Support new software, data, and service provider product and contract reviews
May include other responsibilities as assigned
REQUIREMENTS:
Minimum 10+ years engineering/design experience with a mix of the following security platforms is required: network and application-layer firewalls and secure network design; infrastructure and application-layer vulnerability management, security information and event management (SIEM); Security, Orchestration, Automation and Response (SOAR), data loss prevention (DLP); enterprise encryption solutions for database, file systems and data in motion; Internet/Web Gateway; end point security controls (such as anti-virus, anti-malware XDR, host-based firewall, and full disk encryption solutions); and intrusion detection and prevention systems. Knowledge of Attack and Penetration methodologies, tools, and techniques
Minimum 5 years conducting infrastructure and application project design reviews Engineering/design experience with a mix of the following infrastructure technologies is required: Microsoft/Azure; Linux, AWS
Working knowledge of security scanning and analyzing tools; Commercial Application and Infrastructure/Operating System and Opensource Vulnerability scanning/management
Polished verbal and written communication, interpersonal, analytical, and organizational skills, attention to detail, and a high level of integrity are required
Strong business acumen. Ability to understand the organization's various business functions and their objectives
Experience with project management and software development lifecycle methodologies preferred.
Professional IT Security and IT Audit certifications such as CISSP, CISM, CEH, CISA, and/or technical certifications preferred
Experience with IT Infrastructure Library (ITIL) – particularly incident, change, release, and/or problem management preferred
Experience with IT security standards, such as CIS Top 20, ISO 27001, NIST CSF, NIST 800-53, HITRUST, MITRE, OWASP, CWE/SANS Top 25 Programming Errors, and attestation reports such as SOC 1/2/3 and technology risk management methodologies, such as NIST 800-30 preferred.
Experience with compliance standards such as Payment Card Industry (PCI), Sarbanes Oxley (SOX) and Health Insurance Portability & Accountability Act (HIPAA) preferred
Bachelor’s Degree in Computer Science or related discipline strongly preferred. Master’s Degree in Computer Science or related discipline a plus
Additional Technical Background
- Experience with:
a. Cloud-based security tools (CloudTrail, WAF, Security Center, etc.)
b. Source code management tools
c. Code scanning tools (Dynamic, Static and Opensource)
d. Vulnerability Management solutions
- Knowledge of:
a. User authentication such as Zero Trust concepts, SAML and OAuth-based SSO architectures and IDP integrations, MFA, Virtual Private Networks (VPNs), TLS, PAM, corporate wifi, device identity, 802.1x port-based authentication, server identification, authentication of web applications, S/MIME Email Signing, is desirable
b. Programming languages
c. Web services, API, REST, RPC
d. Infrastructure as Code
e. Administration of Azure suite
f. Administration of AWS security services and related best practices
g. Operating systems: Windows, Mac, Linux, WVD, VDI, and Jump Boxes/Bastion Servers
h. Network routing and communication frameworks, protocols, and technologies such as OSI, TCP/IP v4 & v6, RIP, OSPF, VPN, HTTPS, TLS, and SSH is required.
i. Working knowledge of SQL, LDAP, and/or regex is a plus.
The American Medical Association is located at 330 N. Wabash Avenue, Chicago, IL 60611 and is convenient to all public transportation in Chicago.
We are an equal opportunity employer, committed to diversity in our workforce. All qualified applicants will receive consideration for employment. As an EOE/AA employer, the American Medical Association will not discriminate in its employment practices due to an applicant’s race, color, religion, sex, age, national origin, sexual orientation, gender identity and veteran or disability status.
THE AMA IS COMMITTED TO IMPROVING THE HEALTH OF THE NATION