Senior Security Engineer

Press Ganey is recognized as a pioneer and thought leader in patient experience measurement and performance improvement solutions. Our mission is to help healthcare organizations reduce patient suffering and improve clinical quality, safety and the patient experience. As of Jan. 1, 2016, we served more than 26,000 health care facilities.

The Senior Security Engineer is a member of Press Ganey's Information Security team, which is responsible for building and maintaining controls that manage information risk and security. The engineer is expected to build and maintain technical controls in order to protect Press Ganey data and keep the company in compliance with applicable laws, regulations, and contractual terms. This will require hands-on technical skills and the ability to coordinate and manage with both external and internal teams. The Security Engineer is an experienced, technical, and senior member of the security team.

* Systems Administration - Administer security-focused information systems with a focus on SIEM systems. Generate customized alerts and reporting from SIEM systems. Provide guidance regarding ways to best extend utilization of existing systems to reduce risk and improve detective controls. * Architecture and Standards - Develop a thorough understand of Press Ganey information systems and their weaknesses. Using published policy as guidance, develop detailed standards for technology teams to secure systems and software. Recommend changes to policy where applicable. While the Engineer is not responsible for configuration of network devices such as firewalls, switches, and IDS, he/she should be able to set standards for the configuration of those tools. * Incident Response – provide senior support to security investigations * Consult on Software Development - Assess new projects for compliance with security controls and best practices. Build test cases for use in automated tests. * Data protection - work with Legal, Technology, and business partners to establish and maintain controls that protect data and appropriately manage its lifecycle. * Vendor management - work with security-focused external partners to ensure goals for information security are met.

* 6+ years of experience in Information Security operations or leadership * Hands-on experience configuring Security Incident and Event Management (SIEM) systems, with a focus on tuning those systems to detect malicious behavior and assist with investigations. * Strong understanding of security operations concepts: Perimeter defenses, BYOD management, data loss protection, insider threat, kill chain analysis, risk assessment and security metrics. * Strong understanding of adversary motivations: cyber-crime, cyber hacktivism, cyber war, cyber espionage and the difference between cyber propaganda and cyber terrorism. * Strong understanding of basic computer science: Algorithms, data structures, databases, operating systems, networks, and tool development (not production software, but tools that can help you do stuff). * Strong understanding of IT operations: Help desk, networks, endpoint management and server management. * Strong ability to communicate: write clearly and speak authoritatively to different kinds of audiences (business leaders and techies). * Proven experience managing multiple work streams successfully. * Ability to manage multiple issues at one time with exceptional follow through. * Excellent customer service, communication, interpersonal and presentation skills. * Demonstrated analytical and problem-solving skills. * Certification for information security management or networking (preferred) (i.e. CISA, CISSP, CISM, CRISC). * Demonstrated competence in security and risk domains, including standards and practices; organization and management; processes; integrity, confidentiality and availability; and software development, acquisition and maintenance. * Experience in a healthcare environment preferred. * Experience identifying and management of risks for HIPAA, PCI-DSS, SOX, etc. * Experience managing and controlling PHI data sets. * Project management experience preferred **Minimum Education:** Degree in Information Systems, Information Security, Computer Science, or equivalent experience.