Senior Security Engineer

American Nurses Association, Inc - Silver Spring, MD2.7

Full-time
Save
The American Nurses Association (ANA) is the premier organization representing the interests of the nation's 4 million registered nurses. ANA advances the nursing profession by fostering high standards of nursing practice, promoting a safe and ethical work environment, bolstering the health and wellness of nurses, and advocating on health care issues that affect nurses and the public. ANA is at the forefront of improving the quality of health care for all.

BUSINESS UNIT: American Nurses Association

DEPARTMENT: Communications

SALARY GRADE: 17

EMPLOYEE REFERRAL BONUS AMOUNT: N/A

The senior information security engineer is responsible for providing engineering design, analysis, and support for routers, firewalls, networks, and operating systems.

They are responsible for configuring vulnerability assessment tools, performing scans, analyzing vulnerabilities, identifying relevant threats, recommending corrective actions, and summarizing results for relevant operational teams.

The senior information security engineer is responsible for the development, review, implementation, and maintenance of the organization’s information security awareness program. The role reduces risk throughout the organization by ensuring employees know and understand information security’s policies and behave with a security mindset.

The information security engineer develops and implements information security architecture and technology solutions to address the current and emerging information security and compliance requirements of the organization.

DUTIES:
1. Researches, designs, and implements information security solutions for organization systems and products that comply with all applicable security policies and standards

2. Works with IT and internal and external business partners to ensure that security is factored in the evaluation, selection, development, installation and configuration process of hardware and software

3. Produces vulnerability, configuration, and coverage metrics and reporting to demonstrate assessment coverage and remediation effectiveness

4. Ensures security awareness trainings, communications, and marketing are engaging and influences changes in employees’ behavior

5. Examines network, server, and application logs to determine trends and identify security incidents

6. Ensure PCI certification is maintained

QUALIFICATIONS REQUIRED

Education

  • Bachelor’s degree in computer science, information security, or a related field; master’s preferred.
Networking background, knowledge of network protocols, including UDP/TCP
Certified Information Systems Security Professional (CISSP) or Global Information Assurance Certification (GIAC)
US Citizen or Green Card holder, able to obtain a Public Trust
Related Work Experience

Over three years of experience using at least one scripting language (e.g.: Perl, Python, PowerShell)
Over seven years of experience in information security, especially in a security engineering role
Over five years of experience with regulatory compliance and information security management frameworks (e.g., IS027000, SANS Critical Security Controls, NIST 800, etc.)
Technical expertise in network security knowledge, to include VPN, Firewall, network monitoring, intrusion detection, web server security, and wireless security
Strong knowledge of common vulnerabilities and exploitation techniques

Practical experience with database security, content filtering, vulnerability scanning, and anti-malware

An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business

Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one

An ability to effectively influence others to modify their opinions, plans, or behaviors

Preferred Skills & Experience

  • Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
  • Technical expertise in system security vulnerabilities and remediation techniques, network and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, .net, IIS, CVE, MITRE ATT&CK, etc.)
  • Technical expertise in security engineering, system and network security, authentication and security protocols, cryptography, and application security using Cisco security products, devops and Azure security controls.
  • Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part
  • Ability to assess the impact of emerging business and end-user technologies on information security requirements and architecture
  • Strong interpersonal skills, with an emphasis on the ability to effectively influence others
  • Ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner