Job # 439271 Date posted 01/20/2023 Description LifePoint Health is recruiting for a Sr. Cybersecurity Engineer to join our team. This is a remote position. LifePoint Health is a leader in community-based care and driven by a mission of Making Communities Healthier. Our diversified healthcare delivery network spans 29 states and includes 63 community hospital campuses, 32 rehabilitation and behavioral health hospitals, and more than 170 additional sites of care across the healthcare continuum, such as acute rehabilitation units, outpatient centers and post-acute care facilities.We believe that success is achieved through talented people. We want to create places where employees want to work, with opportunities to pursue meaningful and satisfying careers that truly make a difference in communities across the country. Summary: A well-qualified candidate will be responsible for the analysis and response to 3rd level security events. This will require knowledge for working information security alerts though the use of a Security Information and Event Manager (SIEM) to triage, mitigate, and escalate issues as needed while capturing essential details and artifacts. On-call responsibilities will be required. The candidate will need to demonstrate proficiency with the tools and processes mentioned in the Knowledge/Skills/Abilities section. Essential Functions: Act as liaison with solution owners and IT groups to ensure understanding of security principles Possess strong analytical, collaborative, problem solving, organizational and planning skills Possess strong written and oral interpersonal skills Collaborate with members of the LifePoint Information Security department, application owners, software architects, and administrators. Ability to keep CISO and senior executives informed of security incidents and answer security related questions/concerns of senior executives in clear, concise, understandable manner. Ability to work independently as needed. Ensure that all solutions set up for security and monitoring can effectively monitor and report upon security events happening within the environment Stay informed on attacks and vulnerabilities on all types of systems, including all Microsoft Windows system, AIX, Linux, Cisco IOS, Apple OS X and audit compliance of Vulnerability Management Program Make recommendations for changes to the environment that can help in the removal of vulnerabilities and reduction in the risk of exploitation that may result in potential incidents Initiate and produce custom scripts needed to make logging and alerting requirements easy and effective Architect, design, implement, maintain, and operate information system security controls and countermeasures. Analyze and recommend security controls and procedures in acquisition, development, and change management lifecycle of information systems, and monitors for compliance. Analyze and recommend security controls and procedures in business processes related to use of information systems and assets, and monitors for compliance. Monitor information systems for security incidents and vulnerabilities; develop monitoring and visibility capabilities; report on incidents, vulnerabilities, and trends. Responds to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches; interacts and coordinates with third-party incident responders, including law enforcement. Analyze and develop information security policies, procedures, standards, baselines and guidelines with respect to information security. Assess, plan, and enact security measures to help protect an organization from security breaches and attacks on its computer networks and systems. Oversee penetration tests and vulnerability scans to identify vulnerabilities, and consulting with technical teams on remediation of identified vulnerabilities. Evaluate, test, and recommend security software to help protect the company's data Develop and conduct tabletop exercises testing the incident response plan Knowledge/Skills/Abilities: Healthcare experience is preferred Excellent written and verbal communication skills Possess a high level of technical knowledge of security platforms including: Palo Alto Firewalls/IDS/IPS Cisco ASA Firewalls Proofpoint email protection Mimecast email protection Crowdstrike Spunk SIEM Netskope CASB Symantec DLP Required: Investigate security incidents through log analysis, interviewing, evidence collection and preservation, and forensics. Utilize sensor data and correlated logs containing IDS/IPS, Antivirus, Windows events, web, and similar data to establish context and identify false-positives and false-negatives. Perform security analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, Mac Operating System (OS), UNIX, Linux, and mainframes Candidates will be expected to have enough familiarity with security systems and principles and be able to function interchangeably within a team of engineers to support a cross functional approach within a highly complex and interconnected networked environment. Utilize sensor data and correlated logs containing IDS/IPS, Antivirus, Windows events, web, and similar data to establish context and identify false-positives and false-negatives. Perform analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, Mac Operating System (OS), UNIX, Linux, and mainframes Candidates will be expected to have enough familiarity with multiple systems that they can function interchangeably within a team of engineers and support a cross functional approach to resolving issues within a highly complex and interconnected networked environment. Qualifications Education: Bachelor's degree in computer science, information systems, cybersecurity, or a related field. Relevant experience may be substituted in some cases Licenses/Certifications: Desired: Certifications such as: CISSP Security Essentials - SEC401 GIAC GCIH/GCIA Hacker Guard: Security Baseline Training - SEC464 CEH Experience: 5+ years of experience in a cybersecurity discipline at a senior level. Experience working security events as a cybersecurity engineer events in a team environment. Review of network controls such as firewall rules. Ability to consult with IT stakeholders as needed Depending on Candidate's qualifications, we may fill this at a different level.