Stanford Health Care
Sr IT Security Engineer
Palo Alto, California
The Senior IT Security Engineer is responsible for leading the development of a robust IT security program designed to protect SHC assets from vulnerabilities and malicious activity, software, and code. Senior IT Security Engineers will additionally be responsible for analyzing and correlating information collected from a variety of sources to identify, investigate, and report vulnerabilities in the SHC environment, developing and implementing mitigation countermeasures for identified and potential threats, and leading the resolution of identified security incidents. SHC is seeking candidates to fill multiple roles within its security organization, and as such candidates with strong backgrounds in any of forensics, vulnerability management, host or network-based intrusion detection/prevention, anti-virus/malware solution support, and data loss prevention are encouraged to apply.
The essential functions listed are typical examples of work performed by positions in this job classification. They are not designed to contain or be interpreted as a comprehensive inventory of all duties, tasks, and responsibilities. Employees may also perform other duties as assigned.
Employees must abide by all Joint Commission Requirements including but not limited to sensitivity to cultural diversity, patient care, patient's rights and ethical treatment, safety and security of physical environments, emergency management, teamwork, respect for others, participation in ongoing education and training, communication and adherence to safety and quality programs, sustaining compliance with National Patient Safety Goals, and licensure and health screenings.
Employee must perform all duties and responsibilities in accordance with the C-I-CARE Standards of the Hospital. C-I-CARE is the foundation of Stanford's patient-experience and represents a framework for patient-centered interactions.
Document, maintain, and implement standards, policies, and procedures within security disciplines that may include vulnerability management, forensics, host and network-based intrusion detection, anti-virus/malware management, or data loss prevention.
Conduct research, analysis, and correlation across a wide variety of source data to identify and prevent compromise of SHC networks, host systems, and data, including:
Analyze network traffic and host data to identify anomalous activity and potential threats to SHC resources;
Establish alerting thresholds/triggers, analyze alerts from various sources within the enterprise, and determine possible causes and effects on SHC systems and data;
Validate intrusion detection system (IDS) alerts against network traffic and host data sources using to root out false positives;
Perform regular and ad-hoc vulnerability and malware scans to identify unauthorized access to SHC data systems and malicious code activity such as trojans, root kits, backdoors, bots, or malware.
Provide level 3 engineering support for security incidents and threats in the SHC environment, including:
Perform initial incident triage, determining scope, urgency, and potential impact of security incidents;
Respond to and resolve identified security incidents, maintaining contact with end users and the SHC service desk through resolution.
Coordinate with network, data center, desktop, and application support teams as required to validate alerts, ensure incident resolution, and perform root cause analysis;
Perform incident escalation to the appropriate SHC stakeholders as required.
Perform forensic analysis on known security vulnerabilities and recommend risk mitigation procedures.
Provide technical consultation and direction on application design, architecture, and system performance as it relates to security.
Perform trend analysis and reporting on security incidents, identify technical and procedural findings, and recommend remediation strategies or technical solutions.
Participate in IT security audits as required.
Education: Bachelor's Degree in Engineering, Computers Science, or related field from an accredited college or university.
Experience: Five (5) years of progressively responsible and directly related work experience.
License/Certification: CISM, CISSP, or GIAC certification preferred.
Knowledge, Skills, and Abilities
These are the observable and measurable attributes and skills required to perform successfully the essential functions of the job and are generally demonstrated through qualifying experience, education, or licensure/certification.
Strong knowledge and experience with tools, platforms, and protocols such as:
TCP/IP, Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), and directory services
Network security defense technologies such as IDS, IPS, Endpoint protection, DLP, NAC, Proxy, and WAF;
Unix, Linux, Apple, and Windows operating systems;
Strong knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of Defense-in-Depth).
Ability to identify systemic security issues based on analysis of vulnerability and configuration data.
Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return-oriented attacks, and malicious code).
Physical Requirements and Working Conditions
The Physical Requirements and Working Conditions in which the job is typically performed are available from the Occupational Health Department. Reasonable accommodations will be made to enable individuals with disabilities to perform the essential functions of the job
At Stanford Health Care, we seek to provide patients with the very best in diagnosis and treatment, with outstanding quality, compassion and coordination. With an unmatched track record of scientific discovery, technological innovation and translational medicine, Stanford Medicine physicians are pioneering leading edge therapies today that will change the way health care is delivered tomorrow.