MedImpact Healthcare Systems, Inc.
Security Engineer II
MedImpact Healthcare Systems, Inc., San Diego, California, United States, 92189
Security Engineer II
–
MedImpact Healthcare Systems, Inc.
United States of America (Exempt)
Pay range: $110,982 - $155,376 - $199,769. Note: Pay scale information is not necessarily reflective of actual compensation that may be earned, nor a promise of any specific pay for any selected candidate or employee, which is always dependent on actual experience, education, qualifications, and other factors. A full review of our comprehensive pay and benefits will be discussed at the offer stage.
This position is not eligible for sponsorship.
MedImpact Healthcare Systems, Inc. is looking for extraordinary people to join our team! We want innovative professionals with top‑notch skills who thrive on opportunity, high performance, and teamwork. We are a premier Pharmacy Benefits Management solution provider, delivering leading‑edge pharmaceutical and technology solutions that improve health care value through transparency and choice.
Summary The Information Security Engineer II develops, executes, and monitors enterprise‑wide information security from policy through implementation across all Security departments including SECOPS, DEVSECOPS and Threat Analytics. This role expands responsibilities of the Security Engineer I to include direct security support for departments in corporate subsidiaries with identified needs that require experienced oversight. The position ensures that business information is secure from unauthorized access, protected from inappropriate alteration, and is physically secure. It serves as the process owner for ongoing security activities and is responsible for protecting the confidentiality and integrity of client, employee, and proprietary business information in accordance with federal and state laws and regulations. All security team members must enforce and adhere to MedImpact’s corporate policies and procedures.
Essential Duties and Responsibilities
Enforce policy and support security procedures, applications, and systems through the documentation of the resolution of assigned cases that range from simple to complex. Recommend changes to existing security process and procedures.
Utilize Endpoint Threat Detection and Response/Hunting toolsets.
Create requirements for product evaluations and procedures to enhance productivity and effectiveness. Provide direct support to business and IT staff for security‑related issues.
Drive the delivery of new and upgraded security applications, systems, and workflow. Test new systems for effective operations.
Lead efforts to proactively maintain and improve the automation, reliability, consistency, and quality of existing IT security tools and environments throughout the organization. Assist in the design, deployment, integration and configuration of security solutions or enhancements to ensure functionality.
Ensure the confidentiality, integrity, and availability of data residing on or transmitted to, from, or through enterprise workstations, servers, application systems, and data repositories.
Initiate, facilitate, and promote activities to create information security awareness. Disseminate and educate users on security policies and practices. Participate in regular security awareness training and updates to ensure consistent compliance with IT Security Policies.
Work cross‑functionally and interact with internal business units and stakeholders to support the business’ needs. Use an automated customer case request system to track and document security service requests and completed cases.
Participate in daily activities and reporting required for regulatory and contractual information security obligations. Coordinate tasks that are performed within the infrastructure (system administration, network administration, application support, etc.) for security updates and initiatives. Perform analysis, design and development of security features for system architecture.
Participate in security incident investigations and provide ongoing communication to security management. Identify root causes of security events and propose solutions; close out and document investigations. Ensure confidentiality and involve appropriate personnel in the investigation.
Maintain up‑to‑date industry knowledge through formal/informal training, industry associations and research of latest technologies critical to the success of the company’s information security program. Continuously work to identify and improve security solutions to defend the company against data security threats.
Apprise and keep management aware of security issues; handle and/or escalated issues appropriately.
Provide guidance and training to less experienced staff.
Provide IT Security consultative support to internal and external clients.
Manage IT Security related projects and assignments as assigned.
Client Responsibilities This is an internal and external client‑facing position that requires excellent customer service skills and interpersonal communication skills (listening, verbal, written). Must manage difficult or emotional client situations, respond promptly to client needs, solicit client feedback to improve service, respond to requests for service and assistance from clients, and meet commitments to clients.
Qualifications Education and Experience BS/BA and 8+ years’ experience or equivalent combination of education and experience, and 4 years of SME in respective areas.
Computer Skills Knowledge of Microsoft Office Suite.
Additional Expertise Is Required In The Following
Endpoint Management Experience (BigFix, WSUS/SCCM, Symantec, Trend Micro, etc.)
Identity and Access Management
Certificate Management
Patch Management (Windows and Unix)
Intrusion Detection and Prevention
Security Awareness Training
Mobile Device Management
EDR (Endpoint detection and response)
Web Content Filtering
Device Encryption
Vulnerability Assessment Tools
Firewall and VPN
Secure E‑mail, Anti‑SPAM
Webserver applications
Web API Service Security
Business Continuity (Disaster Recovery)
Compliance and Audit (HIPAA, HITRUST, SOC, GovRAMP and PCI a plus)
OS Administration (Windows, Linux and Unix)
Authentication and SSO
Container Security
Certificates, Licenses, Registrations
Security Certification strongly preferred
OWASP, ISSA, ISACA membership a plus
Other Skills and Abilities
Excellent analytical, problem solving, and communication skills.
