes and effects on SHC systems and data;
o Validate intrusion detection system (IDS) alerts against network traffic and host data sources using to root out false positives;
o Perform regular and ad-hoc vulnerability and malware scans to identify unauthorized access to SHC data systems and malicious code activity such as trojans, root kits, backdoors, bots, or malware.
Provide level 3 engineering support for security incidents and threats in the SHC environment, including:
o Perform initial incident triage, determining scope, urgency, and potential impact of security incidents;
o Respond to and resolve identified security incidents, maintaining contact with end users and the SHC service desk through resolution.
o Coordinate with network, data center, desktop, and application support teams as required to validate alerts, ensure incident resolution, and perform root cause analysis;
o Perform incident escalation to the appropriate SHC stakeholders as required.
o Perform forensic analysis on known security vulnerabilities and recommend risk mitigation procedures.
Provide technical consultation and direction on application design, architecture, and system performance as it relates to security.
Perform trend analysis and reporting on security incidents, identify technical and procedural findings, and recommend remediation strategies or technical solutions.
Participate in IT security audits as required.
Education Qualifications
Bachelor’s Degree in Engineering, Computers Science, or related field from an accredited college or university.
Experience Qualifications
Five (5) years of progressively responsible and directly related work experience.
Required Knowledge, Skills and Abilities
Strong knowledge and experience with tools, platforms, and protocols such as:
o TCP/IP, Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), and directory services
o Network security defense technologies such as IDS, IPS, Endpoint protection, DLP, NAC, Proxy, and WAF;
o Unix, Linux, Apple, and Windows operating systems;
o SCCM/SCOM;
o Mobile platforms.
Strong knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of Defense-in-Depth).
Ability to identify systemic security issues based on analysis of vulnerability and configuration data.
Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return-oriented attacks, and malicious code).
Licenses and Certifications
CISSP - Cert Information Systems Security Prof
CISM, OR GIAC
