Information Security Engineer Sr - Cottage Health

The Information Security Engineer for Cottage Health is responsible for performing services and activities to support the Cottage Health Information Security program. As a subject matter expert, the Information Security Engineer provides guidance on the tactical implementation of relevant security initiatives and services. Areas of responsibility include security architecture, firewalls, monitoring and response, endpoint security, and vulnerability management. Furthermore, this position also supports the Information Security Team in performing security assessments, product evaluations, project support, and any other operational tasks needed to support the Information Security program and strategic objectives.

Major Accountabilities

1. Operational Support

Act as the primary security engineer to manage designated security platforms and services that protect the Cottage Health environment, including next generation firewalls, WAF, authentication services, network access control, and end point security solutions.

Perform penetration testing, vulnerability assessments, and security architecture reviews to help identify external threats and recommend methods for remediation.

Collaborate with various IT and projects teams to provide technical and tactical (\"handson\") support within securityrelated areas to accommodate SLAs and deadlines.

Assist with reviews of company projects and provide input on potential risks, threats, and appropriate solutions to meet information security requirements.

Support the Change / Release Management processes through adequate vetting and testing of system changes and ensuring adequate documentation.

Be a major influence in promoting the technical understanding of new and existing information security standards or procedures, as they relate to system implementation

2. Risk Management

Support the information security audit process by providing documentation on the implementation of technical controls and remediation of previously identified gaps.

Assist in the development, implementation, and management of security policies, standards, procedures, and guidelines that will assist the relevant teams in the implementation of Information Security Program requirements.

Monitor the effectiveness of technical mitigations and recommend costeffective methods to reduce risk to an acceptable level.

Document and followup on security exceptions relating to IT and property activities that could negatively impact security risks and/or not adhere to established policies, standards, or procedures.

Identify areas that would help automate or improve aspects of the audit process to improve efficiency.

3. Incident Response

Act as a technical expert in the Information Security Incident Response team to address incidents impacting Cottage Health and provide remediation in order to restore normal operations.

Coordinate with MSSP in response to detected threats and mitigations.

Participate in incident debriefing activities to help document lessons learned and support the improvement process overall for the Cottage Health incident response capability.

Participate in business continuity or cyberattack exercises to validate the adequacy of relevant response plans.

4. Continual Improvement

Review effectiveness of technical controls and identify areas for improvement, including evaluation of new technologies and capabilities.

Provide input for improvements to security workflows to make them more effective and efficient, including ticket handling, firewall change requests, WAF/application tuning, etc.

Provide technical briefings to the Director of Information Security on key changes to the threat landscape and or emerging technologies to enable better proactivity.

Formulate planning and develop business case for improvement projects and participate in the implementation, as necessary.

Provide training and advice to less experienced security staff and/or other nonsecurity professionals, as needed.

Stay current on recent security trends and technology through participation in industry forums, newsfeeds, and maintenance of security certifications

QUALIFICATIONS

LEVEL OF EDUCATION

Preferred: Bachelor's degree in Computer Science or related field

CERTIFICATIONS, LICENSES, REGISTRATIONS

Minimum: One of the following certifications: CompTIA A, Security, SSCP, GIAC (GSEC, GISF), MCITP, CISSP, GIAC (GCIA, GCIH, GMON), or CISM

Preferred: One or more of the following certifications: Palo Alto (PCNSE), F5 (CTS/CSE), Symantec (SCS), ITIL v3 Foundation, Bradford NAC, McAfee encryption, Beyond Trust PAM, or Cisco (CCNP)

TECHNICAL REQUIREMENTS

Minimum: Experience in NextGeneration Firewalls, IPS, and Enterprise Endpoint Protection. Knowledge of operating systems, RDBMS, client/server technology, WAN & LAN technologies, communications protocols, PKI, encryption, and HIPAA compliance. Knowledge of engineering disciplines including systems programming, systems design, computer technology and software disciplines. Working knowledge of IT Service Management (e.g. ITIL v3) and project management.

YEARS OF RELATED WORK EXPERIENCE

Minimum: 5 years of IT administration experience, with 2 of those years focused on IT Security.

Preferred: 8 years IT admin experience with 5 years in IT Security
Cottage Health is a leading acute care hospital system, located on the central coast of California, widely known for our superior patient care, innovation, medical research and education. Our health system operates primarily in Santa Barbara, Ca, since 1888, and consists of three acute care hospitals, a Rehabilitation Hospital, multiple clinics and a multi-site Urgent Care system. Our mission is to serve the central coast communities with excellence, integrity, and compassion. Every day we touch thousands of lives in many different ways, resolute in our mission to put patients first. We take pride in helping our patients get back to living their lives - in the places they love.

Cottage Health is an Equal Opportunity Employer. Cottage Health applicants are considered solely based on their qualifications, without regard to race, color, ethnicity, religion, age, gender, transgender, gender expression and identity, national origin, ancestry, disability, sexual orientation, marital status, military status or any other classification protected by law. This policy applies to all aspects of the relationship between Cottage Health and an applicant or employee. Cottage Health is committed to upholding discrimination-free hiring practices. We strive to cultivate an environment where exceptional people bring diverse perspectives and find belonging, support and connection to their work.

Any Cottage Health applicants who require assistance or reasonable accommodations during the application process may request the need for accommodation with the Recruiter.

If you're already a Cottage Health employee, please apply on this link only.

CH ITS Security, Full Time Regular, 8 Hours, Day Shift, Cottage Health