Familiarity with SSAE SOC 1 and SOC 2, HITRUST, federal/state security and privacy frameworks, HIPAA, PCI and regulatory requirements for information security.
Ability to work on a team and build good working relationships with team members and internal clients.
Good understanding of standard policies and procedures for information security.
Reasoning Ability
Ability to solve practical problems and deal with a variety of concrete variables in situations where only limited standardization exists.
Ability to define problems, collect data, establish facts, and draw valid conclusions.
Mathematical Skills
Ability to apply concepts such as fractions, percentages, ratios, and proportions to practical situations.
Ability to add, subtract, multiply, and divide in all units of measure, using whole numbers, common fractions, and decimals. Ability to compute rate, ratio, and percent and to draw and interpret bar graphs.
Language Skills
Ability to respond to common inquiries or complaints from customers, regulatory agencies, or members of the business community.
Ability to respond effectively to the most sensitive inquiries or complaints.
Competencies
Composure
Decision Quality
Organizational Agility
Problem Solving
Customer Focus
Drive for Results
Peer Relations
Time Management
Dealing with Ambiguity
Learning on the Fly
Political Savvy
Physical Demands The employee is regularly required to sit and talk or hear, stand; walk; use hands to finger, handle, or feel and reach with hands and arms. The employee must occasionally lift and/or move up to 25 pounds.
Work Environment May be exposed to moving mechanical parts, high or precarious places, fumes or airborne particles, toxic or caustic chemicals, outdoor weather conditions, risk of electrical shock or vibration. Noise level is usually moderate (business office with computers and printers, light traffic).
Work Location This position must work on‑site at the San Diego Headquarters. Remote work is not an option.
Working Hours Exempt level position requiring work during hours required to fully accomplish job responsibilities and reasonably meet deadlines. Flexibility to work beyond traditional hours, nights, weekends or holidays as required. Core business hours: Monday through Friday 8:00 am to 5:00 pm.
Travel Domestic travel up to 10% of the time.
The Perks
Medical / Dental / Vision / Wellness Programs
Paid Time Off / Company Paid Holidays
Incentive Compensation
401K with Company match
Life and Disability Insurance
Tuition Reimbursement
Employee Referral Bonus
Equal Opportunity Employer, Male/Female/Disabilities/Veterans.
Metadata
Seniority level: Mid‑Senior level
Employment type: Full‑time
Job function: Information Technology
Industries: Hospitals and Health Care
#J-18808-Ljbffr
–
MedImpact Healthcare Systems, Inc.
United States of America (Exempt)
Pay range: $110,982 - $155,376 - $199,769. Note: Pay scale information is not necessarily reflective of actual compensation that may be earned, nor a promise of any specific pay for any selected candidate or employee, which is always dependent on actual experience, education, qualifications, and other factors. A full review of our comprehensive pay and benefits will be discussed at the offer stage.
This position is not eligible for sponsorship.
MedImpact Healthcare Systems, Inc. is looking for extraordinary people to join our team! We want innovative professionals with top‑notch skills who thrive on opportunity, high performance, and teamwork. We are a premier Pharmacy Benefits Management solution provider, delivering leading‑edge pharmaceutical and technology solutions that improve health care value through transparency and choice.
Summary The Information Security Engineer II develops, executes, and monitors enterprise‑wide information security from policy through implementation across all Security departments including SECOPS, DEVSECOPS and Threat Analytics. This role expands responsibilities of the Security Engineer I to include direct security support for departments in corporate subsidiaries with identified needs that require experienced oversight. The position ensures that business information is secure from unauthorized access, protected from inappropriate alteration, and is physically secure. It serves as the process owner for ongoing security activities and is responsible for protecting the confidentiality and integrity of client, employee, and proprietary business information in accordance with federal and state laws and regulations. All security team members must enforce and adhere to MedImpact’s corporate policies and procedures.
Essential Duties and Responsibilities
Enforce policy and support security procedures, applications, and systems through the documentation of the resolution of assigned cases that range from simple to complex. Recommend changes to existing security process and procedures.
Utilize Endpoint Threat Detection and Response/Hunting toolsets.
Create requirements for product evaluations and procedures to enhance productivity and effectiveness. Provide direct support to business and IT staff for security‑related issues.
Drive the delivery of new and upgraded security applications, systems, and workflow. Test new systems for effective operations.
Lead efforts to proactively maintain and improve the automation, reliability, consistency, and quality of existing IT security tools and environments throughout the organization. Assist in the design, deployment, integration and configuration of security solutions or enhancements to ensure functionality.
Ensure the confidentiality, integrity, and availability of data residing on or transmitted to, from, or through enterprise workstations, servers, application systems, and data repositories.
Initiate, facilitate, and promote activities to create information security awareness. Disseminate and educate users on security policies and practices. Participate in regular security awareness training and updates to ensure consistent compliance with IT Security Policies.
