We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.

Job posting has expired

#alert
Back to search results

Sr. IT Security Engineer Architect (Hybrid)

American Medical Association
United States, Illinois, Chicago
330 North Wabash Avenue (Show on map)
April 08, 2024
Sr. IT Security Engineer Architect

Chicago, IL (Hybrid)

The American Medical Association (AMA) is the nation's largest professional Association of physicians and a non-profit organization. We are a unifying voice and powerful ally for America's physicians, the patients they care for, and the promise of a healthier nation. To be part of the AMA is to be part of our Mission to promote the art and science of medicine and the betterment of public health.

We continuously work to embed equity in our internal practices and are committed to increasing the diversity of our staff across all levels of the organization. We intentionally work to create the right conditions to enable our employees to feel that they can be their authentic selves and fully participate in the life of the enterprise.

We encourage and support professional development for our employees, and we are dedicated to social responsibility. We invite you to learn more about us and we look forward to getting to know you.

We have an opportunity at our corporate offices in Chicago for a Sr. IT Security Engineer Architect on our Information Technology team. This is a hybrid position reporting into our Chicago, IL office, requiring 2 days a week in the office.

As a Sr. IT Security
Engineer Architect, you will provide subject matter expertise on the research,
design, implementation, and operation of technical and process security
controls. Develops strong relationships across the AMA's IT department
and with business unit teams; serves as a trusted advisor to assess security
risk in technology selection with appropriate balance that supports business
outcomes. Responsibilities include data security, collaboration with the
security operations team, and maintaining the broad suite of information
security infrastructure, and all associated contracting, policy, and regulatory
compliance implications. Keeping abreast of current threat activities and
trends through active participation within governmental and industry-leading
organizations to research, prepare, and maintain strategic roadmaps
incorporated into the Information Security Program. Lead or assist with
security incidents and compliance investigations and produce timely and clear
reporting to both technical and senior business leader audiences. Serves as
primary backup for CISO.

RESPONSIBILITIES:

System/Network/Application Security

  • Research, design, evaluate, and
    test the security of AMA applications, systems, and networks to ensure the
    operational effectiveness of technical controls implemented by the
    organization; purpose-built security tools such as data loss prevention,
    logging and event management, enterprise encryption systems and also
    security controls embedded in enterprise systems and applications such as
    authentication and access controls
  • Responsible for the effective use of AMA cybersecurity systems including enhancements, upgrades, and lifecycle management through relationships with product and service vendors
  • Ensure the technical integration of security components within the AMA's environment to optimize the value and control benefits including ease of use, effectiveness, and breadth of coverage

Technology Risk Management

  • Assess technical risks in the
    AMA's environment both pre and post-production through the AMA's Software
    Development Lifecycle (SDLC) and Change & Release Management Boards;
    communicate identified risks and recommend solutions
  • Manage the research, appropriate response, and remediation of malicious and inappropriate activity; ensure consistency of the risk assessment approach across the organization
  • Support policy updates; research and recommend changes to maintain strong security posture relative to enterprise architecture standards, cloud strategy, and AI implementations

Service Delivery

  • Manage continuous process
    improvement to identify technical or process enhancements in the delivery
    of IT Security services to increase service quality
  • Prioritize improvements on a cost/benefit basis, communicating opportunities to management.
  • Serve as backup and/or escalation point in the fulfillment of IT Security service requests

Project Management

  • Manage IT Security-led projects
    following the AMA's applicable project governance processes, including
    Software Development Life Cycle; ensure successful project outcomes, such
    as completing projects within time and budget tolerances
  • Support new software, data, and service provider product and contract reviews

May include other responsibilities as assigned

REQUIREMENTS:

1. Minimum 10+ years engineering/design experience with a mix of the following security platforms is required: network and application-layer firewalls and secure network design; infrastructure and application-layer vulnerability management, security information and event management (SIEM); Security, Orchestration, Automation and Response (SOAR), data loss prevention (DLP); enterprise encryption solutions for database, file systems and data in motion; Internet/Web Gateway; end point security controls (such as anti-virus, anti-malware XDR, host-based firewall, and full disk encryption solutions); and intrusion detection and prevention systems. Knowledge of Attack and Penetration methodologies, tools, and techniques

2. Minimum 5 years conducting infrastructure and application project design reviews Engineering/design experience with a mix of the following infrastructure technologies is required: Microsoft/Azure (Azure AD, ADFS, M365, Sharepoint 2019, Windows Server 2019-2022, Windows 10-11); Red Hat Linux, VMware, AWS EC2, S3, IAM

3. Working knowledge of security scanning and analyzing tools; Commercial Application and Infrastructure/Operating System and Opensource Vulnerability scanning/management, and freeware/commercial Wireshark, NMAP, Burp Suite, Nikto, Qualys, Tenable, Snyk, Wiz

