About the job
BrightSpring Health Services
Information Technology focuses on technology that powers and enables storage, processing, and information flow within our organization. If your enjoy creating ways for technology to assist in decision making then we would love to hear from you. Please apply today!
- The Security Engineer II is a senior security subject matter expert, with security engineering experience in IT and network disciplines to support the company‘s enterprise security objectives.
- The Security Engineer II illustrates proficiency by determining the organization’s security needs, developing and implementing solutions, and enforcing security policies and standards.
- This position uses threat intelligence tools and other enterprise security systems to identify security weaknesses in IT architecture/design, provide solutions to counter those weaknesses, and provides full architectural and operational support of the solutions.
- The Security Engineer II also acts as a lead for the Security Engineering team and interacts regularly with other departments to implement solutions and/or act as the primary point of contact for information security matters.
- Uses SIEMs and other threat intelligence sources to evaluate the current threat landscape.
- Uses security products and techniques to routinely monitor for vulnerabilities, threats, alerts, and attacks.
- Determines if any immediate or future action is necessary to protect information system assets and acts accordingly.
- Works with Network and Server Administrators to achieve results and submits reports on findings, status, and recommendations to the Security Engineering Manager.
- Maps and aligns current and future security systems, policies, controls to the NIST CSF and HIPAA Security Rule, to include the current environment and on an as-needed basis during mergers and acquisitions.
- All NIST alignment is done with the expectation that the business needs are paramount. Works with IT resources and business leaders to assist in the research, development, configuration, upgrade and implementation of IT Security related products and services and leads and supports projects.
- Conducts security investigations using data analysis and forensic techniques; supports and is a key member of the Incident Response (IR) team, including standardizing, improving, and maintaining IR processes.
- Works with Business Owners and IT Application Development and Infrastructure stakeholders to assist in the planning, design, and implementation of enterprise wide security architecture and systems, including physical security, authentication mechanisms, cryptography, role-based security, host and backend systems, DMZs, firewalls, VPNs, IPS/IDS systems, penetration testing, vulnerability assessments, and disaster recovery.
- Performs other tasks as assigned.
- Required: Associate degree in Computer Information Systems or equivalent experience.
- Desired: Bachelor’s degree in Computer Information Systems or related field.
- Required: Minimum of 3 years in system and/or security administration in a heavy Windows and light-nix environment.
- Required: 3+ years of SIEM architecting and support; web and spam filtering using secure web proxies and email filtering solutions; security framework implementation; other end-user, network, and host-based security solutions.
- Desired: 5 + years in the administration or monitoring of SIEMs and vulnerability management systems within an enterprise environment; secure web gateways; remote access technologies; endpoint protection methodologies; secure configuration of routers and switches, Microsoft Windows Active Directory, IBM iSeries (AS/400) OS400, UNIX systems; web application development, infrastructure, and database security; audit and compliance adherence and processes (e.g. HIPAA mostly, some PCI).
- Required: Enterprise Information Security Products and Services; Security Frameworks; Advanced use of MS Office applications, including Visio and Project.
- Ability to research, evaluate, and recommend security technology and solutions; define and document internal controls and procedures; lead projects and conduct routine security audits and risk assessments.
- Desired: Advanced knowledge of Splunk and McAfee SIEMs, NIST CSF and associated NIST Standards, Tenable products, and MS Office applications.
- Desired: GCIH, OSCP, CPP, CISSP, GCIA, or CCSP.
- Required: Dependability, Organization & Planning, Problem Solving, Analytical Reasoning.
- Desired: Communication, Adaptability, Initiative.
About Our Line Of Business
BrightSpring Health Services is a leading provider of complementary home and community-based pharmacy and health services for complex populations in need of chronic and/or specialized care. Through the company’s pharmacy and provider services to seniors and specialty (including behavioral) populations, we provide comprehensive care and clinical services in 50 states to over 360,000 customers, clients and patients daily. The company’s services foster greater patient and family satisfaction, improve outcomes and reduce health care system costs, and are supported by industry-leading quality outcomes. For more information, visit www.brightspringhealth.com . Follow us on Facebook , Twitter and LinkedIn .
USD $61,800.00 – $77,300.00 / Year
- Salary Offer $61,800/yr - $77,300/yr
- Address Louisville, KY, USA
- Experience Level Junior
- Total Years Experience 0-5