Work cross‑functionally and interact with internal business units and stakeholders to support the business’ needs. Use an automated customer case request system to track and document security service requests and completed cases.
Participate in daily activities and reporting required for regulatory and contractual information security obligations. Coordinate tasks that are performed within the infrastructure (system administration, network administration, application support, etc.) for security updates and initiatives. Perform analysis, design and development of security features for system architecture.
Participate in security incident investigations and provide ongoing communication to security management. Identify root causes of security events and propose solutions; close out and document investigations. Ensure confidentiality and involve appropriate personnel in the investigation.
Maintain up‑to‑date industry knowledge through formal/informal training, industry associations and research of latest technologies critical to the success of the company’s information security program. Continuously work to identify and improve security solutions to defend the company against data security threats.
Apprise and keep management aware of security issues; handle and/or escalated issues appropriately.
Provide guidance and training to less experienced staff.
Provide IT Security consultative support to internal and external clients.
Manage IT Security related projects and assignments as assigned.
Client Responsibilities This is an internal and external client‑facing position that requires excellent customer service skills and interpersonal communication skills (listening, verbal, written). Must manage difficult or emotional client situations, respond promptly to client needs, solicit client feedback to improve service, respond to requests for service and assistance from clients, and meet commitments to clients.
Qualifications Education and Experience BS/BA and 8+ years’ experience or equivalent combination of education and experience, and 4 years of SME in respective areas.
Computer Skills Knowledge of Microsoft Office Suite.
Additional Expertise Is Required In The Following
Endpoint Management Experience (BigFix, WSUS/SCCM, Symantec, Trend Micro, etc.)
Identity and Access Management
Certificate Management
Patch Management (Windows and Unix)
Intrusion Detection and Prevention
Security Awareness Training
Mobile Device Management
EDR (Endpoint detection and response)
Web Content Filtering
Device Encryption
Vulnerability Assessment Tools
Firewall and VPN
Secure E‑mail, Anti‑SPAM
Webserver applications
Web API Service Security
Business Continuity (Disaster Recovery)
Compliance and Audit (HIPAA, HITRUST, SOC, GovRAMP and PCI a plus)
OS Administration (Windows, Linux and Unix)
Authentication and SSO
Container Security
Certificates, Licenses, Registrations
Security Certification strongly preferred
OWASP, ISSA, ISACA membership a plus
Other Skills and Abilities
Excellent analytical, problem solving, and communication skills.
Familiarity with SSAE SOC 1 and SOC 2, HITRUST, federal/state security and privacy frameworks, HIPAA, PCI and regulatory requirements for information security.
Ability to work on a team and build good working relationships with team members and internal clients.
Good understanding of standard policies and procedures for information security.
Reasoning Ability
Ability to solve practical problems and deal with a variety of concrete variables in situations where only limited standardization exists.
Ability to define problems, collect data, establish facts, and draw valid conclusions.
Mathematical Skills
Ability to apply concepts such as fractions, percentages, ratios, and proportions to practical situations.
Ability to add, subtract, multiply, and divide in all units of measure, using whole numbers, common fractions, and decimals. Ability to compute rate, ratio, and percent and to draw and interpret bar graphs.
Language Skills
Ability to respond to common inquiries or complaints from customers, regulatory agencies, or members of the business community.
Ability to respond effectively to the most sensitive inquiries or complaints.
Competencies
Composure
Decision Quality
Organizational Agility
Problem Solving
Customer Focus
Drive for Results
Peer Relations
Time Management
Dealing with Ambiguity
Learning on the Fly
Political Savvy
Physical Demands The employee is regularly required to sit and talk or hear, stand; walk; use hands to finger, handle, or feel and reach with hands and arms. The employee must occasionally lift and/or move up to 25 pounds.
Work Environment May be exposed to moving mechanical parts, high or precarious places, fumes or airborne particles, toxic or caustic chemicals, outdoor weather conditions, risk of electrical shock or vibration. Noise level is usually moderate (business office with computers and printers, light traffic).
Work Location This position must work on‑site at the San Diego Headquarters. Remote work is not an option.
Working Hours Exempt level position requiring work during hours required to fully accomplish job responsibilities and reasonably meet deadlines. Flexibility to work beyond traditional hours, nights, weekends or holidays as required. Core business hours: Monday through Friday 8:00 am to 5:00 pm.
Travel Domestic travel up to 10% of the time.
The Perks
Medical / Dental / Vision / Wellness Programs
Paid Time Off / Company Paid Holidays
Incentive Compensation
401K with Company match
Life and Disability Insurance
Tuition Reimbursement
Employee Referral Bonus
Equal Opportunity Employer, Male/Female/Disabilities/Veterans.
Metadata
Seniority level: Mid‑Senior level
Employment type: Full‑time
Job function: Information Technology
Industries: Hospitals and Health Care
#J-18808-Ljbffr