Cyber Security Engineer

POSITION SUMMARY:

The Cyber Security Engineer is responsible for implementation, operations, and support of Boston Medical Center security controls. Provides technical and administrative support of security components including firewalls, Antivirus platform, Identity and Access Management, Privileged Access Management, VPN, Multi-factor Authentication. Provides technical support for other Engineering and Support teams.  Documents and communicates problem resolutions to information technology personnel. Detects, identifies and resolves complex security issues. Analyze security systems and seek improvements on a continuous basis. Ensure compliance with information security standards, policies, and procedures. Monitoring networks and systems for security breaches or intrusions Monitors health statistics for security appliances.  Responds to on-call issues relating to security breaches/failures.   Develops support practices for PCs, peripherals, enterprise operating systems and software applications.  Creates documentation and provides training for Help Desk and Systems Engineering Teams.

Implement and support the information systems security controls, including all technical, physical and administrative controls pertaining to the computing environment. Working with Information Security Management to ensure a secure and operationally efficient computing environment. Also, acts as the technical resource to IT auditors, both internal and external. 

Working under the direction of Information Security Management, this role is responsible for ensuring that IT systems are engineered and designed in a secure manner.  Furthermore, the role has additional responsibilities pertaining to developing, maintaining and troubleshooting computer network security systems; preventing misuse and malicious behavior and outlining constraints and restrictions in accordance with security policy.

Position: Cyber Security Engineer       

Department: Information Technology

Schedule: Full Time

ESSENTIAL RESPONSIBILITIES / DUTIES:

• Work with Information Security and IT Infrastructure Management to develop, implement and monitor process & procedures in accordance with BMC IT Security policies.
• Contribute to the alignment of security governance.
• Understands security requirements, vulnerabilities and threats.
• Manage and maintain the security of IT systems and network architectures through documentation, reporting, and coordination.
• Work directly with internal IT staff and customers to establish and enforce IT security best practices, protection objectives, process improvements and effective IT security controls.
• Participate in designing and managing IT security strategies.
• Participate in system architecture reviews and provide recommendations for securing IT systems.
• Updates appropriate security infrastructure with timely patches as they become available from vendors.
• Ensure that solutions meet business objectives and establishing and maintaining a high level of users’ trust and confidence in ITS’ knowledge of and concern for users’ business needs.
• Research and educate oneself of industry best practices in risk management techniques and integrating new methods and tools.
• Continuously looking for ways to provide enhancement to existing security services including researching, designing, planning, scheduling, and implementing new security technologies into our current environment.
• Recommends security enhancements to management.
• Performs other duties as assigned or as necessary.
• Adheres to all of BMC;s RESPECT behavioral standards

(The above statements in this job description are intended to depict the general nature and level of work assigned to the employee(s) in this job. The above is not intended to represent an exhaustive list of accountable duties and responsibilities required).

JOB REQUIREMENTS

EDUCATION:

• Bachelor’s degree in Computer Science, Engineering, or related discipline required; equivalent experience acceptable.

CERTIFICATES, LICENSES, REGISTRATIONS REQUIRED:

• None required.
• Technical security certifications from Sans pertaining to relevant job duties. Example, GSEC, GCIH, GCFA, CEH or CISM, etc. strongly preferred.

EXPERIENCE:

• 2-3 years of Information Security related experience is required for this position.

• Experience with Enterprise Microsoft, and Networking infrastructures.

• Demonstrated experience with Enterprise Security technologies such as intrusion prevention, vulnerability management, endpoint protection, systems configuration and operations management.

KNOWLEDGE, SKILLS & ABILITIES (KSAs):

• Ability to translate complex security requirements into sustainable security architectures.
• Excellent communications skills including facilitating presentations.
• Strong implementation, requirements/process analysis, conceptual and detailed design, configuration, testing.
• Excellent analytical skills and the ability to define problems, collect data, establish facts, and draw conclusions.
• Excellent organization skills; someone who thrives in a dynamic and ever-changing environment.
• The ability to express issues and communicate well with various vendors and their operations personnel.
• A strong understanding of Internet fundamentals.
• Ability to prioritize projects
• Works and manages projects of moderate to advanced complexity under minimal supervision
• Ability to multitask and shift priorities when necessary

Equal Opportunity Employer/Disabled/Veterans