Job Description :
Requirements:
A minimum of 5 to 10 years of technical experience in Information Security at a large organization.
Experience with the following technologies:
o Intrusion Prevention Systems (IPS
o Internet firewalls.
o Web reverse-proxy servers.
o Web application firewalls.
o Strong authentication technologies including tokens, web persistent cookies, and biometrics.
o Security Incident & Event Management (SIEM) systems.
o Network anti-malware systems.
o Network Access Control (NAC
o Host and network based Data Loss Prevention (DLP) systems.
Ability to understand, and familiarity with, information security concepts and lexicon.
Proven ability to create and maintain technical documentation; including procedures, configuration settings, and documentation to support remediation of audit findings.
Ability to transfer knowledge to other security or operational staff.
Experience with qualitative and quantitate risk assessments.
Experience with evaluating new technology for security requirements.
Experience with creating hardening standards preferred.
Experience in an integrated health care environment for outpatient and inpatient patient populations required, academic setting preferred.
Team player that has a proven record of working in a highly collaborative, flexible, and fast-paced environment.

Responsibilities:
a. Evaluation of new technology for security requirements, working with the vendor to remediate any deficiencies, and making a recommendation to management.
b. Consulting with other IT teams on technical information security requirements.
c. IT Security project support and consulting. May include working closely with vendor Professional Services on project implementations.
d. Create documentation and perform knowledge transfer for assigned IT Security projects and initiatives.
e. Risk-based review and approval for firewall rules.
f. Administration of IronKey flash drives, Forefront TMG web proxy, Elastic search, and other security technologies.
g. Incident response for cyber events including email phishing and email alerts from industry sources.
h. Performing and documenting risk assessments; participate in development of documented remediation plans as necessary.
i. Other duties as assigned.