View Full Version : Senior Security Engineer -- Chicago

2013-05-29, 16:48
Job Description
General Summary

Senior Security Engineer is responsible for management, implementation, support and oversight of RICís information systems security controls, including all technical, physical and administrative controls pertaining to RICís computing environment. In collaboration with the HIPAA Security Rule Officer and other regulatory compliance staff, ensures that RIC maintains a secure and operationally efficient computing environment. Acts as lead technical interface to IS auditors, both internal and external, and provides ďinternal auditĒ services within the IS Department.

Senior Security Engineer provides direct technical support for RICís technical security environment, including firewalls, intrusion detection systems, server-based security controls, and related reporting platforms.

Senior Security Engineer consistently demonstrates support of the RIC statement of Vision, Mission and Core Values by striving for excellence, contributing to the team efforts and showing respect and compassion for patients and their families, fellow employees, and all others with whom there is contact at or in the interest of the institute.

Senior Security Engineer demonstrates RIC Core Attributes: Communication, Accountability, Flexibility/Adaptability, Judgment/Problem Solving, Customer Service and RIC Values (Hope, Compassion, Discovery, Collaboration, & Commitment to Excellence) while fulfilling job duties.

Principal Responsibilities
1.Provides management, implementation, support and oversight of RICís information systems security controls, including all technical, physical and administrative controls pertaining to RICís computing environment.
2.In collaboration with Senior Network Engineer, provides technical and administrative support of network security components including firewalls, intrusion detection systems, AAA and authentication systems, certificate management servers, and network management systems.
3.In collaboration with Senior Systems Engineer, provides technical and administrative support of systems security components including Active Directory / GPO policies, end-point encryption, anti-spam/anti-virus, operating systems configuration, etc.
4.Manages projects and project team members as appropriate for security or controls-related projects.
5.In collaboration with Plant Operations and Network Engineers, provides technical and administrative support of physical controls of Data Center, LAN Closets, and end-user workspaces.
6.Performs routine audits and compiles reports related to IS Department compliance with security policies and procedures.
7.Interfaces with internal and external IS auditors. Assists with data collection, audit report analysis, and remediation efforts.
8.Consults on IS projects and systems implementations that impact information security, and participates in the implementation of related security controls.
9.In collaboration with the HIPAA Security Rule Officer and other compliance staff, develops RIC Policies and Procedures related to Information Security.
10.Provides direct network support for RICís server, database, messaging and storage systems. This includes the server and storage hardware (servers, disk arrays, cabling, etc.), operating system installation and configuration, and application installation and support.
11.Designs and implements systems solutions to support RIC business activities.
12.Ensure continuity of network service to all users. Provide diagnostic and corrective services for all network systems 24 hours a day, seven days a week. Provide on-call / pager support on a rotational basis.
13.Document systems changes using ITIL best practices.

Reporting Relationships
1. Reports to Director, IS Operations

Knowledge, Skills & Abilities Required
1.Requires knowledge of computer technology and information management concepts typically acquired through completion of a Bachelors degree in Computer Science, Information Systems or other closely related field. Masters preferred.
2.Information Security certification required (e.g. SSCP, CISSP, CISA, etc.)
3.Network Security certification preferred (e.g. CCSP).
4.Requires at least 5 years professional experience in a corporate IT environment developing and supporting a medium to large network.
5.Administrative experience with Cisco ASA, SecureACS and/or other security management systems is required.
6.Administrative experience with Active Directory, Windows Server, Windows SQL Server, Windows Print Services, and Microsoft Exchange is required. MCITP or MCSE is preferred.
7.Experience with VMWare, EMC Clariion / Celerra systems and EMC replication technologies is preferred.
8.Administrative experience with Enterprise Anti-Virus and Anti-SPAM products, SQL query language, SQL Reporting Services, IIS, and Microsoft SCCM is preferred.
9.Requires proficiency in the analysis of network and application performance through the use of protocol analyzers, syslogs, NT/2K event logs, and SNMP traps.
10.Requires interpersonal skills necessary in order to communicate effectively with user departments concerning network/PC support, training and issues as well as a variety of external contacts.
11.Practices good customer service while working under pressure.
12.Works independently of close supervision on highly technical and complex subject matter.
13.Ability to transport and move PCs, printers, and related hardware weighing up to 30 pounds.

Working Conditions
1.Normal office environment with little or no exposure to dust or extreme temperature.
2.Prolonged exposure to video display terminal.
3.Ability to transfer and lift hardware weighing up to 30 pounds.