Information Security Engineer (1.0 FTE, Days)
1.0 FTE, 8 Hour, Day Shift
At Stanford Children’s Health, we know world-renowned care begins with world-class caring. That's why we combine advanced technologies and breakthrough discoveries with family-centered care. It's why we provide our caregivers with continuing education and state-of-the-art facilities, like the newly remodeled Lucile Packard Children's Hospital Stanford. And it's why we need caring, committed people on our team - like you. Join us on our mission to heal humanity, one child and family at a time.
This paragraph summarizes the general nature, level and purpose of the job.
The Information Security Engineer is responsible for maintaining the high availability, configuration/efficiency and implementation of information security tools, systems and services. Works in conjunction with the Security Operations Center to identify and respond to threats to the Stanford Children’s Health enterprise. Works on highly complex projects that require an in-depth understanding of multiple domain knowledge (security, networking, cloud, etc.). This position requires some weekend and evening assignments as well as availability during off-hours for participation in scheduled and unscheduled activities.
The essential functions listed are typical examples of work performed by positions in this job classification. They are not designed to contain or be interpreted as a comprehensive inventory of all duties, tasks, and responsibilities. Employees may also perform other duties as assigned.
Employees must abide by all Joint Commission Requirements including but not limited to sensitivity to cultural diversity, patient care, patient rights and ethical treatment, safety and security of physical environments, emergency management, teamwork, respect for others, participation in ongoing education and training, communication and adherence to safety and quality programs, sustaining compliance with National Patient Safety Goals, and licensure and health screenings.
Must perform all duties and responsibilities in accordance with the Service Standards of the Hospital(s).
Collaborates across the company to guide the direction of mobile security, working with hardware, software, research and product teams
Researches, designs, and develops architecture solutions meeting internal and external security requirements and standards
Drives defense-in-depth security for the organization to protect critical IT assets and data
Works extensively in networking products/technologies such as: routing and routing protocols, L2/L3 switching, Next Gen firewalls, IPS/IDS, Remote Access, VPN, SIEM, IAM, Encryption, VDI, and Mobile security
Works with customers, partners to identify and address security issues and threats
Evangelizes security across the engineering team and other business departments
Assesses risks proactively and expresses concerns to engineering and operations teams
Develops and executes security processes, policies, and procedures in collaboration with Manager
Identifies, troubleshoots, and resolves vulnerabilities
Participates in incident response and management as required 24x7
Completes assessments and coordinates responses to threats/attacks to the technology infrastructure and supported applications/systems
Responsible for Desktop, server, application, database, and network security principles for threat identification and analysis
Participates in multiple Projects and manages large projects as required
Serves as an information security subject matter expert
Any combination of education and experience that would likely provide the required knowledge, skills and abilities as well as possession of any required licenses or certifications is qualifying.
Education: BA or BS in Computer Science, Management Information Systems, or related field, from an accredited college or university or equivalent experience
Experience: Five (5) or more years of security engineering, design, and implementation experience
License/Certification: None required
Knowledge, Skills, and Abilities
These are the observable and measurable attributes and skills required to perform successfully the essential functions of the job and are generally demonstrated through qualifying experience, education, or licensure/certification.
Advanced knowledge of the threat landscape and threat intelligence methodologies
Demonstrated ability to make decisions on remediation and counter measures
Thorough understanding of network defense technologies, TCP/IP networking, Active Directory, DHCP, DNS, network security monitoring tools, secure engineering principles and technical security testing
Working knowledge of global threats to cyber security and understanding of the tools and tactics utilized by threat actors
Experience with a scripting language (Perl, Python, or other) in an incident response environment
Extensive Windows, Mac, Linux and Unix experience including deep knowledge of file system layout, log file analysis, timeline creation, web browser forensics and file carving
Ability to deliver succinct and fact-based communications, both verbally and in writing
Strong leadership skills with demonstrated ability to prioritize and execute in a methodical and disciplined manner
Ability to use independent judgment to make sound, justifiable decisions and act to resolve problems
Customer-focused mindset, with demonstrated skill in managing expectations, providing proactive status updates, and producing high-quality work product
Strong analytical and problem-solving skills are required. Excellent communication (oral, written, presentation), interpersonal and consultative skills will be needed in order to succeed
Good communication skills and ability to present to diverse audiences of varying organizational levels
Ability to work in a collaborative, team environment
Knowledge of local, state and federal regulatory requirements related to areas of functional responsibility
Ability to work in a team or independently
Physical Requirements and Working Conditions
The Physical Requirements and Working Conditions in which the job is typically performed are available from the Occupational Health Department. Reasonable accommodations will be made to enable individuals with disabilities to perform the essential functions of the job
Knowledge of information security standards (e.g., ISO 17799/27002, etc.), rules and regulations related to information security and data confidentiality (e.g. HIPPA, PCI, DSS, etc.)
CISSP desired or willingness to earn CISSP paid for by Stanford Children’s Health
Excellent project planning/ time management skills
Equal Opportunity Employer