4. Polished verbal and written communication, interpersonal, analytical, and organizational skills, attention to detail, and a high level of integrity are required

5. Strong business acumen. Ability to understand the organization's various business functions and their objectives

6. Experience with project management and software development lifecycle methodologies preferred.

7. Professional IT Security and IT Audit certifications such as CISSP, CISM, CEH, CISA, and/or technical certifications preferred

8. Experience with IT Infrastructure Library (ITIL) - particularly incident, change, release, and/or problem management preferred

9. Experience with IT security standards, such as CIS Top 20, ISO 27001, NIST CSF, NIST 800-53, HITRUST, MITRE, OWASP, CWE/SANS Top 25 Programming Errors, and attestation reports such as SOC 1/2/3 and technology risk management methodologies, such as NIST 800-30 preferred.

10. Experience with compliance standards such as Payment Card Industry (PCI), Sarbanes Oxley (SOX) and Health Insurance Portability & Accountability Act (HIPAA) preferred

11. Bachelor's Degree in Computer Science or related discipline strongly preferred. Master's Degree in Computer Science or related discipline a plus

Additional Technical Background

1. Minimum
10+ years engineering/design experience with a mix of the following security
platforms is required: network and application-layer firewalls and
secure network design; infrastructure and application-layer vulnerability
management, security information and event management (SIEM); Security,
Orchestration, Automation and Response (SOAR), data loss prevention (DLP);
enterprise encryption solutions for database, file systems and data in motion;
Internet/Web Gateway; end point security controls (such as anti-virus,
anti-malware XDR, host-based firewall, and full disk encryption solutions); and
intrusion detection and prevention systems. Knowledge of Attack and
Penetration methodologies, tools, and techniques
2. Minimum
5 years conducting infrastructure and application project design
reviews Engineering/design experience with a mix of the following
infrastructure technologies is required: Microsoft/Azure; Linux, AWS
3. Working
knowledge of security scanning and analyzing tools; Commercial Application and
Infrastructure/Operating System and Opensource Vulnerability
scanning/management
4. Polished
verbal and written communication, interpersonal, analytical, and organizational
skills, attention to detail, and a high level of integrity are required
5. Strong
business acumen. Ability to understand the organization's various business
functions and their objectives
6. Experience
with project management and software development lifecycle methodologies
preferred.
7. Professional
IT Security and IT Audit certifications such as CISSP, CISM, CEH, CISA, and/or
technical certifications preferred
8. Experience
with IT Infrastructure Library (ITIL) - particularly incident, change, release,
and/or problem management preferred
9. Experience
with IT security standards, such as CIS Top 20, ISO 27001, NIST CSF, NIST
800-53, HITRUST, MITRE, OWASP, CWE/SANS Top 25 Programming Errors, and
attestation reports such as SOC 1/2/3 and technology risk management
methodologies, such as NIST 800-30 preferred.
10. Experience with
compliance standards such as Payment Card Industry (PCI), Sarbanes Oxley (SOX)
and Health Insurance Portability & Accountability Act (HIPAA) preferred
11. Bachelor's Degree in
Computer Science or related discipline strongly preferred. Master's
Degree in Computer Science or related discipline a plus
Additional Technical Background
1. Experience
with:
a. Cloud-based
security tools (CloudTrail, WAF, Security Center, etc.)
b. Source
code management tools
c. Code
scanning tools (Dynamic, Static and Opensource)
d. Vulnerability
Management solutions
2. Knowledge
of:
a. User
authentication such as Zero Trust concepts, SAML and OAuth-based SSO
architectures and IDP integrations, MFA, Virtual Private Networks (VPNs), TLS,
PAM, corporate wifi, device identity, 802.1x port-based authentication, server
identification, authentication of web applications, S/MIME Email Signing, is
desirable
b. Programming
languages
c. Web
services, API, REST, RPC
d. Infrastructure
as Code
e. Administration
of Azure suite
f. Administration
of AWS security services and related best practices
g. Operating
systems: Windows, Mac, Linux, WVD, VDI, and Jump Boxes/Bastion Servers
h. Network
routing and communication frameworks, protocols, and technologies such as OSI,
TCP/IP v4 & v6, RIP, OSPF, VPN, HTTPS, TLS, and SSH is required.
i. Working
knowledge of SQL, LDAP, and/or regex is a plus.

The American Medical Association is located at 330 N. Wabash Avenue, Chicago, IL 60611 and is convenient to all public transportation in Chicago.

We are an equal opportunity employer, committed to diversity in our workforce. All qualified applicants will receive consideration for employment. As an EOE/AA employer, the American Medical Association will not discriminate in its employment practices due to an applicant's race, color, religion, sex, age, national origin, sexual orientation, gender identity and veteran or disability status.

THE AMA IS COMMITTED TO IMPROVING THE HEALTH OF THE NATION

(web-86bf545f88-6xd68)