Extraordinary Care. Extraordinary Careers.
With the nation’s largest home infusion provider, there is no limit to the growth of your career.
Option Care Health, Inc. is the largest independent home and alternate site infusion services provider in the United States. With over 6,000 team members including 2,900 clinicians, we work compassionately to elevate standards of care for patients with acute and chronic conditions in all 50 states. Through our clinical leadership, expertise and national scale, Option Care Health is re-imagining the infusion care experience for patients, customers and employees.
At Option Care Health we recognize that part of being extraordinary is supporting and building a workforce that is as diverse as the patients and communities we serve.
Join a company that is taking action to develop a culture that is more inclusive, respectful, engaging and rewarding for all team members. We are committed to hiring, developing, engaging and retaining a diverse workforce.
Job Description Summary:
The security engineer is a technical role focused on supporting the implementation, execution, and optimization of security controls within the company. Engineers make things happen and this role involves the technical execution of all security settings, technologies, and processes required to ensure our risk reduction assumed with the control is realized. In addition, this role requires an individual who also understands how their role fits into a broader strategic vision. Candidates must have technical competence and expertise as well as a background understanding business needs and supporting response.
Job Responsibilities (listed in order of importance and/or time spent)
- Lead security projects including the integration of security into various facets of IT Operations and business operational activities and programs
- Plan, schedule, and implement security tool upgrades, implementations, and migrations in a timely manner, and during times that will have the minimum impact on the users of the affected networks & systems.
- Mentors more junior security engineers and security analyst in order to advance the level of depth of Option Care’s technical security program across the enterprise
- Provides second-level support for Security implemented projects based on need agreements. This may include SSO/MFA Authentication, endpoint protection, IDS/IPS perimeter security and vulnerability management.
- Assists in the configuration and implementation of open-source/third-party tools to assist in detection, prevention and analysis of security threats
- Conducts periodic network vulnerability scans in order to identify system and application vulnerability risk and ensure compliance
- Participates in the selection, Proof of Concept, implementation and operational deployment of new security technology solutions to ensure the confidentiality, integrity and availability of business data
- Proactively implements (new, upgrade, maintenance), monitor and support enterprise Security Tools
- Monitors networks and systems for security incidents / events, through the use of software that detects intrusions and anomalous system behavior
- Leads incident response, including steps to minimize the impact and then conducting a technical and forensic investigation into how the security incident happened and the extent of the security incident
- Develops specific / custom cybersecurity countermeasures and risk mitigation strategies for systems and/or applications in an evolving production environment
- Validates IT solutions collaboratively with infrastructure and application development project teams ensuring that corporate security policy, standards and industry best practices are met
- Stays current with developing technologies, emerging threat landscape and predict impact of changing technologies.
- Participates in the implementation of security technologies in coordination with a project manager
- Works with third party vendors to lead the definition of needs and requirements for security technology enhancements and implementation.
- Assists and supports junior members of the security team as they perform vulnerability, network and network security assessments remediation.
- Ability to handle multiple tasks/initiatives simultaneously and the ability to handle substantial deadline pressures
Does this position have supervisory responsibilities?
(i.e. hiring, recommending/approving promotions and pay increases, scheduling, performance reviews, discipline, etc.)
Basic Education and/or Experience Requirements
Bachelor’s degree and/ or at least 5 years of technical engineering experience in the Information Security field.
Information Security Certification(s) - CompTIA Security +; CompTIA CySA+; CEH; CISM; OSCP; GSEC and/or CISSP
- Knowledge of Information Security technical and functional areas and the operation of key tools as they related to these areas.
- Knowledge of Information Security functional areas such as metrics analysis, vulnerability management, policy implementation and technological controls.
- Understanding of API's and the ability to make API calls from applications
- Knowledge of Cloud (SaaS, IaaS, & PaaS) Security architecture
- Working knowledge of risk and security frameworks, standards, and best practices (e.g. NIST, ISO, SANS Critical Security Controls.)
- Experience with the tasks identified within the position description above, including planning, engineering, forecasting and implementation, and identification of resource requirements for information security systems or information security configuration requirements associated with business systems
- Technical knowledge of how various classes of threats and vulnerabilities function and methods to address those threats and risks
- Ability to understand security and business risk in order to provide quality customer service to the business. Results oriented with a sense of urgency and a strong desire to continuously learn and improve
- Excellent verbal and written communication skills to collect analyze and present data. Excellent data analysis, reporting and problem solving skills.
- Proven leadership skills, ability to work in a fast-paced start-up environment
- Demonstrates initiative, able to work independently with minimal supervision yet can work well in a team environment and is customer focused.
- Solid conflict management and decision making skills
- Knowledge and understanding of application or software security such as: web application penetration testing, secure code review, secure static code analysis
- Demonstrates initiative, must be self-starter with the ability to work independently with minimal supervision yet can work well in a team environment and is customer focused.
Travel Requirements: (if required)
Willing to travel up to 10% of the time for business purposes (within state and out
Preferred Qualifications & Interests (PQIs)
- Knowledge of common security vulnerabilities such as: XSS/CSRF, SQL Injection, Buffer Overflow, Lateral movement, privilege escalation, and DoS attacks.
- Ability to understand complex systems and interfaces and create current state system architecture diagrams, highlighting security components
- Ability to articulate issues, risks, and proposed solutions to various levels of staff and management
- Knowledge and understanding of data security controls including malware protection, firewalls, intrusion detection systems, content filtering, Internet proxies, encryption controls, and log management solutions
Technical Knowledge to include:
- Tenable / Nessus Vulnerability Management Application(s)
- McAfee Products (ePO, Web Gateway)
- Advance knowledge of Windows Administration
- Basic knowledge of Linux Administration
- Microsoft Active Directory Group Policy
- Microsoft O365 and Azure Security
- System hardening (CIS, NIST)
- Forensics Tools (ex: FTK; Encase, etc…)
- Scripting Languages - MS PowerShell & Python
This job description is to be used as a guide for accomplishing Company and department objectives, and only covers the primary functions and responsibilities of the position. It is in no way to be construed as an all-encompassing list of duties.
Option Care Health subscribes to a policy of equal employment opportunity, making employment available without regard to race, color, religion, national origin, citizenship status according to the Immigration Reform and Control Act of 1986, sex, sexual orientation, gender identity, age, disability, veteran status, or genetic information.
Cross Site Scripting (Xss)
Intrusion Detection Systems