Northern Arizona Healthcare

Welcome page

Information Security Engineer - Flagstaff, AZ

Job Locations US-AZ-Flagstaff
Requisition ID
2025-20114
Recruiter:
CHEYENNE GURULE
Recruiter Email:
Cheyenne.Gurule@nahealth.com
Schedule
Days
Telecommute
Yes
FTE
1.000 / 40 hours (Regular Full-Time)

Overview

The Information Security Engineer is responsible for the operations and maintenance of enterprise information security controls and for ensuring the appropriate operational security procedure is maintained for information systems, programs, and data. The Engineer will also maintain and assist in developing the processes and systems to effectively manage the operations of security systems throughout the enterprise. Reporting to the Director of Information Security, the Security Engineer is responsible for the systems that monitor and protect NAH from ongoing threats and will be responsible for enforcement of policies, standards, and procedures.
The ideal candidate will have a background in information security and cybersecurity and demonstrated experience in the monitoring and response of security events, desire for continuous learning, possess excellent analytical skills, and demonstrate effective communication skills to a wide audience.
 

Responsibilities

Security Controls Performance/Management
Assists in the development, implementation, and day to day maintenance of IT security & control infrastructures. Provides ongoing staff consulting for security requirements in system development activities, policies, standards, and procedures.

Conducts operational information security procedures including documentation, metrics reporting, change control, maintaining ticketing queues, vulnerability scanning, assessment, vulnerability management, etc.

Supports the implementation and ongoing operations of access controls and user access rights as required.

Conducts Anti-Virus (AV) and intrusion tests to assess the probability of risks occurring and the impact on the organization.

Ensures that mission-critical enterprise applications such as AV, software delivery, patching, log management and other technical controls are installed, configured, managed, and maintained appropriately.

Supports the Incident Response Team during a cyber-incident.

Provides technical support for day-to-day security operations, change management and business continuity programs.

Troubleshoots security systems and related issues.
 
Leadership/Decision Making
Provides mentoring to staff to develop job satisfaction and coordinates cross-training opportunities with other technical support groups.

Researches and recommends security solutions and products and implements new security controls. Maintains knowledge of applicable IT security practices.
 
Compliance/Safety
If required for position, ensures all certifications and/or licenses are up-to-date and valid prior to expiration dates.

Completes all company mandatory modules and required job specific training in the specified time frame.

Responsible for reporting any safety related incident in a timely fashion through the Safety Event reporting tool; attends all safety related training programs; performs work in a safe manner; monitors work environment for possible safety issues and ensures others are also performing work in a safe manner.

Maintains up-to-date knowledge regarding emerging security threats and corrective action. Applies strategy and tactical responses in real-time in a high stress and changing environment.

Responsible for maintaining up-to-date knowledge of cybersecurity trends, developments, best practices and regulatory changes.

Stays current and complies with state and federal regulations/statutes and company policies that impact the employee's area of responsibility.

Qualifications

Education
Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience) - Required
 
Certification & Licensures
Relevant security certifications (e.g., GIAC, CISA, CISM, CISSP, Security+ and CRISC) highly preferred
 
Experience
Minimum of seven (7) years of relevant security and network experience, inclusive of the experience requirements listed below- Required
Experience with End User Workstation security and configuration.
Experience in at least one of the following disciplines: Endpoint Security (AntiVirus/AntiSpyware/IPS), Web Content Filtering, Application Aware firewalls, and/or Encryption, Security Event/Incident Monitoring.
Technical knowledge and extensive hands-on experience with security and networking architecture, networking protocols, network security design, wireless security, intrusion prevention/detection, firewall architecture, and incident management response systems.
Experience with scripting technologies, LDAP, Active Directory; Group Policy; Single Sign-on solutions (i.e. Imprivata, Vergence); Citrix hosted applications; and domain architecture.
Experience in implementation or IT operational experience with end user product in a healthcare environment.
Experience with formal security auditing process and mediation planning.

Healthcare is a rapidly changing environment and technology is integrated into almost all aspects of patient care. Computers and other electronic devices are utilized across the organization and throughout each department. Colleagues must have an understanding of computers, and competence in using computers and basic software programs.
 

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed