IT Security Engineer

at  Currance

WE ARE HIRING IN THE FOLLOWING STATES:

AZ, CA, CO, CT, FL, GA, HI, IL, MA, ME, MN, MO, NC, NJ, NV, OK, PA, SD, TN, TX, VA, WA

• Identify and resolve vulnerabilities across on-premises and cloud-based networks, applications, and systems, with a focus on Azure Security Center.
• Monitor both on-premises and cloud-based networks and systems for security threats or breaches using Barracuda, Azure Sentinel, and other cloud security tools.
• Respond to cloud and on-premises security incidents by investigating alerts, identifying breaches, and taking immediate action to contain and mitigate potential damages.
• Implement risk mitigation strategies tailored for hybrid and multi-cloud environments to reduce the impact of potential breaches.
• Perform root cause analysis for incidents in both on-premises and cloud environments, refining security protocols and controls based on lessons learned.
• Conduct regular security audits and vulnerability assessments in cloud environments to assess risks and strengthen cloud defense mechanisms.
• Implement and maintain a vulnerability management program that includes timely patches and updates for both cloud and on-premises systems.
• Develop and maintain cloud-focused disaster recovery plans that ensure continuity of critical healthcare services in the event of a cyberattack.
• Test and validate the effectiveness of security elements within cloud-based disaster recovery and business continuity plans.
• Create and enforce security policies and controls that comply with healthcare and government regulations (HIPAA, HITECH, etc.), and align with cloud specific best practices and the HITRUST security framework.
• Ensure that security protocols for cloud and hybrid infrastructures meet healthcare regulations and industry frameworks.
• Update cloud security policies, baselines, and procedures based on evolving threats and cloud compliance requirements.
• Document cloud security practices and prepare for cloud-specific external and internal audits.
• Document all security incidents and mitigation actions in line with HIPAA breach notification and HITRUST requirements.
• Resolve penetration test findings before they are exploited.
• Configure firewalls, antivirus software, and cloud-native security solutions (e.g., Azure Firewall) to secure hybrid IT infrastructure.
• Manage identity and access management (IAM) solutions, leveraging on-prem Active Directory and Microsoft Entra ID in a hybrid configuration to ensure only authorized personnel access cloud-based sensitive data.
• Implement and maintain encryption solutions for data in transit and at rest within both on-premises and cloud environments.
• Ensure data encryption and privacy measures for protected health information (PHI) are implemented across hybrid and multi-cloud environments.
• Manage secure data storage, backup (Veeam), and disaster recovery for on-prem and cloud-based resources, preventing data loss or unauthorized access.
• Conduct regular privacy impact assessments on cloud platforms, to identify and mitigate risks to sensitive data.
• Educate Currance employees on cloud-specific security best practices, cloud phishing threats, and cybersecurity principles.
• Develop, deliver and maintain a training program that highlights employee responsibilities in securing digital resources and staying compliant with security policies.
• Collaborate with compliance officers to ensure IT activities are aligned with healthcare regulations, aligned with HITRUST requirements and compliant with cloud service standards.
• Collaborate with cross-functional teams to integrate cloud security measures throughout DevOps pipelines, ensuring secure software development and deployment.
• Perform other duties as assigned