Information Security Engineer

Job Description

UNITE HERE HEALTH serves 190,000+ workers and their families in the hospitality and gaming industry nationwide. Our desire to be innovative and progressive drives us to develop impactful programs and benefits designed to engage our participants in managing their own health and healthcare. Our vision is exciting and challenging. Please read on to learn more about this great opportunity!

The role will deliver direct support and mentorship to junior members of the information security team, perform Security-centric gap analysis on new IT and business efforts, and provide solution assessments to rectify those gaps. Additionally, the position will produce documentation at the procedure and standards level, codifying and standardizing the team’s Information Security Mission, as well as driving the maturity objectives of the Security Program.

ESSENTIAL JOB FUNCTIONS AND DUTIES

· "Security first” attitude in all actions and conduct

· Research and analyze software designs & implementations in a security context

· Respond to alerts, adjudicate Indicators of Compromise, correlate data, advise leadership, participate in corrective actions, and provide direct support to incident response

· Collaborate with Security Leadership on strategic objectives, translate those objectives to actionable methods

· Partner with business leadership and business units on security program controls

· Assist with the technical implementation of security controls and the management of control adoption

· Execute and deliver planned software security program deliverables to the software development teams

· Complete security risk assessments on all Fund external and internal systems

· Provide guidance to security administrators and analysts in collecting data from a variety of Computer Network Defense (CND) tools (including intrusion detection system alerts, firewall and network traffic logs, as well as host system logs) to analyze events that occur within their environments

· Interpret, analyze, and report all events and anomalies in accordance with information security directives

· Provide strategic and tactical perspective on Security Directives, contextualize risk management

ESSENTIAL QUALIFICATIONS

· 5 ~ 7 years of direct experience minimum

· Working knowledge and experience in HIDS/NIDS Security Incident Event Management

· Proven engineering experience in SIEM development, integration with Active Directory (on-premise and Azure)

· Demonstrable knowledge of Cloud (especially Azure) Security Principles equivalent to Center for Internet Security (CIS) benchmarks v1.5 or higher.

· Operational competency with Dynamic Application Security Testing in DevOps environments

· Bachelor's degree in Cyber Security, Computer Science or related field or equivalent work experience required

· Preferred: Certification in CISSP/SANS GSEC or higher

Salary range for this position: Salary $91,100 - $113,900. Actual base salary may vary based upon, but not limited to: relevant experience, qualifications, expertise, certifications, licenses, education or equivalent work experience, time in role, peer and market data, prior performance, business sector, and geographic location.

Work Schedule (may vary to meet business needs): Monday~Friday, 7.5 hours per day (37.5 hours per week) with potential for hybrid work-from-home arrangement.

We reward great work with great benefits, including but not limited to: Medical, Dental, Vision, Paid Time-Off (PTO), Paid Holidays, 401(k), Pension, Short- & Long-term Disability, Life, AD&D, Flexible Spending Accounts (healthcare & dependent care), Commuter Transit, Tuition Assistance, and Employee Assistance Program (EAP).