Job Summary
The Security Engineer is responsible for implementing, maintaining, monitoring, and improving the health system’s cybersecurity technologies and controls to protect patient, clinical, financial, and operational information assets. This position works closely with Information Security, Information Technology, Clinical Engineering, and business stakeholders to support the organization's cybersecurity program through the deployment and management of security tools, vulnerability remediation efforts, incident response activities, and security monitoring functions. The Security Engineer serves as a technical resource for cybersecurity operations and helps ensure compliance with healthcare regulatory requirements, industry standards, and organizational security policies.
Essential Job Functions
The following duties are normal for this position. The omission of specific statements of duties does not exclude them from being expected of this position if the work is similar, related, or a logical assignment for this position. Other duties may be required.
§ Responsible for Tool Administration (MFA, EDR, Email Security), Integrations, Automation, Vendor Coordination
§ Specific Project Focus on MFA Expansion, SOAR Workflows, Security Awareness Tooling
§ Technical ownership of:
§ Encryption & Certificate Management
§ Data Loss Prevention (Endpoint & Email)
§ Endpoint Security & PowerShell Controls
§ SIEM Integration & Incident Response Coordination
§ Monitor security alerts and events, investigate potential threats, and coordinate response and remediation activities.
§ Participate in cybersecurity incident response activities, including containment, eradication, recovery, and post-incident analysis.
§ Conduct vulnerability assessments and assist with vulnerability remediation efforts across servers, workstations, network devices, cloud environments, and applications.
§ Support the deployment, configuration, and maintenance of security controls and technologies.
§ Monitor and analyze security logs, threat intelligence feeds, and system activity to identify suspicious or unauthorized activity.
§ Assist with securing cloud environments, including Microsoft Azure, AWS, and Microsoft 365 platforms.
§ Collaborate with IT infrastructure, networking, application, and clinical technology teams to implement security controls and best practices.
§ Support third-party risk management activities by assisting with security reviews and vendor assessments.
§ Participate in periodic security assessments, penetration tests, and audit activities.
§ Assist in the development and maintenance of security documentation, procedures, standards, and technical guidelines.
§ Support data protection initiatives, including encryption, data loss prevention, and secure data handling practices.
§ Assist with business continuity and disaster recovery planning and testing efforts from a cybersecurity perspective.
§ Maintain cybersecurity asset inventories and ensure security tools are functioning as intended.
§ Participate in after-hours support and cybersecurity incident response activities as required.
§ Stay current on emerging cybersecurity threats, vulnerabilities, technologies, and healthcare industry risks
Knowledge & Skills
Education & Experience
§ Bachelor's degree in Information Technology, Information Security, Computer Science, Engineering, or a related field required.
§ Equivalent combination of education and relevant experience may be considered.
§ Minimum of 3 to 5 years of experience in cybersecurity, information technology, network administration, systems administration, or a related technical field.
§ Experience supporting enterprise cybersecurity technologies and security operations functions.
§ Experience working with security monitoring, endpoint protection, vulnerability management, or identity and access management solutions.
§ Experience supporting Microsoft Windows Server, Active Directory, Microsoft 365, and enterprise networking environments.
§ Experience with cloud platforms such as Microsoft Azure and/or AWS preferred.
§ Experience in a healthcare, hospital, or highly regulated environment preferred.
§ Familiarity with cybersecurity frameworks such as NIST Cybersecurity Framework (CSF), CIS Controls, HITRUST, and ISO 27001 preferred.
Special Skills & Knowledge
§ Working knowledge of cybersecurity principles, technologies, and best practices.
§ Understanding of network security concepts, including firewalls, VPNs, intrusion detection/prevention systems, segmentation, and secure remote access.
§ Knowledge of endpoint security technologies, including EDR/XDR platforms.
§ Familiarity with SIEM technologies and security event analysis.
§ Understanding of vulnerability management processes and remediation practices.
§ Knowledge of identity and access management concepts, including Active Directory, Entra ID, MFA, and privileged access controls.
§ Understanding of cloud security principles and security controls for Microsoft Azure, AWS, and Microsoft 365 environments.
§ Familiarity with incident response methodologies and cybersecurity investigations.
§ Knowledge of healthcare cybersecurity risks, HIPAA Security Rule requirements, and protection of electronic protected health information (ePHI).
§ Ability to analyze technical issues and recommend practical solutions.
§ Strong troubleshooting and problem-solving skills.
§ Ability to prioritize multiple tasks and respond effectively in a fast-paced operational environment.
§ Strong written and verbal communication skills.
§ Ability to document technical procedures, findings, and recommendations clearly and accurately.
§ Ability to work independently as well as collaboratively within cross-functional teams.
§ Commitment to continuous professional development and staying current with evolving cybersecurity threats and technologies.
§ Ability to explain technical cybersecurity concepts to non-technical stakeholders when necessary.
Licenses, Certifications, etc.
Relevant certifications such as Security+, CySA+, GSEC, SSCP, SC-200, SC-300, AZ-500, CISSP (Associate), or equivalent preferred.
Requirements
Supervisory Responsibility
§ N/A
Working Conditions & Travel Requirements
§ Hybrid in Austin, TX or Nashville, TN.
§ Travel as needed
Fortified Health Security is an Equal Opportunity Employer. In compliance with the Americans with Disabilities Act, Fortified Health Security will provide reasonable accommodations to qualified individuals with disabilities. If a reasonable accommodation is needed to perform this position, you need to inform Fortified Health Security People and Culture Team of such request. Signatures below indicate the receipt and review of this job description by the associate assigned to the position and the People and Culture Team.
