Description

About Us Here at Baylor Scott & White Health we promote the well-being of all individuals, families, and communities. Baylor Scott and White is the largest not-for-profit healthcare system in Texas that empowers you to live well. Our Core Values are: * We serve faithfully by doing what's right with a joyful heart. * We never settle by constantly striving for better. * We are in it together by supporting one another and those we serve. * We make an impact by taking initiative and delivering exceptional experience. Benefits Our benefits are designed to help you live well no matter where you are on your journey. For full details on coverage and eligibility, visit the Baylor Scott & White Benefits Hub to explore our offerings, which may include: * Immediate eligibility for health and welfare benefits * 401(k) savings plan with dollar-for-dollar match up to 5% * Tuition Reimbursement * PTO accrual beginning Day 1 Note: Benefits may vary based upon position type and/or level. Job Summary Enforce and help establish information security and control policies, procedures, and standards. Participate in implementations to ensure security requirements and guidelines are included in systems. Perform risk assessments of systems, applications, and networks to identify weaknesses. Ensure the effectiveness of internal controls in reducing risk to information systems. Perform testing on large data sets to identify malicious activities within the infrastructure. Help manage and maintain Information System Security solutions to ensure effective use. Investigate and resolve problems and inefficiencies to enhance risk mitigation. Utilize a ticketing system to ensure testing, research, and documentation remain consistent. Engineering: Ensure security tools and infrastructure run as required. Assist Sec-Engineering team members in tuning activities. Recommend new tools and infrastructure as requested. Perform updates and patches on security tools and infrastructure as needed. Manage and control access to security tools and infrastructure. Maintain specific toolsets or parts of the IS Security toolset. Establish as the subject matter expert in specific toolsets. Assurance: Conduct interviews and help requesters onboard end devices onto the Infrastructure. Use established processes and procedures, ensuring security requirements and guidelines are in place. Train other Sec-Assurance personnel on group processes and procedures. Perform risk assessments for all infrastructure using established tools. Run vulnerability testing for all infrastructure using established tools. Assist and make recommendations to the Information Security Officer to enforce information security, mitigate risks, and ensure compliance with regulatory strategies. Run meetings with multiple infrastructure personnel on security matters. Operations: Provide monitoring of security systems as needed. Monitor, study, research, and protect against potential security events. Help establish if events are potential security incidents impacting the organization. Assist with security incidents to reach containment, retain evidence, and improve future response capabilities. Function as a security incident head with supervision when needed. Ensure proper remediation for networks and systems under surveillance. Provide or review detailed log testing. Perform or assist with post-incident forensics and documentation. Perform or assist formal investigations related to security, legal, compliance, or other cases. Prioritize and run response efforts based on established procedures. Perform or run remediation for systems under surveillance. Provide or review recommendations for remediation based on log testing. Help enhance security operations systems through reports, dashboards, and custom rules. Create scripts to address special data and reporting needs for incident response. Essential Functions of the Role * Correlate data and reports from different sources, make rational inferences about that data, and be able to publish results. * Ability to develop tools and scripts to aid in data processing or other aspects of log and or security research. * Provide assistance in review of firewalls, intrusion detection systems and enterprise anti-virus software. * Perform vulnerability scans as requested to establish potential exposure. * Assist in follow through remediation of vulnerabilities as requested. * Make recommendations for improvements in process and procedures. * Evaluate alerts and reports to assist in tuning security systems for accurate results. * Participate in projects as requested. * Assist to remediate compromised endpoints through established processes and procedures and with current toolset. * Review log testing. * Provides recommendations for remediation based on that review, correlation and log testing. * Prepare reports as requested. Key Success Factors * Data-backed skills with sound and insightful problem-solving capabilities and demonstrated experience. * Critical thinking and sound rationale skills. * Written and verbal communication skill; Demonstrated ability to effectively explain complex concepts to others in layperson terms. * Ability to work with others in teams and split testing and partner well on problems. * Ability to work efficiently and accurately under pressure. * Self-motivated to identify and resolve issues. * Ability to work on a variety of incidents, work assignments or projects simultaneously. * Deep technical knowledge and demonstrated ability to apply security related knowledge for practical and timely outcomes purposes given role. * Demonstrates customer-oriented service excellence principal while remaining mission focused. * Mature and in-depth knowledge of Information Security technology and best practices. Knowledge of network protocols, operating systems. Belonging Statement We believe that all people should feel welcomed, valued and supported. *QUALIFICATIONS* * EDUCATION - Bachelor's or 4 years of work experience above the minimum qualification * EXPERIENCE - 3 Years of Experience