InfoSec Engineer (Access & Permissions Mgmt.)

Essential Responsibilities

Responsibilities listed in this section are core to the position. Inability to perform these responsibilities with or without an accommodation may result in disqualification from the position.

• Deploy, implement, document, and maintain security solutions.

• Resolve security engineering-related tickets in ServiceNow, ensuring timely resolution and adherence to SLAs.

• Develop and maintain comprehensive process documentation.

• Provide knowledge, coordination, and communication for security engineering projects.

• Identify and implement opportunities for process improvement and automation within the security engineering framework.

• Support the building of technology operational models and workflows for the business.

• Collaborate with IT teams and business units to ensure proper access controls and integration with other systems.

• Provide vendor management, service level definition, and management for security engineering technologies.

• Provide feedback on business case proposals, analysis of technologies, and project plans.

• Assist in security awareness training related to engineering.

• Support strategic contingency planning from a security perspective.

• Participate in regular business meetings and workshops to ensure knowledge transfer.

• Provide 24x7 on-call support based on security engineering staff rotation.

• Adhere to and support OU Health IT standards, policies, and procedures.

• Maintain and protect confidentiality regarding all aspects of patient care and employee information.

General Responsibilities

• Performs other duties as assigned.

Minimum Qualifications

Education Requirements: Bachelor's Degree required.

Experience Requirements:

• 0-3 years of experience in Security Engineering required.

• Experience with various security services and tools, I.e. network protocols, firewalls, IDS/IPS, SIEM, logging, Active Directory, DLP, etc.

• Experience in managing multiple high-risk projects, including those involving external vendors.

License/Certification/Registration Requirements:

• One or more advanced security certifications are required or must be obtained within 36 months from the hire date. Desired certifications include CCSP, CISM, GSEC.

• Other security or IT certifications are highly desirable, such as CEH, CHFI, CISA, CISM, CRISC, CCNA

Knowledge/Skills/Abilities Required:

• Knowledge of cloud services and methodologies is preferred.

• Understanding of SSO, MFA, PAM, least privilege concepts.

• Knowledge of supported operating systems (Windows server and VMware ESX) network technology (Route, Switch, Firewall, VPN), utilities, vendor products, diagnostic techniques, applicable communications protocols, applicable hardware configurations, vulnerability management

• Knowledge of applicable programming languages, and scripting.

• Must have security regulation and security framework knowledge. Examples include CIA triad, HIPAA, HITECH, HITRUST, NIST, ISO, and COBIT

• Strong technical problem-solving skills with strong attention to detail.

• Excellent communication, leadership, and teamwork skills.

• Ability to implement process improvements and automation solutions within security.

• Leadership skills to establish and maintain business relations with technical resources, customers, business partners, vendors, and other IT personnel.