Skip Navigation

Information Security Automation Engineer



Category

Information Technology

Job Location

NA, NA

Tracking Code

72121-1

Position Type

Full-Time/Regular

About Us

Certilytics provides sophisticated predictive analytics solutions to major healthcare organizations by integrating financial, clinical, and behavioral insights. Our team represents a dynamic infusion of multidiscipline, which includes actuarial, data and behavioral scientists, IT engineers, software developers, nurse clinicians, as well as experts in public health and the health insurance industry. Certilytics has extensive experience working with a diverse set of customers including large self-insured employers, health plans, pharmacy benefit managers, government programs, care management companies and health systems. These relationships with various data providers and customers allows for rapid data ingestion, validation and enrichment as well as streamlined delivery of analytic dashboards, outputs and visualizations to our customers. Our unique approach allows for the development of the most accurate financial, clinical and behavioral models in the industry.

The Information Security Automation Engineer is primarily responsible for creating and maintaining scripts and applications to automate information security. This position is also responsible for mitigating risk by supporting the design, implementation, customization, enhancements, and operations of information security solutions and services; and providing support for information security operations.

This position also protects the organization through execution of operational tasks leveraging their technical prowess through vulnerability management, vulnerability remediation, establishment of standards, supporting and enhancing the information security practices of development staff, and assessing technologies.

Essential Function

 

Sustain

  • Create and maintain scripts and programs that automate activity.
  • System integration via API or standards-based communication protocols.
  • Implement, customize, maintain, and enhance security tools, countermeasures, technologies, and infrastructure.
  • Support other information security team members though the creation of reports, alerts, dashboards, and elimination of false positives and negatives.
  • Respond to issues regarding security tools or technologies.
  • Analyze security systems and identify improvements.

  Protect

  • Identify and define system security standards.
  • Recommend and evaluate security enhancements and purchases.
  • Perform security assessments of new technologies.
  • Perform third party security assessments of business partners

Respond

  • Perform incident response.
  • Investigate security events to identify incidents, and their degree of impact. Work through to resolution, escalating and engaging others as required.
  • Perform forensics analysis.

 Audit

  • Perform security reviews, and audits as required.
  • Participate in responding to risk assessments, requests for proposal, audits, and examinations as required.

Design

  • Develop and maintain information security policy, procedures, guidelines, baselines, and standards.

 Administrative

  • Maintains CISSP (or Associate of (ISC)2) certification and technical currency of job knowledge.
  • Generate ad hoc reports and queries in security tools as required.
  • Provide reporting on the state of the organizational security profile and activity.
  • Mentor other staff as required.
  • Other duties as assigned.

Required Skills

  • A minimum of three years’ demonstrated experience and strong skills with programming or scripting, including automation
  • Must possess broad general knowledge of information technology, including storage, networking, systems, databases, and firewalls
  • Additional experience as a systems or network engineer, database administration, or an equivalent technical role is desirable
  • Experience or familiarity with supporting a variety of security tools, including but not limited to host and network-based intrusion prevention/detection systems, firewalls, anti-malware, and content filtering, firewalls, vulnerability management, security information and event management; network detection and response, network and host-based data loss prevention, and asset management.
  • Experience with HITRUST, NIST CsF (SP800-171) security frameworks is desirable. Experience with or knowledge of other security frameworks or legislation is desirable.
  • Must possess excellent communication skills, with the ability to discuss technical concepts with non-technical people.
  • Proficient skills with MS Office applications, such as, Excel, PowerPoint, Word, Visio, Access, and Project.
  • Ability to work an on-call rotation, some after-hours, and weekends.
  • Ability to work well with others.
  • Must be detail oriented.

close