Position Highlights:

• Position: Security Engineer III - Tenable SC
• Location: 4901 Searle Parkway, Skokie IL 60077
• Full Time
• Hours: Monday-Friday, 8am- 4:30pm
• Hybrid Schedule: mostly WFH role with occasional onsite requirements

Job Summary

As the Security Engineer III at Endeavor Health, you will be responsible for enhancing Cybersecurity and safeguarding the organization’s data and resources primarily through remote work. This role involves documenting, and refining security procedures, conducting system reviews to ensure compliance with security requirements, execute risk management and governance tasks, or leading security incident response activities. The Security Engineer III will also design and implement security policies for various devices and systems, oversee security for internal and external systems, and mentor junior staff. Candidates should be proficient in using advanced security tools. Responsibilities extend to participating in compliance audits, managing cybersecurity projects, and ensuring alignment with HIPAA, other applicable laws and regulations and/or standards. This mostly remote role may include a 24/7 on-call rotation and requires strong leadership, project management, and communication skills. To be successful in this role, you will be expected to stay up to date on the latest solutions and technologies and advocate for the adoption of industry best practices.

What you will do:

• Administer a Tenable SC system and manage the vulnerability management program across organization.

• Perform regular security and vulnerability assessments of infrastructure and systems.

• Conduct cybersecurity/security audits and assessments related to regulatory requirements and internal policies and standards.

• Identify cybersecurity risks related to medical equipment, applications, and systems, and offer recommendations on mitigation and remediation.

• Document and refine procedures and techniques used by the Information Security and other teams.

• Measure and report organization’s security capabilities using automated and manual tools.

• Research and test security tools pertaining to tactical or strategic plans.

• Perform activities as outlined in the security incident management procedure.

• Review logs from security tools, including IPS/IDS, secure email gateway, data loss prevention system, content proxy, vulnerability assessment tools, antivirus, etc.

• May visit specific sites to identify cyber security vulnerabilities and report on findings.

• Socializes strategies, standards, policies, procedures, communications, and awareness efforts with business partners.

• Participates in reviews of new or existing systems to ensure security requirements are satisfied, prior to implementation, including Risk Assessment.

• Assists with system-wide compliance of the HIPAA Security and Privacy rules and other appropriate standards, audit requirements, works with internal audit staff to conduct regular tests and audits. Assists with external security assessments and penetration tests, and other activities.

• Designs policies as required for security devices, including IPS/IDS, antivirus, and vulnerability management tools.

• May oversee internal or external systems security (i.e., cloud services).

• Lead security incident response activities.

• Mentor and train junior staff on the effective use and management of security tools.

• Design comprehensive security measures, integrating new technologies and methodologies.

• Manage multiple cybersecurity projects.

• Expert in one or more specialized areas

• Proficient in the use of 4 or more advanced security tools and mastery in at least one tool

What you will need:

• Education: Bachelor Degree
• Certification(s): minimum of one related certification with focus on security
• Work Experience:
• Minimum eight (8) years combined IT/ Cybersecurity experience. 
• Previous experience with ability to lead, support, and document two applications. 
• Previous experience leading security initiatives
• Previous healthcare experience in an IT capacity (preferred)
• Industry recognized security certification (preferred)
• Unique or Preferred Skills:
• Demonstrated in-depth knowledge of information security principles, practices, and solutions.
• Demonstrated understanding of advanced security protocols and standards
• Leadership and project management skills.
• Experience with desktop, server, network, and application security teams
• Proven communication, customer service, and organizational skills
• Experience with common security testing methods and tool sets such as email security, data loss prevention (DLP), IDS/IPS, EDR, anti-malware, and proxy tools.
• Previous experience with HIPAA, ITIL, NIST, and Project Management.