Job Description

MAJOR FUNCTION:

The Information Security Engineer II is a key member of the Information Security team, responsible for designing, implementing, and leading core security engineering and architectural deliverables. This role requires deep technical expertise and the ability to work independently, driving security initiatives across the healthcare system. The Information Security Engineer II collaborates with leadership, stakeholders, and subject matter experts to develop secure, scalable solutions that align with regulatory requirements, business objectives, and evolving cybersecurity threats.

The Information Security Team's primary purpose is to ensure the resiliency, security, and integrity of the organization's computing environment, protect patient and employee confidential information, and comply with regulatory requirements nationally. In partnership with Clinical, Financial, Knowledge Management, Ambulatory and Systems Engineering teams, the Information Security Team drives Information Security standards into delivered solutions. This position provides a hybrid work environment allowing the Information Security Engineer to work from a home environment and on site at Inspira.

QUALIFICATIONS:

Education & Experience:

•High School diploma or GED required. BA or BS Degree in Computer Information Technology or related degree is preferred. Candidates must meet any minimum position experience and/or certification requirements to be eligible for consideration.

•5+ years of experience in the Information Security field as an Information Security Analyst or Engineer

•3+ years of experience leading enterprise-class security projects with minimal supervision.

•Ability to design, implement and maintain security solutions such as EDR (Endpoint Detection & Response), MDR (Managed Detection & Response) solutions, Vulnerability Management solutions, and DLP (Data Loss Prevention) programs.

•Extensive hands-on experience with security tools and technologies, including SIEM, SOAR, network traffic analysis, email security gateways, and asset management systems.

•Strong understanding of network security principles, segmentation strategies, and Zero Trust methodologies.

•Experience with forensic analysis, penetration testing, and security event correlation.

•Strong documentation skills and experience creating Project Plans, Visio Diagrams, SOPs, RFPs, etc.

•Experience leading security automation initiatives using scripting languages such as Python, PowerShell, or Bash is a plus.

•Familiarity with Infrastructure as Code (IaC) security in DevSecOps environments is highly desirable.

•Strong interpersonal skills, in addition to effective customer interaction skills

•Familiarity with threat hunting and overseeing vulnerability management programs.

•Knowledge of Logical Access Controls and Least Privilege reviews

•Strong knowledge in NIST Risk Management Framework, HIPAA compliance, PCI Guidelines and CIS Benchmarks

•Ability to work well under deadlines and in a fast-paced environment.

Certification/ Licensure:

•CompTIA Security+ preferred.

•CompTIA Advanced Security Practitioner (CASP+) preferred.

Physical Requirements

Place an N, O, F or C in the boxes below

N: Never O: Occasionally (0%) F: Frequently (20%-80%) C: Constantly >80%)

Lifting 0lbs

O

Standing

O

Sitting

C

Lifting 20-50lbs

O

Climbing

N

Kneeling

O

Lifting>50lbs

N

Crouching

O

Reaching

O

Carrying

O

Hearing

O

Walking

F

Pushing

O

Talking

C

Vision

C

Environmental Conditions

Noise

N

Varied Temperatures

N

Cleaning Agents

N

Noxious odors

N

Patient Exposure

N

Operative Equipment

N

Position Responsibilities

Lead the architectural design and implementation of enterprise security solutions, ensuring alignment with industry best practices and regulatory requirements (e.g., HIPAA, PCI, NIST).

Independently drive security engineering projects, including but not limited to:

•Zero Trust architecture adoption

•Network segmentation and redesign

•Identity and Access Management (IAM) modernization

•Cloud security governance

•Advanced threat protection and endpoint security solutions

•Design, implement, and maintain secure systems, including servers, firewalls, intrusion detection/prevention systems, and other security devices.

•Establish and enforce security policies, standards, and best practices across IT, Infrastructure, and third-party integrations.

•Conduct security risk assessments and vulnerability management, overseeing proactive threat hunting efforts to mitigate risks in healthcare IT environments.

•Act as a subject matter expert (SME) in security architecture, advising on secure network and system design, including micro-segmentation, software-defined networking, and next-generation firewalls.

•Spearhead the evaluation, selection, and deployment of security technologies such as:

•Extended Detection and Response (XDR)

•Managed Detection and Response (MDR)

•Security Information and Event Management (SIEM)

•Data Loss Prevention (DLP)

•Privileged Access Management (PAM)

•Network Access Control (NAC)

•Lead incident response efforts, forensic investigations, and root cause analysis of security events.

•Provide mentorship and technical guidance to Information Security Analysts and junior engineers, fostering a culture of continuous improvement and knowledge sharing.

•Oversee and improve security monitoring, log analysis, and automated security response workflows using SIEM and SOAR platforms.

•Ensure compliance with cybersecurity frameworks such as NIST CSF, CIS Benchmarks, HITRUST, and ISO 27001.

•Develop and maintain security documentation, including security architecture diagrams, standard operating procedures, project plans, and governance reports.

•Collaborate with executive leadership and IT teams to align security initiatives with business objectives, balancing security with operational efficiency.

BENEFITS INFORMATION:

Click Here to Review Our Great Benefits Offerings