• Security Engineer

    HCA Healthcare (Asheville, NC)


    Description

    Introduction

     

    Experience the HCA Healthcare difference where colleagues are trusted, valued members of our healthcare team. Grow your career with an organization committed to delivering respectful, compassionate care, and where the unique and intrinsic worth of each individual is recognized. Submit your application for the opportunity below:Security EngineerHCA Healthcare. **Local candidates preferred.**

     

    Benefits

     

    HCA Healthcare offers a total rewards package that supports the health, life, career and retirement of our colleagues. The available plans and programs include:

     

    + Comprehensive medical coverage that covers many common services at no cost or for a low copay. Plans include prescription drug and behavioral health coverage as well as free telemedicine services and free AirMed medical transportation.

    + Additional options for dental and vision benefits, life and disability coverage, flexible spending accounts, supplemental health protection plans (accident, critical illness, hospital indemnity), auto and home insurance, identity theft protection, legal counseling, long-term care coverage, moving assistance, pet insurance and more.

    + Free counseling services and resources for emotional, physical and financial wellbeing

    + 401(k) Plan with a 100% match on 3% to 9% of pay (based on years of service)

    + Employee Stock Purchase Plan with 10% off HCA Healthcare stock

    + Family support through fertility and family building benefits with Progyny and adoption assistance.

    + Referral services for child, elder and pet care, home and auto repair, event planning and more

    + Consumer discounts through Abenity and Consumer Discounts

    + Retirement readiness, rollover assistance services and preferred banking partnerships

    + Education assistance (tuition, student loan, certification support, dependent scholarships)

    + Colleague recognition program

    + Time Away From Work Program (paid time off, paid family leave, long- and short-term disability coverage and leaves of absence)

    + Employee Health Assistance Fund that offers free employee-only coverage to full-time and part-time colleagues based on income.

     

    Learn more about Employee Benefits (https://careers.hcahealthcare.com/pages/employee-benefits-and-rewards)

     

    _Note: Eligibility for benefits may vary by location._

     

    We are seeking a Security Engineer for our team to ensure that we continue to provide all patients with high quality, efficient care. Did you get into our industry for these reasons? We are an amazing team that works hard to support each other and are seeking a phenomenal addition like you who feels patient care is as meaningful as we do. We want you to apply!

     

    Job Summary and Qualifications

     

    The IPS Field Security Engineer will support Division and Facility Network/System Engineers and Administrators by analyzing a wide range of applications, network configurations, and security architectures to ensure the security, integrity, and regulatory compliance of critical information transmitted or stored within the enterprise. Their role is to facilitate the discovery of information and IT-related risks, apply critical thinking to assumptions and develop the right security position/priorities that: first, attain compliance; second, address the material risks to the company while allowing the business to attain its objectives. This position blends cybersecurity engineering with system infrastructure expertise to support risk management, threat mitigation, infrastructure reliability, and compliance with IT and security standards.

     

    The IPS Field Security Engineer will work across multiple domains of information security (i.e. Security and Risk Management, Asset Security, Security Architecture and Engineering, Network Security, Identity and Access Management, Security Assessment and Testing, and Security Operations), providing consultation, assessments, and security/technical guidance to business units and IT teams.

    Major Responsibilities:

    Risk Management and Security Consulting

    + Serves as an internal information security consultant to the enterprise while balancing the needs of the business.

    + Research and recommend solutions that meet security standards while ensuring functionality for business continuity.

    + Drive and manage execution of corrective actions to address deficiencies identified during risk assessments.

    + Translate security standards and regulatory requirements into actionable technical and business requirements.

    + Lead and support the IPS program by assessing new applications and technologies and ensuring they are implemented in accordance with company standards

    + Partner with appropriate stakeholders on vulnerability remediation

    + Engage in Architecture Review Committee discussions to identify and address Third Party solution variance from company standards

    + Support, coordinate, and manage incident response and investigation activities

    + Evaluate and recommend security solutions that balance risk mitigation with business functionality

    + Drive ongoing compliance with IPS policies, standards, and operational procedures

    + Serve as an internal security consultant across business units

    + Manage operational processes that monitor and respond to potential security threats

    Security Engineering & Architecture

    + Evaluate new and proposed security technologies and assist in their integration

    + Assist in the design and implementation of secure network, application, and system architectures.

    + Partner with IT colleagues to assure ongoing maturity of IT operational security controls.

    + Participate in the development and testing of disaster recovery and contingency plans

    + Security Operations and Threat Management

    + Partner with corporate and local departments as required to facilitate rapid response to cybersecurity events.

    + Maintain awareness of emerging threats, vulnerabilities, and mitigation techniques.

    + Oversee processes for review and approval of security exception requests.

    Vendor Systems Security

    + Partner with appropriate business and IT leadership to help ensure systems, services, and devices receive appropriate assessments and remediation as part of local on-boarding processes.

    + Partner with business and IT leadership to ensure proper controls are in place for existing vendor-maintained solutions.

    + Performs other duties as assigned

    + Practices and adheres to the “Code of Conduct” philosophy and “Mission and Value Statement.”

    Education & Experience:

    + Bachelor's degree required

    + Master's degree preferred

    + 3+ years of experience in a relevant field required

    + 3+ years of experience in security risk management, information security domains, and/or hospital operations preferred, or equivalent combination of education and/or experience

    Licenses, Certifications, & Training:

    + CISSP, CISA, CISM, CCNA, MCSA or other relevant certifications in network administration or information security preferred

    Required Knowledge, Skills, Abilities, Behaviors:

    + Knowledge of supported operating systems (Windows server and VMware ESX), utilities, vendor products, applicable programming languages and scripting, diagnostic techniques, applicable communications protocols, applicable hardware configurations

    + Must have 1+ years of experience in deploying technically complex infrastructure computing solutions across platforms and components.

    + Knowledge of virtual technology, such as, Citrix, VMWare ESX, IBM LPARs, VIO servers, and micro partitions.

    + Knowledge of OS environment running one or more databases including SQL, Oracle, DB2.

    + Experience in one or more of the following: NetBackup, Data Domain, or CommVault

    + Applicable communication protocols and hardware configurations

    + Statistical and analytical tools for systems monitoring

    + Working knowledge of information security concepts, including risk management, engineering, networking, and cloud.

    + Understanding of cloud fundamentals and concepts, as well as experience with a popular cloud provider, like Microsoft, Google, or Amazon.

    + Excellent written and oral skills

    + Demonstrates a high degree of initiative, dependability, and the ability to work with minimal supervision.

    + Possesses a sense of responsibility and accountability – one who takes ownership and initiative.

    + Creative thinker, always looking for a “better way” to deliver value; not stopped or discouraged by adversity.

    + Maintains professional demeanor, appearance, and positive attitude.

    + Adaptable and flexible, with the ability to handle ambiguity and sometimes changing priorities.

    Travel Required

    + The job may require up to 30% travel.

     

    HCA Healthcare has been recognized as one of the World's Most Ethical Companies® by the Ethisphere Institute more than ten times. In recent years, HCA Healthcare spent an estimated $3.7 billion in cost for the delivery of charitable care, uninsured discounts, and other uncompensated expenses.

     

    "There is so much good to do in the world and so many different ways to do it."- Dr. Thomas Frist, Sr.

     

    HCA Healthcare Co-Founder

     

    If you find this opportunity compelling, we encourage you to apply for our Security Engineer opening. We promptly review all applications. Highly qualified candidates will be directly contacted by a member of our team. **We are interviewing - apply today!**

     

    We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.