BrightSpring Health Services · 9 hours ago

Security Engineer II with Web Application Penetration Testing REMOTE

Louisville, KY

Full-time

Remote

Mid Level

$115K/yr - $125K/yr

3+ years exp

Maximize your interview chances

Health CarePharmaceutical

Insider Connection @BrightSpring Health Services

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Illustrates proficiency by implementing solutions and enforcing security policies and standards

Acts as a lead for the Security Engineering team and interacts regularly with other departments to implement solutions and/or act as the primary point of contact for information security matters

Uses SIEMs and other threat intelligence sources to evaluate the current threat landscape

Uses security products and techniques to routinely monitor for vulnerabilities, threats, alerts, and attacks

Determines if any immediate or future action is necessary to protect information system assets and acts accordingly

Works with Network and Server Administrators to achieve results and submits reports on findings, status, and recommendations to the Security Engineering Manager

All NIST alignment is done with the expectation that the business needs are paramount

Works with IT resources and business leaders to assist in the research, development, configuration, upgrade, and implementation of one or two IT Security platforms related products and services and leads and supports projects

Conducts standard security investigations using data analysis and forensic techniques; supports and is a key member of the Incident Response (IR) team, including standardizing, improving, and maintaining IR processes

Works with Business Owners and IT Application Development and Infrastructure stakeholders to assist in the planning, and implementation of enterprise-wide security systems, including physical security, authentication mechanisms, cryptography, role-based security, host and backend systems, DMZs, firewalls, VPNs, IPS/IDS systems, penetration testing, vulnerability assessments, and disaster recovery

Performs other tasks as assigned

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Security administrationSIEMEndpoint DetectionResponse (EDR)Incident Response (IR)Security frameworksVulnerability managementWeb Application PenetrationMicrosoft Windows Active DirectoryNetwork securityGCIH certificationOSCP certificationOSWA certificationAdvanced MS OfficeData analysisForensic techniquesRisk assessmentsNIST CSF

Required

Associate degree in Computer Information Systems or equivalent experience; Bachelor's degree in Computer Information Systems or related field desired

Minimum of three years Security administration/management in Enterprise environment

Two or more years of either SIEM, IDP, SASE, EDR, Email Security and/or security framework implementation; other end-user, network, and host-based security solutions

Three or more years in the administration or monitoring of security platforms within an enterprise environment with combination of secure web gateways; endpoint detection and response; remote access technologies; endpoint protection methodologies; secure configuration of network equipment, Microsoft Windows Active Directory, web application development, infrastructure, and database security

Ability to research, evaluate, and recommend security technology and solutions; define and document internal controls and procedures and conduct routine security audits and risk assessments