The IT Security Team is responsible for the implementation and administration of information security policies, practices, procedures, and technologies to ensure the protection of access, applications, data, networks, platforms, systems, and users.
As a Security Infrastructure Engineer, you will be responsible for ensuring that Semler Scientific's security infrastructure and applications are installed and maintained as per Semler's guidelines and standards. You will work with a team for security assessment, design, project management and ongoing repair-and-maintenance.
The projects focus on improving our organization’s security posture to protect information, network, and computer systems. Additionally, there is an expectation to ensure compliance with regulatory requirements as Semler Scientific operates in a highly regulated industry. The remaining focus will be around the regular administration/maintenance of security tools including performing upgrades/troubleshooting and maintaining documentation. May be responsible for training Sec Ops members on new tools/procedures.
Principal Role, Responsibilities and Authorities
- Actively participate in the design and implementation of applications, services, and infrastructure to ensure security and privacy design principles are being followed
- Identify vulnerabilities, missing patches, and misconfigurations across our cloud, on-premise, and employee infrastructure and ensure there is a scalable approach to prioritizing fixes for any issues identified
- Get your hands dirty by fixing vulnerabilities, building in security telemetry/instrumentation, and adding security features to our products/applications
- Actively participate in all facets of the incident response lifecycle by participating in a 24/7 on-call rotation
- Utilize basic understanding of IT Security functions and processes
- Utilizes basic knowledge of Industrial IoT networks and security standards
- Identify security design gaps in existing and proposed architectures and escalate as needed
- Identify and escalate risks associated with business processes, operations, information security programs, and technology projects
- Assist in the design of security architecture elements to mitigate threats as they emerge
- Assist in the design, build, and implementation of enterprise-class security systems for a production environment
- Recommend and assist in creating or improving processes/solutions that balance business requirements with information and cyber security requirements
- Stay current on security trends by tracking and understanding emerging security practices and standards
- Develop relationships with cross-functional teams and begin to develop mutual respect and trust
Security Role and Expectations
- Compliance with Company policies and procedures.
- Minimum of 5 years of experience in IT Security or Infrastructure
- Demonstrates basic knowledge of IT security frameworks like NIST, ISO/IEC 27001 & 27002
- Utilizes basic knowledge of IT security regulations like GDPR, FISMA, PCI, SOX, HITRUST, FedRAMP
- IT Security Components (Basic Knowledge): Application, Cloud, Data IoT, Network, Operations, Vulnerability Management
- In-depth knowledge of security threats, applied cryptography and risk assessments
- Familiarity with the OWASP Top 10 vulnerabilities and how to remediate them
- Experience performing upgrades and deployment of tools
- Experience working with VMware (or similar), Barracuda Firewall
- Understanding of DNS and IP networking
- Experience with HITRUST and FedRAMP
- Working knowledge of Linux (RHEL) and Windows OSes required
- BS/MS in Computer Science, Computer Engineering, Information Technology, Cyber Security, or similar. Equivalent experience may be considered.
- Certifications in security-related areas preferred (e.g., CompTIA Security+, CEH, CISSP, CISA, MCSA, etc.)
Experience and Skills
- Experience managing large-scale security system projects and engineering complex systems
- Ability to communicate complex and technical issues orally and in writing, in an easily understood, authoritative and actionable manner
- Strong troubleshooting/root cause analysis skills
- Self-driven – ability to take requirements/tasks and complete independently
- Strong communication skills to work within a team and report on risks to the organization and project commitments/deliverables
- Understanding of the Incident Response life cycle is required as engineering may serve as an escalation point for Security Operations
- Ability to script/code to aid automation required (PowerShell, Bicep, Terraform a plus)
- High attention to detail
- DUO, Last Pass, JIRA, Gitlab – nice to have
Semler Scientific is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.