Company: Employer Direct Healthcare
Posted on: January 16, 2022
The Security Engineer designs, implements, maintains, and
operates Information security (Operations) controls and tools in
support of Employer Direct Health's cyber-security program. The
Security Engineer implements security strategies and procedures to
complement business objectives in alignment with sound cyber-risk
management principles and standards. Provides guidance to Junior
security staff within the latitude of established policies.
Identify gaps and environmental vulnerabilities and recommend
enhancements to existing security architecture.
Responsibilities And Duties
- Configure and operate discovery tools and services to enumerate
and map enterprise networks and critical data.
- Configure and operate enterprise vulnerability assessment and
configuration assessment tools (i.e. Tenable) and integrate their
output into downstream systems in a relevant and usable manner
- Validate vulnerability findings for false positives and
negatives, and document findings for future use
- Develop repeatable and automated means for identifying the
responsible owner for each system affected by a vulnerability and
points of contact for remediation
- Works with MSSP to tune and build relevant content and alerting
structure within the enterprise SIEM aligned with EDHC threat
- Follows a standard methodology to identify and/or detect
threats to the IT infrastructure, applications, and other
- Demonstrate sustainability of newly implemented tools and
processes across all security domains.
- Identify, contain, mitigate, recover, and report on
cyber-security incidents affecting the enterprise and business
- Analyze and investigate adverse events and incidents using an
enterprise security information and event monitoring (SIEM), logs
from firewalls, IPS, servers, endpoints and other network devices
to determine TTPs, identify IOCs, evaluate and communicate impact,
and document RCAs appropriately.
- Collaborate and coordinate with peers and business unit teams
as needed to analyze and respond to adverse events and
- Research the latest threat intelligence, vulnerabilities,
exploits, and other relevant threat information and trends on
various attacks and attack landscapes for the healthcare
- Develop incident reports to include root-cause analysis,
incident impact, and remediation tracking. Assist with incident
runbook review and modifications.
- Perform endpoint forensic analysis as necessary in the course
of incident remediations and root cause analysis reports.
- Bachelor's degree in Cyber Security or Network Engineering (or
- 6 Years of experience in Security Operations (or 8 years in
lieu of degree)
- 2+ Years working with an enterprise EDR solution
- Demonstratable experience contributing to enterprise security
- Demonstrable understanding of various security methodologies
and processes, and technical security solutions
- Experience with Data access governance, DLP, CVSS, the MITRE
ATT&CK framework and the software development lifecycle
- Experience with cloud infrastructure and Azure Security
- Industry certifications such as GCIH, Security+, AZ-500, CYSA,
and any Vendor relevant Certs.
- Medical Insurance
- Dental Insurance
- Vision Insurance
- Short & Long Term Disability
- Life Insurance
- 401k with company match
- Paid Time Off
- Paid Parental Leave
Keywords: Employer Direct Healthcare, Dallas , Security Engineer, Engineering , Dallas, Texas
Didn't find what you're looking for? Search again!