Requirements : IS Requirements:
1. Understand and comply with all enterprise and IS departmental information security policies, procedures and standards.
2. Support the integration of information security in the development, design, and implementation of Hospital Technology Resources that process, transmit, or store CHOP information.
3. Support all compliance activities related to state, federal regulatory requirements, healthcare accreditation standards, and all other applicable regulations that govern the use and disclosure of patient, financial, or other confidential information.
Required Licenses & Certificates:
1. One Security certification is required, Certified Information Systems Security Professional (CISSP); other related technical certifications are a plus.
Required Education & Experience:
1. Bachelor’s Degree in Computer Science, Information Systems, other related field, or equivalent work experience.
2. 3 – 6 years industry related experience; 2 years of experience with security engineering, security architecture concepts
3. At least 1 year of performing security operational duties (vulnerability assessments, eDiscovery)
4. Comprehensive knowledge and exposure to all aspects of project planning, systems engineering, analysis and application development
5. Demonstrates a technical knowledge and understanding of Information security principles, general and IT controls
6. Experience with contract review of security requirements
7. Demonstrates understanding of the System Development Life Cycle (SDLC) and security engineering principles.
8. Strong understanding of enterprise risk management & IT governance concepts, principles & practices, (e.g., COBIT, NIST, ISO).
9. Experience with identifying, evaluating and resolving OS, network and application security issues.
10. Experience in understanding of OS specific security issues, including Windows and UNIX. Epic environment experience a plus.
11. Understanding of role based and other access control models and principles.
1. Security engineering , standards and lending practices
2. Strong knowledge of corporate Firewalls (CheckPoint, CISCO), Access Control, Authentication, Cisco Routers and switches, Secure VPNs.
3. Some experience in penetration testing (various sniffers, Tripwire)
4. Some experience with intrusion prevention systems (McAfee)
5. Some experience with vulnerability assessment solutions (Foundstone, ArcSight)
6. Knowledge of industry standards for use of forensic tools and collection of evidence
7. Working knowledge of graphic applications used for flow-charting and infrastructure depiction (Visio).
8. Project management skills, including the ability to plan, organize and prioritize multiple projects.
9. Microsoft, UNIX, Lawson, and Clinical Applications (e.g., Epic)
10. Project management skills, basic experience with MS productivity tools
All CHOP employees who work in a patient building or who provide patient care are required to receive an annual influenza vaccine unless they are granted a medical or religious exemption.
• Child Abuse Clearances
• FBI Fingerprint Clearance
• Drug Screening
The responsibilities of a Security Engineer II encompass identical responsibilities as a Security Operations Engineer I, but with a greater degree of complexity. A Security Engineer II also:
1. Participates in the planning, development, implementation, and delivery of Information Security (InfoSec) engineering standards, industry standards and practices, architecture and systems, and evaluation and selection of security applications and systems to support the enterprise.
2. Works with the CISO, other InfoSec personnel, database team and the enterprise solution architects to define compliance risk-related requirements (HIPAA, PCI, HITECH, Joint Commission) for existing infrastructure and future architectures.
3. Defines information security principles and processes to assist enterprise solution architects in security decisions for the enterprise.
4. Develops and participates in the assessment and definition of governance activities associated with Enterprise Architecture (EA) and compliance with regulatory requirements.
5. Defines or participates in the design system security architecture and works with enterprise solutions architect and other IS personnel to perform functional analysis and select security mechanisms to support Hospital mission and vision.
6. Performs hand-on technical work in support of daily Security Operations activities by performing vulnerability management assessments on a set frequency and reporting results to the Principal Security Operations or Supervisory Security Operations Engineer via use of approved departmental solutions and toolkits.
7. Works with other IS personnel to research and resolve security operations issues.
8. Supports Principal Security Operations or Supervisory Security Engineer ineDiscovery activities by collecting evidence and maintaining chain of custody of records.
9. Performs basic departmental project management duties such as time accounting and status reporting.
The Security Engineer II will also:
1. Demonstrates knowledge of security engineering, standards, including corporate firewalls technology, access control, authentication, virtual private networks.
2. Has some experience in penetration testing techniques.
3. Knowledge of industry standards for use of forensic tools and collection of evidence.
4. Working knowledge of graphic applications used for flow-charting and infrastructure depiction (Visio).
5. Demonstrates knowledge of security engineering, standards, including corporate firewalls technology, access control, authentication, virtual private networks.
6. Has some experience in penetration testing techniques.
7. Knowledge of industry standards for use of forensic tools and collection of evidence.
8. Working knowledge of graphic applications used for flow-charting and infrastructure depiction (Visio).
9. Works with minimal supervision in support of team initiatives and to assist and educate Level I Analysts.
Children's Hospital Philadelphia - 13 months ago