Security Software Configuration II Engineer

City/State: Saint Louis, Missouri

Categories: Information Services

Shift: Days

Job Status: Full-Time

Req ID: 90129

Pay Range: $92,248.00 - $150,238.40 / year (Salary or hourly rate is based on job qualifications and relevant work experience)

Additional Information About the Role

BJC is hiring for a Security Software Configuration II Engineer. This is a remote, but looking for MO or IL only.

We are looking for a security-minded individual who can think outside the box. The engineering team provides the tools for protection and investigations across the organization. Those tools are used by SIRT, TVM, and GRC teams. There is a Level 1 team to provide day-to-day operations support for the L2 Engineering team. We also support other teams and help educate on best practices and secure configurations. The team has a number of projects in motion at any given time, is pulled in to help problem-solve across a number of systems, and advises on any number of security matters. We are looking for broad IT experience across the spectrum. There are no specific licensure or certification requirements for this position.

Overview

BJC HealthCare is one of the largest nonprofit health care organizations in the United States, delivering services to residents primarily in the greater St. Louis, southern Illinois and southeast Missouri regions. With net revenues of $6.3 billion and more than 30,000 employees, BJC serves patients and their families in urban, suburban and rural communities through its 14 hospitals and multiple community health locations. Services include inpatient and outpatient care, primary care, community health and wellness, workplace health, home health, community mental health, rehabilitation, long-term care and hospice.

BJC is the largest provider of charity care, unreimbursed care and community benefits in the state of Missouri. BJC and its hospitals and health service organizations provide $785.9 million annually in community benefit. That includes $410.6 million in charity care and other financial assistance to patients to ensure medical care regardless of their ability to pay. In addition, BJC provides additional community benefits through commitments to research, emergency preparedness, regional health care safety net services, health literacy, community outreach and community health programs and regional economic development.

BJC's patients have access to the latest advances in medical science and technology through a formal affiliation between Barnes-Jewish Hospital and St. Louis Children's Hospital with the renowned Washington University School of Medicine, which consistently ranks among the top medical schools in the country.

IS Security Services serves as an independent, objective catalyst for implementing effective and efficient controls to protect BJC HealthCare (BJC) information resources through collaboration with customers. We provide value to our customers and the organization by: Ensuring compliance with internal policies and external regulations; evaluating information system and application controls; educating BJC employees and other strategic partners on information systems security practices and concepts; acting as a resource on security controls for new and existing information systems and applications; recovering mission critical applications and data vital to the organization and strategic partners; investigating practices not in compliance with established BJC Information Services security policies and standards.

Preferred Qualifications

Role Purpose

The Security Software Configuration - Engineer II role is responsible for helping architect, deploy and operate a secure application infrastructure that aligns with business needs. Supports operational innovation and providing security direction to the business to elevate the company's security posture within computing infrastructure. Deliver applications at scale and with resiliency to support business initiatives. Administrative and troubleshooting skills, and be knowledgeable about architecture, engineering and design principles. Adept at dealing with disparate applications and data systems to maintain the level of rigor required to adhere to business direction. Along with depth of system coverage, the role requires planning and design of policies and maintenance. Epic or applicable certifications will be required within 6 months of hire.

Responsibilities

• Engages in information security projects that evaluate existing security infrastructure and propose changes as defined by security leadership and architects. Additionally, deliver projects on time, within budget and in accordance with service level agreements (SLAs).Assists with incident response and system stability issues as they occur. This may include involvement outside of regular work hours, and responsiveness is expected.Implements solutions observing compliance - Health Information Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), Payment Card Industry (PCI), Sarbanes-Oxley Act (SOX), etc. - and privacy laws.Conducts performance testing to stress the limitations of security solutions while at the same time ensuring business innovation and day-to-day processes are not negatively impacted.
• Investigates catalogues of information and technology assets for vulnerability assessment. Performs vulnerability assessments and business impact analysis for medium complexity information systems.
• Explains the purpose of security controls and performs security risk and business impact analysis for medium complexity information systems. Identifies risks that arise from potential technical solution architectures. Designs alternate solutions or countermeasures and ensures they mitigate identified risks. Investigates suspected attacks and supports security incident management.
• Specifies requirements for environment, data, resources and tools to perform assessments. Reviews test results and modifies tests if necessary. Creates reports to communicate methodology, findings and conclusions. Advises on deception methods by exploiting identified patterns.
• Ensures that incidents are handled according to agreed procedures. Prioritizes and diagnoses incidents. Investigates causes of incidents and seeks resolution. Escalates unresolved incidents. Facilitates recovery, following resolution of incidents. Documents and closes resolved incidents. Contributes to testing and improving incident management procedures
• May be part of an after-hours on-call rotation.

Minimum Requirements

Education

• Bach Deg and/or Equivalent Exp

Experience

• 2-5 years

Preferred Requirements

Education

• Bachelor's Degree

Experience

• 10+ years

Supervisor Experience

• No Experience

Licenses & Certifications

• Cert Info Systems Manager
• CISSP
• Certified Ethical Hacker (CEH)
• Healthcare Information Sec

Benefits and Legal Statement

BJC Total Rewards

At BJC we're committed to providing you and your family with benefits and resources to help you manage your physical, emotional, social and financial well-being.

• Comprehensive medical, dental, vison, life insurance, and legal services available first day of the month after hire date
• Disability insurance paid for by BJC
• Pension Plan /403(b) Plan funded by BJC
• 401(k) plan with BJC match
• Tuition Assistance available on first day
• BJC Institute for Learning and Development
• Health Care and Dependent Care Flexible Spending Accounts
• Paid Time Off benefit combines vacation, sick days, holidays and personal time
• Adoption assistance

To learn more, go to

Not all benefits apply to all jobs

The above information on this description has been designed to indicate the general nature and level of work performed by employees in this position. It is not designed to contain or be interpreted as an exhaustive list of all responsibilities, duties and qualifications required of employees assigned to this job. Equal Opportunity Employer