Our Partner is hiring a Security/Network Engineer. Their flexible work environment presents a unique security opportunity to work with a team and organization that presents endless potential to evaluate, test, and deploy secure solutions across their global organization. You will work closely with Engineering and Application counterparts to implement Network and Security polices to support production needs of the Business. This Engineer is responsible for implementing network and security best practices with regard to network, infrastructure and application requirements for on premises and cloud deployments. The Security / Engineer will help establish and implement solutions to difficult engineering and security problems. The Security / Engineer will mature enterprise security solutions to meet business goals and support global IT counterparts. The role identifies assets and assess risks, threats and vulnerabilities in accordance with accepted business and regulations to ensure security design integrity, availability, and confidentiality compliance.
What you’ll do:
Service Delivery – 40%
- Provide leadership to deploy, monitor, test and tune network security devices and systems to provide optimal security and performance.
- Support and deploy network routing and switching hardware and software in accordance with established network policies.
- Design and deploy state-of-art technology to meet the business needs and interface with business units regarding technical planning and network issues.
- In coordination with the Architects, develop security migrations plans, research solutions to security technical issues, and provide security technical leadership and guidance during the engineering design and build phase.
- Provide automation scripts that help identifies issues on a regular basis.
- Utilize best practices and risk tolerances frameworks.
- Perform system testing and recommend remediation efforts for system vulnerabilities.
Operational Delivery – 30%
- Monitor network and security controls, audit devices and detect for possible security incidents.
- Monitor for network performance, potential threats, identification of trends, and assessment of system vulnerabilities and performance.
- Working with the Architect investigate current cyber security threats and provide IT leadership with timely communication updates.
- Working with the Architect assist with infrastructure and application security architecture design and implement solutions to difficult engineering and security problems.
- Drive the use of security tools to analyze, assess, and prioritize resolution based on the potential impact.
- Working with the Architect assist in the develop enterprise security solutions to meet business goals and support IT counterparts around the globe.
- Work with teammates and the larger security community to maintain and improve security tools that align and facilitate modern security best practices.
- Enforce all company policies and procedures.
Organizational Growth – 30%
- Along with the Architect plan, research, design, and implement elements of information security hardware and software technologies.
- Research, recommend and develop security and risk mitigation solutions
- Prepare documentation, including department policies and procedures, business notifications, and security alerts.
What you’ll bring:
- FirePower: 2+ years’ experience, good troubleshooting skills, day to day work creating DMZ’s, troubleshooting failover, pre-config of device for lifecycle.
- FMC: 2+ years’ experience, edit rulesets, troubleshoot devices and FMC errors/logs
- AnyConnect: 2+ years’ experience, basic troubleshooting
- ISE: 2+ years of experience, day to day maintenance
- ASA – VPN: 2+ years’ experience, basic troubleshooting of AnyConnect and client VPN issues
- Palo Alto firewalls: 3+ years’ experience (firewalls and Panorama), firewall configuration as well as rule base and updates of software
#LI-TB1
Do you have a passion for cyber security? Do you enjoy solving complex technical problems? Do you work well under pressure and in a fast-paced work environment? If so, come join Carex’s partner’s Information Security Team!
Our partner is looking for a cyber security professional to join their Information Security team as a Senior Information Security Analyst. The Senior Information Security Analyst has the important role of assessing information risk and facilitating remediation of identified vulnerabilities for IT security and IT risk across the enterprise. This role will conduct in-depth security analysis including the monitoring of systems and implementation of security controls. Ability to work with multiple security platforms and layers including anti-virus, firewalls, encryption, Intrusion Prevention Systems, EDR (Endpoint Detection and Response), logging correlation/management, operating systems, protocols, and incident response. This position will also analyze security risks, recommend, and implement security safeguards for new technologies including cloud deployments and AI solutions.
Benefits:
- Knowledgeable team with ample opportunities for career and professional development, mentorship, and growth
- Ability to impact business strategy and operations
- Flexible scheduling available, strong work/life balance and autonomy
- In-person, hybrid, or telecommute work options available
- Starting Salary range: $82,000 – $95,000/year plus robust total rewards package
What you’ll do:
- Conduct in-depth technical reviews of new and existing IT systems to identify the appropriate mitigation strategies required to bring these systems into compliance with established policy and industry guidelines.
