Medix is currently seeking a Senior Information Security Engineer for an exciting contract to hire / direct hire job opportunity with one of our top healthcare clients in the Washington, DC.
About our client / About this position
Our client is a large, non for profit healthcare organization, headquartered on the Northeast side of Washington DC. Conveniently located off the Green & Yellow metro transit lines, this is a great location for both public transit and city commuters.
They are seeking a Senior-level Information Security Engineer who can take ownership of penetration testing, cyber security audits, vulnerability scanning, and investigations of cybersecurity incidents.
The primary responsibilities for this Senior Information Security Engineer will include:
- Working under the direction of the Chief Information Security Officer and the Director of IT, as a Senior team member
- Contributing to the evaluation and selection of cyber security technologies (firewalls, monitoring platforms, intrusion prevention platforms, malware detection, log analysis tools, etc)
- Leading the implementation and configuration of cyber security technologies
- Adopting cyber security frameworks (NIST 800-53, ISO 27001/2, FISMA, FIPS) as well as healthcare specific RMF (HIPAA, HITRUST CSF, HITECH)
- Participating in the development and evaluation of security policies and procedures.
- Contributing to enterprise security policies related to network access, appropriate use of computer equipment, and data usage.
- Coordinating cyber threat mitigation activities, security breach detection, containment, and restoration activities and contribute to HUH's disaster response plan.
- Conducting cyber security audits, penetration tests, and investigations of cybersecurity incidents.
- Evaluating, Implementing and using a variety of information security devices and applications
WAF Devices: Barracuda, Imperva / SecureSphere or Incapsula, F5 / BigIP ASM, Penta / WAPPLES, Sophos / XG, Radware / Appwall, Akamai, etc
Vulnerability Scanning Tools: Netsparker, Qualys, BurpSuite, Nexpose, Acunetix, WireShark, Nessus, Nikto, OpenVAS, Retina, Tripwire, etc.
PenTesting Tools: Nmap, Metasploit, w3af, John the Ripper, Cain & Abel, etc.
- Responding to security alarms and mission-critical issues.
- Creating and distributing cyber security awareness bulletins and training materials for staff
Required Experience & Qualifications
- Bachelor of Science in Computer Science, Engineering or a related field, OR the equivalent in hands-on experience
- CISSP Certification, and/or other Security Certifications (CEH, CISA, are highly preferred)
- Advanced knowledge of Risk Management Frameworks (RMF): NIST 800-52, ISO 27001/2, FISMA, FIPS,
- Specific healthcare RFM is also required: HIPAA, HITRUST, HITECH, etc.
- Strong knowledge of WAF, Vulnerability Scanning and PenTesting tools
Location: Washington DC (City)
Position Type: 6+ Months Contract to Hire (Could also consider Direct Hire)
Hourly Rate: $70 + / hour W2
Compensation Range: $125,000 - $150,000 / year
As an employee of Medix, during the contract portion of this contract to hire opportunity, you will have the option to enroll in our talent benefits program. This includes several options for Medical, Dental, Vision and & Prescription Drug coverage. In addition, Medix offers an industry best-in-class 401K plan, with employer matching for up to 6% of eligible pay. There is also an accrued PTO / time off plan included at no extra cost!