Sr Information Security Engineer-22366

Location: Chicago, Illinois

Business Unit: Rush Medical Center

Hospital: Rush University Medical Center

Department: Cybersecurity Engineering

Work Type: Full Time (Total FTE between 0.9 and 1.0)

Shift: Shift 1

Work Schedule: 8 Hr (8:00:00 AM - 8:00:00 PM)

Rush offers exceptional rewards and benefits learn more at our Rush benefits page ).

Pay Range: $ $70.36 per hour

Rush salaries are determined by many factors including, but not limited to, education, job-related experience and skills, as well as internal equity and industry specific market data. The pay range for each role reflects Rush's anticipated wage or salary reasonably expected to be offered for the position. Offers may vary depending on the circumstances of each case.

Summary
We are seeking an experienced Sr. Information Security Engineer to join our team. This role involves designing and implementing secure solutions across networks, cloud environments, platforms, and applications. The successful candidate will perform thorough assessments to identify and mitigate security risks, threats, and vulnerabilities. Collaborating with various departments, you will develop strategies to strengthen our security posture and foster a culture of cybersecurity awareness.

Responsibilities
Security Design and Implementation

• Collaborate with technical leadership to establish and implement security technologies, standards, and strategies.
• Design and deploy security solutions for network, cloud, platform, and application environments.
• Lead the development and execution of security architecture for both on-premises and cloud systems

Threat Assessment and Mitigation

• Conduct comprehensive threat assessments on applications, hosts, and networks to identify vulnerabilities.
• Develop action plans to mitigate identified security risks and vulnerabilities.

Security Operations and Monitoring

• Analyze security logs to detect vulnerabilities and suspicious activities.
• Lead incident response activities, ensuring effective handling and resolution of security incidents.

Team Collaboration and Mentoring

• Mentor and cross-train team members on security best practices and technologies.
• Collaborate with development teams to ensure secure application design.

Research and Compliance

• Stay updated on emerging security threats, vulnerabilities, and exploits.
• Work with external partners for security penetration testing and assessments.
• Periodically test and evaluate security controls to ensure compliance with policies and standards.

Documentation and Reporting

• Create detailed security documentation, including network security diagrams.
• Report on security incidents, assessments, and compliance evaluations.
• Strengthen KPIs and metrics for measuring response effectiveness and provide clear and consistent reporting to internal stakeholders.

Position Requirements

• 5+ years' experience in enterprise Information Security roles
• Bachelor's degree in computer science, Information Systems, or a related field, or equivalent work experience.
• A strong understanding of computer networking concepts, protocols, network security, security engineering, and architecture concepts.
• Strong understanding of Cryptography, Authentication, Authorization, Secrets Management, Data Security, Web Technologies, and Cloud Security.
• Experience implementing and managing security solutions like EDR/XDR, IAM/PAM, Web Proxies, SIEM, SOAR
• Experience with incident response and root cause analysis.
• Proficiency in Security Operations, Cyber Security engineering, and endpoint protection domains.
• Solid experience with Windows, MacOS, and Linux operating systems, including virtualization, containers, and cloud technologies.
• Ability to lead security engineering projects and effectively communicate with business partners.
• Relevant certifications such as Certified Incident Handler (GCIH), Certified Information Systems Security Professional (CISSP), or similar certifications are preferred.
• Expert knowledge of Python and PowerShell and familiarity with other programming languages
• Hands-on experience analyzing and responding to security events, such as conducting log analysis, developing queries and analytics, troubleshooting security issues, and correlating complex data sets.
• Ability to identify trends, insights, and relationships between internal and external data and intelligence sources to make risk mitigation recommendations.
• Excellent communication and interpersonal skills, with the ability to effectively communicate technical information to non-technical stakeholders.
• Strong analytical and problem-solving skills, with attention to detail.
• Ability to work under pressure and respond effectively to incidents in a fast-paced environment.
• Be available to be on call

Preferred Qualifications

• Broad knowledge and experience across the information security domain, including familiarity with endpoint, email, network, identity management, cloud security, vulnerability management, incident response, and threat intelligence
• Cloud Security certification

Rush is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics.