Sr. Information Security Engineer

at  Council for Affordable Quality Healthcare

POSITION SUMMARY:

As a member of CAQH’s Information Security Incident Response team, the Sr. Information Security Engineer – Security Operations will coordinate the response activities for cyber security incidents across the corporate environment. The successful candidate will focus on reviewing, triaging, analyzing, remediating, and reporting on cyber security incidents. The individual will be the escalation point for Security Operations Center (SOC) analysts, and as such, will manage validated cyber security incidents, in accordance with the Information Security Incident Response Plan. The successful candidate will perform functions such as log analysis, conduct in-depth technical analysis of network traffic and endpoint systems, enrich data using multiple sources, and be responsible for rapid handling and mitigation of cyber security incidents.
The Sr. Information Security Engineer – Security Operations is a full-time, remote, exempt position and reports to the CISO.

SKILLS:

• Fundamental understanding of security tools such as SIEM, IDS/IPS, web proxies, DLP, CASB, SIEM, DNS security, WAFs, DDoS protection, VPN, EDR, and firewalls.
• Programming and Scripting: Ability to write scripts in languages like Python, Bash, or PowerShell to automate tasks and analyze data.
• Incident Handling and Response: Knowledge of incident response processes, from detection and analysis to containment, eradication, and recovery.
• Cybersecurity Laws and Regulations: Understanding of laws and regulations related to data protection and privacy (e.g., HIPAA). Risk Assessment and Management: Ability to assess, prioritize, and manage risks associated with cybersecurity threats.

EXPERIENCE:

• 5+ years of incident analysis, security architecture, malware research, SOC, or any other similar incident response experience.
• 5+ years of working experience with Information Security, Network Security, and Security Monitoring and Incident Response.
• GSEC, GCIA, GFE, GCFA, CISA, CISSP, CISM, or CIA certification(s) preferred.
• Network / System Administration experience / background preferred.
• Advanced Cloud knowledge - Microsoft Azure preferred.

EDUCATION:

• Bachelor’s degree in computer science degree or related field preferred.

WHO WE ARE

Named one Modern Healthcare’s “Best Places to Work,” CAQH has helped nearly 1,000 health plans, 2+ million providers, government entities and vendors connect, exchange information and operate more efficiently. CAQH technology-enabled solutions and its Committee on Operating Rules for Information Exchange (CORE) bring the healthcare industry together to make sharing business information more automated, predictable, and consistent. CAQH Insights researches opportunities to reduce the burden of manual processes in healthcare administration.

SPECIFIC RESPONSIBILITIES:

• Conducts investigations and responds to internal and external Information security threats.
• Implements advanced security monitoring techniques to identify malicious behavior on SaaS, cloud systems, network, and endpoints.
• Manages, administrates, and improves security monitoring products for DLP, SIEM, EDR, Cloud Security products, IDS and other security technologies.
• Develops automation response scripts to remediate threats.
• Performs threat hunting activities to identify compromised resources.
• Performs threat research and intelligence gathering to improve detection and response capabilities.
• Maintains operational playbooks, process diagrams and documentation for security monitoring and response.
• Reviews proposed Security deployments to ensure security monitoring requirements are met.
• Provides off-hour support as needed for security monitoring and response activities.
• Experience leveraging common scripting languages, including PowerShell or Python, to parse logs and automate repeatable tasks