Assists in developing, implementing and maintaining an integrated program to protect the integrity, confidentiality, and availability of all information resources at MCH. Supports enterprise security applications and systems, enterprise firewall and intrusion detection/prevention systems, and security incident investigations. Assists in the development of assigned security initiatives and enhances knowledge of security technologies, issues, and direction.
Minimum Job Requirements
•4 years of hands-on experience with hardware-based firewalls, IDS, VPNs, TCP/IP Protocols, virus protection, and other security devices.
•5 years of progressive experience in data and voice networks security, including experience in Internet technology and security issues.
•Bachelor of Science in Computer Sciences/ Electrical Engineering/related major or 5 years of equivalent work experience in network engineering.
•Experience in Cisco router and switch product lines.
•Experience in developing information security policies, intrusion response procedures, disaster recovery procedures, risk analysis, and in administering the operations of a complex security infrastructure.
•Experience in intrusion detection systems, stateful inspection firewalls, VPN features along with the related remote access client.
•Experience in security standards such as ISO 17799, NIST Orange Book, Microsoft Site Security handbook. HIPAA Security Standards.
•Extensive protocol and standards experience including TCPIP, SSL, S/MIME, Radius, LDAP, IPSEC & Symmetric and public key cryptography techniques.
•Hands-on expertise in the architecture, design and deployment of 2 or more security technologies such as i) security auditing, assessment and penetration testing tools and procedures, ii) high availability application layer and/or stateful inspection firewalls, iii) VPN gateways and remote access clients, iv) public key infrastructures including Certificate Authority (CA), Registration Authority (RA) and Certificate Repository, v) secure Internet, intranets, and extranets, vi) distributed authentication systems and devices including smart cards and biometric devices, vii) network and host-based intrusion detection systems, and viii) security operations administration and management.
Essential Duties and Responsibilities
Assists in designing and developing security and control measures to address identified risks.
Assists in developing and maintaining enterprise applications and systems.
Assists in developing and maintaining the enterprise Intrusion detection/prevention system.
Assists in developing information protection procedures and guidelines to support various aspects of the information security program.
Assists in identifying security risks and exposures by participating in security reviews, evaluations, and risk assessments.
Assists the information technology organization in upholding the integrity of the hospital’s IT infrastructure and its ongoing operations.
Investigates and documents issues or incidences involving the enterprise firewall and provides recommendations for improvements.
Investigates security incidents including appropriate forensic analysis of the resources implicated in an incident.
Plans and manages assigned activities to ensure that objectives and schedules are met.
Provides consulting assistance in addressing security issues and in implementing security policies, procedures and measures.
Ability to communicate technical and security-related concepts to a broad range of technical and non-technical staff.
Ability to perform as a team player on an information technology security team.
Ability to resolve issues in a timely manner, forecast, and plan.
CISSP and CCSP certification a plus
Effective verbal and written communication skills.