Skip To Content
IT@2X
J190907

Cloud Security Engineer

Highmark Health

  • Company Hignmark Health
  • Home, PA
  • IS/IT
  • Full time
  • Day (United States of America)

Company :

Highmark Health

Job Description : 

Information Security & Risk Mgmt at Highmark Health is more than just “cyber security”, it’s about ensuring our patients and members are protected and can get the care they need without disruption. We are trusted SMEs with diverse points of view and skills synthesizing security solutions for our enterprise and customers. In addition to hard technical skills and soft non-technical skills, we have a strong emphasis on core middle skills like change management, storytelling, measurement / quantification, agile and human centered design. We are a highly engaged team who values professional development and growth – not just with formalized career development, but with weekly learning opportunities, speaking engagements and leadership involvement in professional organizations.  We believe inertia is our prime enemy and relentless incrementalism is our ultimate weapon. That’s why we are innovators, collaborators, solutioners, and thinkers. Our work is not easy and the challenges only get tougher; if that’s the kind of environment you’re seeking, then we want to talk to you.   

JOB SUMMARY

Cloud Security Engineers are responsible for the secure operations of cloud infrastructure, platforms, and software, including the installation, maintenance, and improvement of cloud computing environments. They also help develop new designs and security strategies across cloud-based applications, including infrastructure, platform, and SaaS.

ESSENTIAL RESPONSIBILITIES

•             Architect, build and maintain security controls in the Cloud environment

•             Develop design patterns, standards and best practices for Cloud security

•             Build large scale IaC using Terraform

•             Support engineering teams in developing secure Cloud infrastructure

•             Design and configure monitoring solutions (Splunk)

•             Identify gaps in our security posture and prioritize remediation efforts

•             Knowledge and understanding of application and security event logging systems

•             Review cloud architecture and advise development teams on strong Network and Infrastructure Security Design principles and identification of issues prior to systems or deployment

•             A development background, familiarity with cloud-based security tools, automation, DevOps, and full stack engineering.

•             Design and develop automation workflows, performing unit tests and conducting reviews

•             Create and maintain documentation as it relates to cloud security designs/configurations, processes, standards and recommendations.

•             Collaborate with senior management and department leaders to assess near- and long-term cloud security needs

REQUIRED EDUCATION

Bachelor’s Degree - Computer science, information systems, or related field

Substitutions

5 years' of information security engineering

EXPERIENCE

Minimum: 

  • 3 - 5 years' experience with information security and systems analysis
  • Previous experience with Google, Azure, AWS or Oracle Cloud        
  • IaC using Terraform                   
  • 3 - 5 years' with information security and/or information risk management and/or information technology                   
  • 3 - 5 years' with operating systems and software administration                             
  • 3 - 5 years' developing, communicating and presenting information security and risk management concepts to varying audiences                       
  • 3 - 5 years' with technologies such as Intrusion Prevention Systems (IPS), firewalls, endpoint protection, web/email filtering, Data Loss Prevention (DLP), digital rights management, encryption, Security Event and Incident Management (SEIM), and virtualization platforms

Preferred: 

  • 5 - 7 years' experience with information security and systems analysis                         
  • 1 - 3 years' experience working within an information security function using the HITRUST Common Security Framework (HITRUST CSF), or the NIST 800-83 cyber security framework
  • 3 - 5 years' IT/information security risk advisory experience
  • 3 - 5 years' In-depth understanding of network security architecture, network and networking protocols                 
  • 3 - 5 years' database management, system administration and software development lifecycle

SKILLS

  • Knowledge of HITRUST CSF, NIST 800-83 cyber security framework, PCI, HIPAA, HITECH, COBIT, ISO 27001/2, and ITIL 3    
  • Familiarity with secure SDLC best practices                           
  • Knowledge of Microsoft Apps and Suites, Windows Server, SharePoint, etc.                 
  • Strong teamwork and inter-personal skills

PREFERRED LICENSURE

Certified Information Systems Security Professional (CISSP), Security +

Level: 3

Compliance Requirement: This position adheres to the ethical and legal standards and behavioral expectations as set forth in the code of business conduct and company policies

As a component of job responsibilities, employees may have access to covered information, cardholder data, or other confidential customer information that must be protected at all times. In connection with this, all employees must comply with both the Health Insurance Portability Accountability Act of 1996 (HIPAA) as described in the Notice of Privacy Practices and Privacy Policies and Procedures as well as all data security guidelines established within the Company’s Handbook of Privacy Policies and Practices and Information Security Policy. Furthermore, it is every employee’s responsibility to comply with the company’s Code of Business Conduct. This includes but is not limited to adherence to applicable federal and state laws, rules, and regulations as well as company policies and training requirements. 

Highmark Health and its affiliates prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, national origin, sexual orientation/gender identity or any other category protected by applicable federal, state or local law. Highmark Health and its affiliates take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, national origin, sexual orientation/gender identity, protected veteran status or disability.

Highmark Health and its affiliates prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, age, religion, sex, national origin, sexual orientation/gender identity or any other category protected by applicable federal, state or local law. Highmark Health and its affiliates take affirmative action to employ and advance in employment individuals without regard to race, color, age, religion, sex, national origin, sexual orientation/gender identity, protected veteran status or disability. 

EEO is The Law

Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled/Sexual Orientation/Gender Identity ( https://www.eeoc.gov/sites/default/files/migrated_files/employers/poster_screen_reader_optimized.pdf )

We endeavor to make this site accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact number below.

For accommodation requests, please contact HR Services Online at HRServices@highmarkhealth.org

California Consumer Privacy Act Employees, Contractors, and Applicants Notice


Thumbnail Join Talent Community@2X

Connect with a career that’s right for you.

Introduce yourself and we'll get in touch monthly to share career insights and company news.

Join Our Talent Community