Engineer, Information Security - Remote National

Job Expired

Extraordinary Care. Extraordinary Careers.

With the nation’s largest home infusion provider, there is no limit to the growth of your career.

Option Care Health, Inc. is the largest independent home and alternate site infusion services provider in the United States. With over 6,000 team members including 2,900 clinicians, we work compassionately to elevate standards of care for patients with acute and chronic conditions in all 50 states. Through our clinical leadership, expertise and national scale, Option Care Health is re-imagining the infusion care experience for patients, customers and employees.

At Option Care Health we recognize that part of being extraordinary is supporting and building a workforce that is as diverse as the patients and communities we serve.
Join a company that is taking action to develop a culture that is more inclusive, respectful, engaging and rewarding for all team members. We are committed to hiring, developing, and retaining a diverse workforce.

COVID-19 Vaccine Requirements:

As a leading healthcare provider, we have an undeniable responsibility to protect the health and safety of our patients, customers and team members.

Option Care Health requires that all employees be fully vaccinated against the COVID-19 virus. If you are offered and accept a position, your employment will be contingent upon proof of vaccination, or approved medical or religious accommodation. Proof of vaccination will be required during the onboarding process; application for medical or religious accommodations will be required to be submitted within 5 business days of start date. If medical and/or religious accommodation requests are denied, you must take steps to be fully vaccinated, or your employment will be terminated.

Job Description Summary:

The security engineer is a technical role focused on supporting the implementation, execution, and optimization of security controls within the company. Engineers make things happen and this role involves the technical execution of all security settings, technologies, and processes required to ensure our risk reduction assumed with the control is realized. In addition, this role requires an individual who also understands how their role fits into a broader strategic vision. Candidates must have technical competence and expertise as well as a background understanding business needs, collaborating with other departments and supporting response.

Job Description:

Job Responsibilities:

Lead security projects including the integration of security into various facets of IT Operations and business operational activities and programs
Plan, schedule, and implement security tool upgrades, implementations, and migrations in a timely manner, and during times that will have the minimum impact on the users of the affected networks & systems.
Mentor others, including: Various areas of IT, more junior security engineers and security analyst in order to advance the level of depth of Option Care’s technical security program across the enterprise
Provides second-level support for Security implemented projects based on need agreements. This may include response to security-based alerts, SSO/MFA Authentication, endpoint protection, network security and vulnerability management.
Assists in the configuration and implementation of open-source/third-party tools to assist in detection, prevention and analysis of security threats
Conducts periodic network vulnerability scans in order to identify system and application vulnerability risk and ensure compliance. Assist in the required remediation from scan data.
Participates in the selection, Proof of Concept, implementation and operational deployment of new security technology solutions to ensure the confidentiality, integrity and availability of business data
Proactively implements (new, upgrade, maintenance), monitor and support enterprise Security Tools
Monitors networks and systems for security incidents / events, through the use of software that detects intrusions and anomalous system behavior
Leads incident response, including steps to minimize the impact and then conducting a technical and forensic investigation into how the security incident happened and the extent of the security incident
Develops specific / custom cybersecurity countermeasures and risk mitigation strategies for systems and/or applications in an evolving production environment
Validates IT solutions collaboratively with infrastructure and application development project teams ensuring that corporate security policy, standards and industry best practices are met
Stays current with developing technologies, emerging threat landscape and predict impact of changing technologies.
Participates in the implementation of security technologies in coordination with a project manager
Works with third party vendors to lead the definition of needs and requirements for security technology enhancements and implementation.
Assists and supports junior members of the security team as they perform vulnerability, network and network security assessments remediation.
Ability to handle multiple tasks/initiatives simultaneously and the ability to handle substantial deadline pressures

Supervisory Responsibilities:

None

Basic Education and/or Experience Requirements:

Bachelor’s degree and/ or at least 5 years of technical engineering experience in the Information Security field.
Information Security Certification(s) – CompTIA Security +; CompTIA CySA+; CEH; CISM; OSCP; GSEC and/or CISSP

Basic Qualifications

Knowledge of Information Security technical and functional areas and the operation of key tools as they related to these areas.
Knowledge of Information Security functional areas such as metrics analysis, vulnerability management, policy implementation and technological controls.
In-depth understanding of all current Microsoft Windows operating systems (Server and Windows10/7)
Understanding of API’s and the ability to make API calls from applications
Knowledge of Cloud (SaaS, IaaS, & PaaS) Security architecture
Working knowledge of risk and security frameworks, standards, and best practices (e.g. NIST, ISO, SANS Critical Security Controls.)
Experience with the tasks identified within the position description above, including planning, engineering, forecasting and implementation, and identification of resource requirements for information security systems or information security configuration requirements associated with business systems
Technical knowledge of how various classes of threats and vulnerabilities function and methods to address those threats and risks
Ability to understand security and business risk in order to provide quality customer service to the business. Results oriented with a sense of urgency and a strong desire to continuously learn and improve
Excellent verbal and written communication skills to collect analyze and present data. Excellent data analysis, reporting and problem-solving skills.
Proven leadership skills, ability to work in a fast-paced start-up environment
Demonstrates initiative, able to work independently with minimal supervision yet can work well in a team environment and is customer focused.
Solid conflict management and decision-making skills
Knowledge and understanding of application or software security such as: web application penetration testing, secure code review, secure static code analysis
Demonstrates initiative, must be self-starter with the ability to work independently with minimal supervision yet can work well in a team environment and is customer focused.

Travel Requirements:

Willing to travel up to 10% of the time for business purposes (within state and out of state).

Preferred Qualifications & Interests:

Knowledge of common and current security vulnerabilities such as: XSS/CSRF, SQL Injection, Buffer Overflow, Lateral movement, privilege escalation, and DoS attacks.
Ability to understand complex systems and interfaces and create current state system architecture diagrams, highlighting security components
Ability to articulate issues, risks, and proposed solutions to various levels of staff and management
Knowledge and understanding of data security controls including malware protection, firewalls, intrusion detection systems, content filtering, Internet proxies, encryption controls, and log management solutions
Scripting Languages – MS PowerShell & Python
Technical Knowledge to include:

– Tenable / Nessus Vulnerability Management Application(s)

–

– Crowdstrike EDR

– Advance knowledge of Windows Administration

– Basic knowledge of Linux Administration

– Microsoft Active Directory including Group Policy Objects

– Microsoft O365, InTune and Azure Security

– Microsoft Cloud App Security (MCAS)

– Cisco Network security (FTD, Firepower, ASA, AnyConnect, Umbrella, etc.)

– System hardening (CIS, NIST)

– Splunk

– Privileged Access Management

– Forensics Tools (ex: FTK; Encase, etc…)

This job description is to be used as a guide for accomplishing Company and department objectives, and only covers the primary functions and responsibilities of the position. It is in no way to be construed as an all-encompassing list of duties.

Pay from $74,651.20+

Salary to be determined by the applicant’s education, experience, knowledge, skills, and abilities, as well as internal equity and alignment with market data.

Benefits:

-401k

-Dental Insurance

-Disability Insurance

-Health Insurance

-Life Insurance

-Paid Time off

-Vision Insurance

Option Care Health subscribes to a policy of equal employment opportunity, making employment available without regard to race, color, religion, national origin, citizenship status according to the Immigration Reform and Control Act of 1986, sex, sexual orientation, gender identity, age, disability, veteran status, or genetic information.

Posted: Apr 07, 2022