Job Title: Security Engineer

Location: Remote

Duration: 3+ Months (Contract to Direct Hire)

Job Description:

• The Network and Data Security Engineer safeguards the network perimeters, internal network segments, and data stores.
• Oversees firewalls, network intrusion detection/prevention (IDS/IPS), network segmentation, and manages email security defenses.
• Also administers data protection technologies – e.g. data classification, Data Loss Prevention (DLP), encryption for data at rest and in transit – to protect sensitive clinical and patient information.
• By focusing on both network traffic monitoring and safeguarding data, this function covers key “Protect” controls (in NIST terms) to uphold confidentiality and integrity of data.

Minimum Education:

• Associate's degree - Computer Science or a related field OR the equivalent combination of experience and education that would demonstrate the capability to successfully perform the essential functions of this position.

Minimum Experience:

• 5 years - Experience in Information Security.
• Key Skillset - Hands-on experience with email defense (Proofpoint) and Network security - not only Zscaler, but someone in InfoSec that can work closely with Networking for alignment.

Preferred

• Healthcare experience.
• PCI, HIPAA, NIST experience.
• Security control concepts: physical, logical, and administrative.

Key Responsibilities & Accountabilities:

• Assist SOC with monitoring IDS/IPS, firewall, and email alerts.
• Assist with responding to DLP alerts and escalate potential exfiltration.
• Validate operational state of critical network security systems.
• Review quarantined items or blocked traffic requiring validation.
• Assist with Tuning firewall, IPS, and email security rules.
• Validate segmentation controls for key systems.
• Review DLP policy accuracy and refine triggers.
• Coordinate with SOC on correlated events.
• Perform firewall rule reviews/cleanup.
• Audit data flows for PHI/PCI/sensitive systems.
• Conduct architecture assessments for upcoming changes.
• Review encryption posture.
• Publish network and data protection metrics.

Incident & RACI Expectations:

• Responsible for coordinating remediation on network segmentation, firewalling, and intrusion prevention.
• Consulted during major incidents to identify root causes and remediation guidance.

Licenses/Certifications

• One (or more) of the following security certifications: ISC2 certificates, GIAC certificates, CISM/A, CEH, etc.

Apply now