- Perform assessments of the IT security/risk posture within the IT network systems and software applications, in addition to assessments with vendor managed solutions.
- Interpret, monitor, and assess security systems and related projects for potential risks, violations, and adherence to the corporate Information Protection Program which includes but not limited to:
- Intrusion protection, secure file transfer, data loss prevention, email encryption, firewalls, log management/correlation, secure password storage/retrieval, application whitelisting, and vulnerability management.
- Guide junior analysts on implementing/monitoring security controls.
- Conduct periodic reviews of deployed security technologies to ensure that the solutions continue to provide the intended protections efficiently and effectively.
- Facilitate penetration testing and audit participation, where applicable. Participate in the collection of security process/control details and artifacts in support of internal and external IT audits and assessment activities.
What you’ll bring:
- Bachelor’s degree in computer science or related field OR relevant work experience will be considered in lieu of education
- 6+ years of relevant experience in Information Security related positions
- Certified Information Systems Security Professional (CISSP) or related certification
- Advance knowledge of personal computers, Microsoft TCP/IP Networking, and security techniques
- Experience with IT controls such as NIST 800-53 r4, HIPAA, and SSAE 18
- Advance understanding of security monitoring and reporting appliances; leading and analyzing security reporting
- Moderate to complex knowledge of operations analysis of security events within Security Information and Event Management solutions
- Create strong relationships and provide positive experiences for internal and external partners
- Ability to understand and discuss technical software issues with others
- Ability to manage multiple projects simultaneously, work under pressure, and adapt to change
- Ability to work as part of a team in an environment that facilitates information exchange
This is a direct-hire, fully-remote position.
#LI-TB1
Our Partner is hiring a Security Operations Business Applications Specialist. We are looking for a passionate, innovative, security professional to join the IT Security team. You will be responsible for building/improving processes and standards, vulnerability management, cyber training, driving compliance, and translating security information between development teams and IT leadership. This position reports to the Director, IT and Security. It is a hands-on position and requires participation in the various activities from planning through execution to meet the desired objectives.
What you’ll do:
- Achieve success by effectively and efficiently managing the security operations function for the company ensuring we remain safe.
- Monitor reports/logs from security vulnerability tools (Qualys preferred), partner with Dev and Cloud teams to reduce vulnerabilities
- Review and understand logs and alerts from security tools
- Manage and respond to alerts (24/7) from third party tools and communications
- Manage the annual security training activities for all team members (mange users, track/drive completion compliance, update security awareness training content)
- Manage the regular Phishing testing (create content, track responses, generate reporting)
- Assist the Director, IT and Security to assist in establishing and executing the business continuity, disaster recovery, incidence response strategies.
What you’ll bring:
- Minimum of 1-3 years security operations experience
- Hands-on experience with vulnerability management tools (understanding reports and alerts)
- Strong knowledge of Qualys, Crowdstrike, Arctic Wolf
- Understanding of PCI-DSS, PIPEDA, and CCPA compliance requirements
#LI-TB1
Our partner is looking for a Remote Senior Information Security Analyst’s to be the internal point of contact and administrator for HITRUST certification and maintenance. The Senior Information Security Analyst also generally works to ensure both the partner's platform and the broader team maintain compliance surrounding HIPAA, HITRUST, and general cybersecurity best practices. Working in conjunction with the CTO, the Senior Information Security Analyst develops, refines, and enforces policies and procedures across the organization.
This position reports to the Chief Technology Officer.
Core Responsibilities
- Assessing information risk
- Reporting on and facilitating remediation of identified vulnerabilities for IT security and IT risk across the organization
- Manages the continuous protection of systems and information assets by contributing to or leading teams in the execution and implementation of information security defense improvements involving architecture, processes, tools and automation
- Assists in establishing, reviewing and maintaining security related policies, plans, processes and procedures to contribute toward the protection of critical business functions from disruption due to system failure or unavailability and to ensure enterprise applications have appropriate protections in place
- Collaborates with IT staff and external security vendors to monitor the security posture of all networked systems and leads efforts to take appropriate steps to quickly deal with any identified vulnerabilities
- Provides network and security expertise and guidance for all aspects of information assurance
- Maintains a high level of technical expertise on server/network hardware and software and appropriate security tools
- Assists in the selection, evaluation, and implementation of information system security infrastructure and strategic and operational planning
- Supports efforts to meet HIPAA and HITRUST requirements utilizing established security framework, leading/contributing efforts toward assessment completion and action plan follow through
- Performs duties in compliance with and according to organizational policies and procedures, regulatory requirements and sound business practices.
