Primary Job Purpose

Are you interested in being an InfoSec professional at a company that truly values what you do? Come join us at Cambia where collectively we protect the data of millions of consumers who are using innovative products and services that will transform their healthcare.

General Functions and Outcomes

• Report on security metrics around vulnerabilities, viruses, email spam, malware, patch levels, etc.
• Provides reports and metrics on the health and welfare of Security within Cambia to the CISO.
• Responsible for the planning, design, enforcement, and review of technology events to help ensure compliance with security policies, standards, and procedures under appropriate management guidance.
• Establishes security standards for configuration of security devices; reviews new and existing operating and application systems, and network implementations for appropriate information protection.
• Establishes and monitors appropriate security safeguards within corporate information systems and networks across all computing platforms.
• Provides leadership, process and procedures for Security incident management
• Maintains knowledge of changing technologies, provides recommendations and feedback on adaptation of new technologies or policies.
• Assists in the delivery of security briefings to management advising them of critical issues and metrics that may affect customer or corporate security objectives.
• Communicate with various departments and business units regarding sensitive and confidential issues.
• Respond to inquiries regarding defined information security policies, standards, and procedures.
• Work with IT team members, Privacy Office, Human Resources and Legal office in the collective effort of protecting Cambia's information assets.
• May be primary person responsible for Vulnerability Management Program, including vulnerability assessment and mitigation facilitation.
• Ally with other IT functional areas to remain apprised of project and available technology status and inform customer management of progress; conversely, keep IT technology and management teams aware of user issues and potential potholes or resolve conflicts.
• Knowledge of the nature and sources of infrastructure, web application and database vulnerabilities, how to identify and exploit them.
• Have a broad range and expert knowledge of security assessment tools and manual security testing techniques.
• Broad knowledge of cyber security threats and techniques used by adversaries to compromise systems - both technical and non-technical techniques.
• Identify, collect, preserve, and analyze electronic information relevant to a case, incident or event of interest.
• Monitor threat and vulnerability management information resources to identify new and emerging enterprise concerns.
• Ability to assist with conducting forensic examination of electronic evidence, including computer related equipment, network devices and information systems.
• Assists in handling e-Discovery requests that come into IT providing timely reports to Cambia constituents on computer suspicious activities
• Management of the e-Discovery processes and evidence gathering techniques in adherence to Cambia's incident response policies. Ensure the integrity of electronic evidence so that it is admissible in a court of law through the use of evidentiary sound data collection, processing, storage techniques.
• Responsible for assisting with the planning, design, enforcement, and review of technology events to help ensure compliance with security policies, standards, and procedures under appropriate management guidance.
• Responsible for assisting with Social Engineering efforts.
• Experience conducting forensic examination of electronic evidence, including computer-related equipment, network devices and information systems.
• Provide subject matter expertise in the area of Security as it relates to forensic processes, incident management, vulnerability assessment, security configuration of operating and application systems
• Create analytical reports regarding forensic investigations, incidents, and vulnerability management.
• Demonstrated understanding of complex systems integration issues involving many disparate data sources, and experience in resolving them through providing clear direction on scope of solution.
• Responsible for the development and implementation of security technical role training; provides assistance and training to department staff and other company employees on issues relating to information security including policies and standards.
• Responsible for assisting with the identification and implementation of new security tools/solutions.

Minimum Requirements

• Demonstrated experience in management of Security incidents including: processes and procedures, security incident response teams, and providing management status and/or reports.
• Familiarity with Security industry best practices (HIPAA, ISO, NIST, etc.).
• Familiarity in industry standard tools and technology, which may include application development languages and packages, client/server systems, security (firewalls/encryption products), Web servers and applications, and various third-party utilities and tools for integrating applications with databases and legacy systems.
• Demonstrated ability to obtain relevant information, assess validity, and recommend the best solutions to complex business problems.
• Ability to express complex technical concepts in terms that are understandable to the business and simultaneously ensure confidentiality.
• Must be able to work effectively with other team members across the IT organization, management and business customers. Demonstrated ability to be flexible when changes in work are introduced, and be focused on finding solutions to meet the business needs.
• Able to work with general direction; manage own workload, resolve conflicting priorities and deliver on commitments.
• Must be able to effectively adapt to rapidly changing technologies and methodologies and apply them to technological and/or business needs.
• Excellent oral and written communication skills; ability to present and discuss technical information in a way that establishes rapport, persuades others, and gains understanding, with coworkers, staff, Human Resources, Law Enforcement and all levels of management.
• Demonstrated familiarity in industry standard tools and technology, which may include application development languages and packages, client/server systems, security (firewalls/encryption products),
• Web servers and applications, and various third-party utilities and tools for integrating applications with databases and legacy systems.
• Familiarity with regulatory and legal chain-of-evidence protocols. (At this level I would not expect them to be more than familiar)
• Experience with Security industry best practices (HIPAA, ISO, NIST, etc.).
• Demonstrated leadership skills for projects in a technology-oriented field with a high emphasis on communicative and interpersonal relationship skills.
• Demonstrated experience with Security industry best practices (HIPAA, ISO, NIST, etc.).
• Demonstrated experience in industry standard tools and technology, which may include application development languages and packages, client/server systems, security (firewalls/encryption products),
• Web servers and applications, and various third-party utilities and tools for integrating applications with databases and legacy systems.

Normally to be proficient in the competencies listed above

Security Engineer III would have a Bachelor's degree in Computer Science, Mathematics, Business Administration, or a related field. 6+ years of experience designing, implementing, and operating security technologies such as endpoint protection, vulnerability scanners, network firewalls, identity and access management, penetration testing, and intrusion detection/prevention; 1+ years of experience delivering training for security operations staff; 6+ years of experience creating security policies, standards, or procedures; or equivalent combination of education and experience.

Required Licenses, Certifications, Registration, Etc.

CISSP or other security-related certifications are preferred.

Work Environment

• No unusual working conditions
• May be required to work outside normal working hours
• Work is primarily performed in an office environment

We are an Equal Opportunity and Affirmative Action employer dedicated to workforce diversity and a drug and tobacco-free workplace. All qualified applicants will receive consideration for employment without regard to race, color, national origin, religion, age, sex, sexual orientation, gender identity, disability, protected veteran status or any other status protected by law. A background check is required.

If you need accommodation for any part of the application process because of a medical condition or disability, please email [email protected]. Information about how Cambia Health Solutions collects, uses, and discloses information is available in our Privacy Policy. As a health care company, we are committed to the health of our communities and employees during the COVID-19 pandemic. Please review the policy on our Careers site.