Lead Cyber Security Engineer Remote

Roanoke, VA, US, 24016

Employment Status:  Full time
Shift:  Day
Facility:  Technology Services Group
Requisition Number:  120394

Job Summary

The Lead Cybersecurity Engineer is involved in the full security life cycle in a multi-platform environment. This role will assist in maintaining an efficient and secure enterprise infrastructure that offers secure and uninterrupted service for our patients and staff. The Lead Cybersecurity Engineer is responsible for designing, implementing, and sustaining risk appropriate solutions in response to business requirements in all compute and storage platforms in a complex environment. This position will support and use a portfolio of hardware and software solutions that provide cyber defenses across the entire spectrum of the cyber-attack chain from data and identity to enabling disaster recovery. This role is central to the efficient and effective use of platform security solutions, including mobile, cloud, and Carilion Clinic-hosted environments with the overall goal of enhancing and maturing Carilion Clinic’s cybersecurity maturity. This role will serve as a subject matter expert for the organization on cyber security matters and represent the department in cross-functional team settings. Rotating shifts, including after hours on-call, and working weekends or irregular long hours as well as occasional overnight travel.


Key tasks include: 

  • Plan, implement, manage, monitor, and upgrade best in class security measures for the protection data, systems, and networks, both on premise and in the cloud.
  • Participate and lead enterprise level projects/initiatives
  • Guide others in testing and identifying network and system vulnerabilities.
  • Oversee others in responding to all security breaches to the network and associated systems.
  • Oversee engineering support and system administration of specialized cybersecurity applications.
  • Develop information systems security action plans, evaluates information security products, and perform other activities necessary to secure the organization
  • Lead all aspects of configuration management of assigned systems; auditing systems to ensure security posture integrity
  • Assist with the design, documentation, testing, maintenance, and troubleshooting of security solutions related to networking, cryptography, cloud, authentication and directory services, email, internet, applications, and endpoint security

 

Minimum Qualifications

Education: Bachelor's Degree in a related field or equivalent work experience.


Experience: Minimum Eight years of progressively responsible experience in cyber security, security engineering, network engineering, computer incident response, systems architecture, digital platform security (cloud), or related experience required. Six years dedicated to the information sector. Experience with cyber threat hunting for indicators of compromise, malware forensic analysis, Tactics, Threat Procedures (TTP) preferred. Experience performing vulnerability assessments and penetrations testing. Knowledgeable network firewall and intrusion prevention appliance order of operations. Proficiency in one or more general purpose programming/script languages such as Java, C/C++, C#, Python, JavaScript, Bash, and PowerShell. The ability to communicate effectively to diverse audiences and properly translate security and risk management terminology into business terms for these stakeholders Experience with securing containerized technologies (examples – Docker, Kubernetes, etc.) Deep technical knowledge of cyber security risks, threats, and defenses to effectively assess the security implications and requirements for the introduction of new cloud technologies Experience working on integrating cloud services with common and industry standard cloud-native/cloud-friendly security mechanisms (protect, detect, breach response, and recovery) In-depth knowledge of the security and compliance capabilities of cloud platforms.

Other Experience: Minimum seven years of experience in security administration experience in a large, complex environment. Experience in monitoring and supporting IDS/IPS, Firewall, SIEM, DLP, and log aggregation hardware/software required.

Licensure/Certification:

Valid Virginia drivers' license and dependable transportation.

ISC2 CISSP

ISC2 CCSP 

Other: Good organizational skills, analytical, dependable, detail oriented, interpersonal skills, and understanding of the English language (both written and oral).  Must have thorough understanding of the 7-layer OSI model.  Must have understanding and experience with Enterprise class security products such as web proxy, reverse proxy, load balancing, IDS/IPS, DLP, Firewall, IPsec/SSL VPN, WAN/LAN, DDOS prevention, wireless and remote connectivity.  Must have understanding and experience with Infrastructure security, including windows, Unix/Linux, desktop/laptop, and mobile security, hands-on experience in packet capturing and analyzing logs, as well as knowledge of cryptography and PKI.  Must have thorough understanding of compliance frameworks and requirements such as PCI, HIPAA, HITECH, SOX, etc.  Must have operational knowledge of threat landscape, security threat and vulnerability management, and security monitoring and analytics.   Must have excellent problem solving skills, and be customer service oriented.

Our Values

Below are our core values that we strive to embody and expect of all our team members:

Collaboration: Working together with purpose to achieve shared goals.

Commitment:  Unwavering in our quest for exceptional quality and service.

Compassion:  Putting heart into everything we do.

Courage:  Doing what’s right for our patients without question.

Curiosity:  Fostering creativity and innovation in our pursuit of excellence.

 


Requisition Number: 120394 
Employment Status: Full time 
Location: Technology Services Group 
Shift: Day 
Shift Details: Monday through Friday, On-Call Schedule
Recruiter: MARK A MISKOVIC 
Recruiter Phone:  
Recruiter Email: mamiskovic@carilionclinic.org


This is Carilion Clinic ...

An organization where innovation happens, collaboration is expected and ideas are valued. A not-for-profit, mission-driven health system built on progress and partnerships. A courageous team that is always learning, never discouraged and forever curious.

Headquartered in Roanoke, Va., you will find a robust system of award winning
hospitals, Level 1 and 3 trauma centers, Level 3 NICU, Institute of Orthopedics and Neurosciences, multi-specialty physician practices, and The Virginia Tech Carilion School of Medicine and Research Institute.

Carilion is where you can make your own path, make new discoveries and, most importantly, make a difference. Here, in a place where the air is clean, people are kind and life is good. Make your tomorrow with us.

Equal Opportunity Employer

Minorities/Females/Protected Veterans/Individuals with Disabilities/Sexual Orientation/Gender Identity

Carilion Clinic is a drug-free workplace.

Carilion Total Rewards

What matters to you is important to us—like benefits, rewards, and resources to improve your life. Carilion understands the importance of prioritizing your well-being to help you develop and thrive. When you make your tomorrow with us, we’ll enhance your potential to realize the best in yourself. Below are benefits available to you when you join Carilion:

  • Employer Funded Pension Plan, vested after five years (Voluntary 403B)
  • Comprehensive Medical, Dental, & Vision Benefits
  • Flexible Work Arrangements/Schedules
  • Remote Work Options
  • Paid Time Off (accrued from day one)
  • Onsite fitness studios and discounts to our Carilion Wellness centers
  • Access to our health and wellness app, Virgin Pulse
  • Discounts on childcare
  • Continued education and training

Find more about Carilion Clinic’s benefits by vising our Total Rewards Page.


Equal Opportunity Employer
Minorities/Females/Protected Veterans/Individuals with Disabilities/Sexual Orientation/Gender Identity
Carilion Clinic is a drug-free workplace.


Nearest Major Market: Roanoke

Job Segment: Cyber Security, Cloud, Testing, Risk Management, Network Engineer, Security, Technology, Finance, Engineering