Centurion Consulting Group
Security Engineer Remote
We are hiring a Security Engineer for a remote opportunity.
- Manages validation of patches to both server and desktop clients and validates receipt of all current security and application patches
- Manages corresponding software monitoring services (i.e. whitelisting services)
- Executes or configures vulnerability scans and coordinates or otherwise conducts remedial actions for all identified computers
- Identify required patches through extensive research and review as well as initiates and coordinates end-user acceptance testing and approval via the change management process
- Manage process to deploy approved patches to all managed desktop clients, validate and reconcile results and provide status and detail reports to management for review
- Microsoft Office 365 Experience
- Deliver subject matter expertise of Office 365 with emphasis in security, architectural design, migration, management and support of implementations.
- Provide overall Office 365 security expertise including strong knowledge of Azure Active Directory, Azure Information Protection, Information Rights Management, single sign-on and multi-factor authentication and related technologies (including Microsoft Enterprise Mobility + Security)
- Demonstrate consultative capabilities by providing value added information to clients for connecting technology, security and the business value of Office 365.
- Drive Office 365 security adoption and lead technical effort to enable Azure Information Protection.
- Lead and participate in ongoing Office 365 security and strategy discussions.
- Stay current of all things Office 365, including changes & updates, roadmap & releases, and third-party solutions.
- Validates product upgrades, patches and .dat file deployment to both the server and desktop clients
- Validates receipt of current .dat files and takes remedial action on desktops
- Validates and recommends exclusion and scanning polices
- Provides status and detail reports to management for review
- Security Information and Event Management (SIEM)
- Manages and administers overall product configuration, upgrades and patches to ensure optimal performance
- Conduct daily review of system activity from all systems containing PHI as required by HIPAA and other pertinent laws and regulations to ensure data confidentiality, integrity and availability of monitored systems
- Create designated alerts and reports for both I.S. management and business unit management to ensure that suspicious activity is promptly addressed and reviewed
- Create alerts to ensure system security levels are maintained (i.e. generate real time alerts to I.S. management when critical changes are made impacting system integrity)
- Conduct forensics as needed or requested by both I.S. management and human resources and external agencies to ensure incidents are processed and documented timely and effectively
- Review of Systems Security Configurations and Role Based Access Control (RBAC)
- Conduct routine review of all accounts and corresponding security roles across all designated systems in partnership with business units and I.S. staff with administrative privileges.
- Review existing system accounts to ensure that they are provisioned / de-provisioned on a timely basis with only authorized access levels and conduct process improvements as needed
- Engineer and develop recommendations for secure design and integration of LAN resources as well as become systems expert in security configurations of any new or upgraded LAN resources
- Work with IS management in the development of and documentation of all relevant standards and procedures, in general and specifically as they pertain to the Health Insurance Portability and Accountability Act (HIPAA) compliance and any other adopted framework for information security.
- Promptly report incidents and issues to the appropriate personnel and obtain additional supporting information to identify a successful plan for remediation.
- Other duties as assigned.
- Education: Requires a College Degree or equivalent work experience.
- Minimum of 3 years security practices. Familiar with the managed care industry.
- Computer Information Systems Security Professional (CISSP), Computer Information Systems Auditor (CISA) preferred but not required. Any other computer certifications such as Certified Ethical Hacker (CEH), Microsoft Certified Systems Engineer (MCSE) or SANS Global Information Assurance Certification (GIAC) recommended.
- Additional education courses/technical seminars within the PC/LAN/ technical area helpful.
- Must be a effective team player and able to proactively enact changes to continuously improve the security of systems
- Minimum 3-5 years security administration experience in a multi-platform environment.
- Excellent organizational, communication and technical skills.
- Ability to perform problem determination and coordinate resolution with appropriate personnel.
- Ability to work collaboratively with other departments to analyze and resolve complex issues. Strong interpersonal skills to interface with management and staff at all levels within the organization and with vendors.
- Ability to apply complex security standards to various devices to ensure compliance and support to security principles.
- Ability to research layered security problems and identify recommendations which are both practical and able to be implemented given the risk and technological factors.
US Citizenship required
Travel: < 10% (CONUS)
Centurion Consulting Group, LLC is an Equal Opportunity Employer EOE M/F/D/V
No third parties or subcontractors