Knowledge / Skills / Abilities
- Bachelor’s Degree from an accredited university or college in Computer/Information Science/Business required.
- Minimum of six (6) years of technical experience in an enterprise-wide system, network or security-related IT position. Equivalent combination of experience and education (min Bachelors) may be considered.
- Leadership, project management, use of methodology, time management and organizational skills to direct security efforts with the project team.
- Demonstrated ability to lead high visibility projects, to work effectively and carefully under pressure, to meet project deadlines, to learn independently, to communicate effectively with a variety of people and to write well is required.
- Demonstrated ability to work cooperatively and strategically in a team environment with all levels of professional, technical, and administrative staff
- Excellent interpersonal and communication skills
- Ability to deal with highly confidential information and act as a liaison between the Chief Technology Officer, the Data Science teams, and Engineering teams
- Skills to collaborate with and achieve actionable results through and with others
- Ability to build strong and sustainable relationships
We encourage people from historically underrepresented communities in technology to apply, including but not limited to women, people of color, people with disabilities, people of all age brackets, people with complex work and life histories, and those who identify as LGBTQ. We are a distributed team with hubs in the Denver area and Madison. Denver/Boulder is preferred, but candidates living anywhere are encouraged to apply and will not be required to relocate. US work authorization required.
Their healthtech partner seeks an experienced Head of Security Operations to support its growing technology team.
Working in concert with their security vendors, the Head of Security Ops’s role is to be the internal point of contact and administrator for HITRUST certification and maintenance. The Head of Security Ops also generally works to ensure both the platform and the broader team maintain compliance surrounding HIPAA, HITRUST, and general cybersecurity best practices. Working in conjunction with the CTO, the Head of Security Ops develops, refines, and enforces policies and procedures across the organization. This position reports to the Chief Technology Officer.
The Head of Security Ops is generally responsible for:
- Policy and Procedure Stewardship
- Working under the direction of the Agathos Head of Security Ops and CTO,
enhancing existing policies and procedures and enforcing compliance relative to
user provisioning, IAM, change control, firewall rules, and mobile device
management using JAMF
- Management of staff adherence to policies leveraging of third-party tools, such
as myVCM or others
- Familiarity with protected healthcare data in the context of HIPAA and HITRUST
- Regular consulting for the engineering and data science teams surrounding data
pipeline components to support security requirements and compliance
- Participation in governance structures to oversee change control, policies and
procedures, network security, and data privacy
- Acting as lead facilitator for customer security reviews relative to onboarding at –
new hospitals
- HITRUST Program Management
- Working with their HITRUST vendors, serving as organizational point of contact
and administrator for HITRUST certification and maintenance
-
- Continuously improving internal processes to support certification requirements,
and working with the CTO to shorten the feedback loop between flagged issues, remediation, and auditable proof of resolution
-
- Generally maintaining an auditable security posture
- Team Training
- Conducts or facilitates the providing of regular HIPAA and cybersecurity training for all organizational staff
- Security Team Management
- As the organization grows, security infrastructure engineers will report directly to the Head of Security Ops
- Responsibility for creating clarity of roles and responsibilities for infrastructure engineers
- Working with infrastructure engineers, creating strategically meaningful quarterly
- OKRs and KPIs, and supporting the team to execute against targets
What You’ll Bring:
- Demonstrated ability to work cooperatively and strategically in a team
- environment with all levels of professional, technical, and administrative staff
- Excellent interpersonal and communication skills
- Ability to deal with highly confidential information and act as a liaison between
- the Chief Technology Officer, Head of Security Ops, the Data Science teams, and Engineering teams
- Skills to collaborate with and achieve actionable results through and with others
- Ability to build strong and sustainable relationships
#LI-TB1