Overview

CommonSpirit Health was formed by the alignment of Catholic Health Initiatives (CHI) and Dignity Health. With more than 700 care sites across the U.S. from clinics and hospitals to home-based care and virtual care services CommonSpirit is accessible to nearly one out of every four U.S. residents. Our world needs compassion like never before. Our communities need caring and our families need protection. With our combined resources CommonSpirit is committed to building healthy communities advocating for those who are poor and vulnerable and innovating how and where healing can happen both inside our hospitals and out in the community.

Responsibilities

This is a remote position.

Job Summary

The Cybersecurity Senior Engineer position supports the Vulnerability Management and Cyber Hygiene (VMCH) program for CommonSpirit Health.  This program provides cyber hygiene requirements and guidance, performs technical security assessment services, maintains VMCH security systems and workflows, and provides engagement and reporting services on specific and systemic security vulnerability and configuration issues for the enterprise.

The Cybersecurity Senior Engineer will report to the System Manager Cyber Hygiene as part of the overall Cyber Vigilance and Defense department focused on identifying, protecting, responding and containing threats and vulnerabilities to the overall CommonSpirit organization.

The Cybersecurity Senior Engineer monitors threat landscape and changing business requirements to Identify functional, technological and/or control solutions.  Integrates all cybersecurity solutions in an optimal manner to best protect the organization from cyber threats and exposures.  Technological solution owner responsible for technology selection based on business requirements and emerging threats.  Drives the design, development, configuration, and implementation of solutions and optimizes solutions to resolve highly complex technical and business issues related to cybersecurity and identity management.  Designs, develops, and implements solutions to successfully integrate new information security and identity management systems with the existing architecture.  

May drive one or more projects as part of a Security or Security Risk Management team.  Acts as a subject matter expert (SME) for one or more security, IDM, or risk management areas. May act as team-lead for other security or risk management personnel.  Mentors other engineers as a leader in the organization.

Job Responsibilities

• Lead the establishment, maintenance, and optimization of vulnerability and configuration assessment platforms, including scan configurations, data integration, and troubleshooting.
• Design, develop, and implement new security solutions and integrate them into existing or new architectures.
• Provide leadership on team-related engagement with various IT and business units to ensure security alignment and adherence to best practices.
• Act as a security advocate for IT Operations, ensuring compliance with CommonSpirit Health policies, security standards, and industry best practices.
• Perform reviews and analysis of system and application vulnerabilities, support risk management processes, and lead remediation efforts.
• Serve as a subject matter expert (SME) for technical security solutions, providing support and resolving complex technical and business issues.

Qualifications

• Bachelor’s Degree in Computer Science, Information Security, Information Systems, or related field, or equivalent professional experience required.
• Two or more relevant technical/professional security certifications (such as: COMP-TIA Network+ , Security+, SANS GIAC, CISSP, CRISC, CISA, or vendor-specific) preferred.
• 4-5 years job related experience required, specifically administering,  maintaining, supporting security tools such as Rapid7, CIS CAT Pro, or Qualys.
• Experience in Windows, UNIX/Linux OS required.
• Functional understanding of regulatory and compliance mandates and frameworks, including but not limited to: HIPAA, HITECH, PCI, Sarbanes-Oxley, Center for Internet Security (CIS), or NIST preferred.
• Experience conducting Vulnerability Testing (Network, Application, Database, and/or System Security), Analysis, Prioritization, and Documentation, and the management of communication with leadership and affected stakeholders preferred.
• Knowledge of healthcare environments preferred.
• Previous project management or project coordination experience preferred.
• Previous Information Security experience in the healthcare/medical environment strongly preferred.

#LI-Remote

#LI-CSH