Description and Requirements

The Sr Cyber Security Engineer continuously monitors the vulnerability of the enterprise and develops engineering solutions to improve the security of the Healthfirst infrastructure. The Sr Cyber Security Engineer applies expertise across the Cyber Security discipline by demonstrating competency in IT Infrastructure and Application Development. The individual filling the Governance Risk and Compliance (GRC) Senior Cyber Security Engineer role will be able to work effectively across to bring Cybersecurity, information technology, and GRC expertise to evaluate compliance of existing systems as well as help build compliant systems with reliable security controls.

Duties and Responsibilities:

• Ensure Healthfirst systems and work completed are secure and compliant with policies, standards, guidelines, and laws (i.e., HIPAA, MITRE, NIST, HITRUST, etc.)
• Apply security engineering and implementation expertise to ensure the security of Healthfirst infrastructure
• Ensure IT security solutions and/or initiatives are delivered within financial targets
• Lead multiple security capabilities and/or Programs such as EDR, GRC, Incident Response, PAM, IAM, SOAR. DLP, SEIM, Insider Threat, etc.
• Partner closely and work collaboratively with key stakeholders, team members, and senior leadership in accomplishing cyber security responsibilities and initiatives
• Lead technical teams as assigned and needed
• Assists department leadership by providing informal coaching and direction to Cyber Security Engineers
• Develop and document security procedures in alignment with security policies and audit oversight
• Additional duties as assigned or required

• Technical Degree in Computer Science or Cyber Security and/or equivalent work experience
• Prior work Cyber Security work experience
• Experience in security engineering, vulnerability assessment, threat hunting, and incident response
• High School diploma or GED from an accredited institution

• Work experience in network penetration, incident response and governance risk and compliance
• Experience implementing and maturing security processes or solutions. (i.e. EDR, SIEM, GRC, Firewall, DLP, CASB, UEBA, DLP, Vulnerability Management, Red Teaming, Threat Hunting, or A&A, etc.)
• Advanced understanding of network and server infrastructure such as AWS and Azure.
• Advanced Cyber Security expertise
• Experience communicating across teams and with key stakeholders
• Experience leading teams and developing others
• Security Plus, CISSP, CISA, CEH, and Operating Certifications
• Assessing compliance of existing systems and work with program teams to identify and implement solutions
• Supporting secure development and implementing new solutions, capabilities, and provide guidance on security architecture and engineering
• This person will be responsible for leading GRC initiatives that cross organizational boundaries and be adept at leading in a way that delivers results, maintaining a balance between competing priorities and understands and helps stakeholders accomplish business objectives.

• License/Certification: See Above