Cyber Security Engineer - HGS ( R-00061497-OTHLOC-PL-2D0120 )
The Health Growth Solutions (HGS) at Leidos has immediate opening for cyber-security engineer to help us securely shape, develop, and deliver new software solutions leveraging state-of-the art technologies to our government customers and launch new and innovative products into the commercial healthcare marketplace. Healthcare is one of the fastest growing sectors of the US economy, but the industry faces many challenges in delivering value to providers and payers and in improving patient care outcomes in a highly dynamic marketplace. Our software engineers are at the forefront of defining and building solutions to address those challenges using a go-fast agile approach driven by small teams that rely on and value the contributions of each team member.
As a part of an agile scrum team, you’ll help plan for and implement product and information security incident, damage, and threat assessment programs. You’ll serve as a core member of the Cyber Security team focused on daily cyber security operations to secure our products and protect our customer data, design and implement Security Information and Event Management (SIEM) procedures and operations, and identify and remediate gaps in our products. This includes the interpretation and implementation of cyber security best practices for all products and services. In addition, you will work under the direction of the Cyber-Security Architect to drive a broad set of security initiatives at HGS, including software design analysis, policy development, TLS standards curation and risk mitigation. Most importantly, you will become a critical member of the team responsible for ensuring the integrity of HGS’s enterprise and products and for keeping HGS’s users safe, within a company dedicated to building a more secure internet.
Responsibilities and Duties
- Provide security design analysis and infrastructure auditing for products and services and participate in the iterative design process in order to identify vulnerabilities, risks and choices that would lead to increased risk down the road early and throughout the product lifecycle.
- Develop Security reference architectures for common patterns that result in unnecessary risk.
- Document and communicate these reference architectures to teams and advocate for their adoption to mitigate risk.
- Develop policies and guidelines to make it easier for non-security minded people to understand what to ensure their products do and don’t do.
- Establish organization-wide web security and TLS standards, and, in partnership with operations teams and developers, automated processes to assess and enforce those standards.
- Execute a forward looking risk prevention program that identifies areas of risk that are not well understood and lacking strong ownership, assess the risk, propose a suite of mitigations, and drive the mitigations to completion.
- Conduct vulnerability assessments and monitor systems, networks, databases and Web-based assets for potential system breaches.
- Recommend and implement changes under the supervision of the Cyber-Security Architect to enhance security systems and prevent unauthorized access.
- Respond to alerts from information security tools.
- Report, investigate, and resolve higher level security incidents.
- Research security trends, new methods, and techniques used in unauthorized access of data in order to preemptively eliminate the possibility of system breach.
- Ensure compliance with regulations and privacy laws.
- Supports the security architect in the development and maintenance of security standards including, but not limited to, network infrastructure, wireless and mobile infrastructure, operating systems, databases, applications, and emerging technologies.
- Understands current as well as emerging security threats.
- As directed by the security architect, identifies security architecture capabilities and design security architecture patterns to mitigate threats.
- Assesses emerging technologies against security architecture to determine where they fill gaps, overlap with existing solutions or extend capabilities.
- Serves as information security subject matter expert; provide advisory and consulting services as needed.
- As directed by the security architect, reviews existing and proposed architectures, identify security design gaps, and recommend changes or enhancements.
Required Skills and Qualifications
- BS and 8 – 12 years of prior relevant experience in a security engineering role.
- Proven expertise in assessing security risks, presenting security topics to people outside of security, analyzing software and system design to identify security vulnerabilities, and policy development.
- Knowledge of state of the art vulnerabilities and attack techniques, and a depth of technical expertise with designing and building tooling to scale your influence and impact. Outstanding interpersonal skills to partner with teams across the organization and support them in reducing their risk.
- Practical experience working with cloud technologies, such as Amazon Web Services, Google Cloud Platform, Microsoft Azure, etc.
- Superb communication skills; ability to work effectively with diverse company partners.
- Proven experience in performing administration functions of Linux/UNIX & Windows systems, network, firewall, and DNS experience.
- Demonstrated working knowledge of vulnerability assessment and penetration testing tools.
- Proven ability to work effectively both independently and/or in a team setting.
- Ability to communicate technical information to a non-technical audience.
- Must possess strong analytical and problem-solving abilities; and strong critical-thinking skills in complex communication environments.
- Certified Information Systems Security Professional (CISSP) certification required.
Preferred Skills and Qualifications
- Additional security-related certifications, such as Global Information Assurance Certification (GIAC), Certified Ethical Hacker (CEH), etc. Experience with Health field related enterprise technology applications