Sr IT Security Engineer (Hybrid)

Company: American Medical Association
Location: Chicago
Posted on: February 4, 2025

Job Description:

Sr IT Security EngineerLocation: Chicago, IL (Hybrid)The American Medical Association (AMA) is the nation's largest professional association of physicians and a non-profit organization. We are a unifying voice and powerful ally for America's physicians, the patients they care for, and the promise of a healthier nation. To be part of the AMA is to be part of our mission to promote the art and science of medicine and the betterment of public health.We continuously work to embed equity in our internal practices and are committed to increasing the diversity of our staff across all levels of the organization. We intentionally work to create the right conditions to enable our employees to feel that they can be their authentic selves and fully participate in the life of the enterprise.We encourage and support professional development for our employees, and we are dedicated to social responsibility. We invite you to learn more about us and we look forward to getting to know you.We have an opportunity at our corporate offices in Chicago for a Sr IT Security Engineer on our Information Technology team. This is a hybrid position reporting into our Chicago, IL office, requiring once a month in the office.As a Sr IT Security Engineer, you will be responsible for security and cyber threat intelligence, industry best practices research, threat detection/prevention, threat triage, and response. This role is responsible for designing, implementing and maintaining security platforms and operational solutions to secure cloud-based technology and on-premise applications. This role is responsible for the day-to-day security technologies (e.g., firewalls, SIEM, data loss prevention, web application firewalls, application security testing, VPN etc.) and supporting processes. Collects and generates reports and metrics for security trends and audit compliance purposes. Also designs security use cases based on business requirements and leads security tool administration and configuration; works closely with IT Engineering and Infrastructure teams to achieve security objectives and goals.RESPONSIBILITIES:IT Security Policy

• Research, design and advocate new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendors.
• Plan, document, and execute enterprise-wide security programs, including vulnerability identification and testing, network scanning framework for public and private networks and other technologies.
• Configure and troubleshoot vulnerability assessment tools and endpoint solutions; perform scans, and identify and research threats; summarize results and corrective actions where appropriate.
• Consult with IT, compliance, audit, and others to ensure development, implementation, and administration of applications and infrastructure meets standards for IT security and regulatory audit compliance.
• Communicate IT Security policies and procedures to management and end users across businesses.
• Collect and analyze defined metrics to report to leadership, including security dashboards and results of trainings.
• Develop and/or deliver information security awareness training, including phishing simulations and risk-based training content for high-risk users.
• Identify, collect, and organize credible, new intelligence and subject matter relative to current and emerging threats using all the tools, applications and open-source information.
• Define and document application security standards for developers; ensure compliance with applicable security controls when writing such standards. Design, lead, and project manage the development and configuration of security tools and automation based on use cases.Incident Detection and Response
  • Proactively monitor, analyze, block, and respond to malware and other emerging threats; serve as technical point of contact during and after security incidents including digital forensics procedures.
  • Conduct operational threat hunting exercises to proactively find incidents in the AMA environment.
  • Perform threat modeling and risk assessments using standard security frameworks for cloud services.
  • Monitor and audit networks, on-premise and cloud systems and service changes.
  • Document incident response procedures; support management communication during incidents.
  • Assist in management of security services providers.Security Operations (including processes, monitoring, configuration, and maintenance)
    • Responsible for researching new threats, attacks, and risks to infrastructure and software.
    • Define and document operating procedures for incident identification, investigation, and response.
    • Work with businesses to identify and address data security risks in business processes.
    • Analyze and make recommendations to enhance our security posture within cloud and hybrid environments and associated services and configurations.
    • Improve security reporting, including coordinating vulnerability management, penetration testing, and infrastructure compliance.
    • Create or update detailed operational processes and procedures related to security operations, incident management & code development.May include other responsibilities as assigned.REQUIREMENTS:
    • Bachelor's degree required in Information Security, Engineering, Computer Science, or related field.
    • Demonstrated progression towards one or more security certifications; GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), CISSP/CISA certification, CISM.
    • 5+ years of Security Operations experience is required, including cyber incident investigations.
    • Strong understanding of various network and host-based security applications and tools.
    • Exposure to enterprise web application programming and Application Security (AppSec).
    • Knowledge of browser security controls, web application security frameworks, and authentication infrastructures (SAML, OAUTH), technical infrastructure, end points, networks, databases, and systems in relation to IT Security and IT Risk.
    • Understanding of cloud networking concepts and architecture to promote and develop new designs and security strategies across all types of cloud-based applications (including infrastructure, platform, and software as a service).
    • Excellent written and verbal communication skills; able to communicate technical concepts to business leaders and users clearly, with appropriate emphasis on urgency and priority of potential threats and possible security incidents in progress.
    • Ability to respond to security incidents promptly and independently, addressing incidents under time pressure.
    • Excellent analytical, organizational and communication skills; demonstrated ability to facilitate cross-functional teams.
    • Experience in continuous improvements and agile methodology.Additional Technical Background & Skills Requirements:
    • Familiar with security standards, principles, techniques, and frameworks (NIST, PCI, HIPAA etc.).
    • Anti-Virus, Intrusion Detection Systems, Firewalls, Active Directory, Web Proxies, Vulnerability Assessment tools.
    • Data Loss Prevention (DLP), Security Information and Event Management (SIEM).
    • Various network and host-based security applications and tools.
    • Perimeter security monitoring (i.e., router/firewall/switches).
    • Endpoint programs/applications (Anti-Virus, malware, etc.).
    • Email monitoring (DLP, SPF, DKIM, SPAM).
    • Network scanning.
    • Static Application Security Testing (SAST) tools (such as SonarQube).
    • Dynamic Application Security Testing (DAST) tools (such as Snyk or Rapid7).
    • Source code management tools (Git, SVN, etc.).
    • Forensic tools (Sleuth Kit, X-Ways, CAINE).
    • Cloud-based security tools (CloudTrail, WAF, Security Center, etc.).
    • Browser security controls, web application security frameworks, and authentication infrastructures (SAML, OAUTH).
    • Code scanning tools (Dynamic, Static and Open-source).
    • Programming languages (Java, JavaScript, Python, etc.).
    • Web services, API, REST, RPC.
    • Infrastructure as Code (CloudFormation, Terraform) preferred.
    • Vulnerability Management solutions (Qualys, Tenable).
    • Candidates with Digital and Media Analysis (DMA) and prior computer forensics.The salary range for this position is $107,865 - $131,937. This is the lowest to highest salary we believe we would pay for this role at the time of this posting. An employee's pay within the salary range will be determined by a variety of factors including but not limited to business consideration, geographical location, and internal equity, as well as candidate qualifications, such as skills, education, and experience. Employees are also eligible to participate in a bonus plan. To learn more about the American Medical Association's benefits offerings, The American Medical Association is located at 330 N. Wabash Avenue, Chicago, IL 60611 and is convenient to all public transportation in Chicago.We are an equal opportunity employer, committed to diversity in our workforce. All qualified applicants will receive consideration for employment. As an EOE/AA employer, the American Medical Association will not discriminate in its employment practices due to an applicant's race, color, religion, sex, age, national origin, sexual orientation, gender identity and veteran or disability status.THE AMA IS COMMITTED TO IMPROVING THE HEALTH OF THE NATION
      #J-18808-Ljbffr

Keywords: American Medical Association, West Allis , Sr IT Security Engineer (Hybrid), Engineering , Chicago, Wisconsin