Security Engineer

Job Type

Full-time

Description

At Wayspring, we are committed to furthering our value of Equity & Inclusion throughout our recruiting practices. We seek diversity of background and opinion, as we think these attributes improve the performance of our company and are the right thing to do for our communities. We recognize and remove barriers to success within our company and communities. We seek to build a recruiting process that is inclusive and fosters diversity.

Overview of the Security Engineer
Wayspring is looking to hire a Security Engineer with experience in several areas of information and cyber security. This role will be technical & hands-on in the management & configuration of the security tools available to the department and will have a leading role in the analysis of threats as well as the proper mitigation of vulnerabilities found within the environment

Responsibilities of the Security Engineer

• Supports and runs vulnerability management scans of the IT and OT systems (using tools like Tenable Nessus, Qualys, Endpoint scanning tools & outputs)
• Works with internal and external parties as directed to push solutions to the environment to address specific threats
• Security vulnerability and risk assessment of Wayspring IT systems and applications, threat analysis to identify new and existing vulnerabilities and driving the remediation process
• Threat modeling and risk mitigation related to the 3rd party applications (from simple desktop tools to complex Cloud based solutions)
• Utilizes and maintains security tool suite (ex. Intune, Jamf, Defender, Gateways, Log Servers, etc.) and builds relationship with partner MSSP/SOC
• Identifies potential issues with detection (e.g., false positives, noise)
• Engages others to escalate appropriately
• Creates detections based on available data (e.g., Indicators of Compromise [IOC] and Tools Tactics Procedures [TTP]).
• Continues to drive automation of detection and response
• Utilizing guidance and key operating procedures, analyzes specific aspects of attempted or successful efforts to compromise systems security
• Escalates findings as appropriate within agreed response times
• Develops ability to analyze independently and make recommendations
• Performs internal testing on applications and configurations to determine what, if any, mitigating controls are required for safe operations
• Executes tactical processes across kill chain.
• Internally or with MSP/SOC support, distinguish effective from ineffective tactics and reports accordingly to inform security posture Maps tactics to MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) matrix and assesses when targets pass and fail against known techniques
• Conducts periodic application security reviews
• Supports a coordinated response to complex cyber-attacks that threaten assets, intellectual property, networks and computer systems

Requirements

• Minimum 3 years of prior hands-on vulnerability management
• Minimum 4 years of prior threat detection & analysis experience
• Experience implementing and adhering to HITRUST & NIST CSF/NIST 800.53
• Knowledge and understanding of security architecture and experience managing and hardening of secure configurations of both Corporate and Healthcare systems and protocols
• Experience using scripting languages (Python or similar, PowerShell scripts, bash) to assist in automation efforts
• Experience using at least three vulnerability management tools
• Experience with red team/blue team testing
• Cloud secure architecture knowledge (AWS and Azure are preferred)
• Security Certification is preferred ( CISSP, CEH, SSCP, AWS)

Company and Benefit Summary

Wayspring has reimagined substance use disorder treatment. We provide individualized care, delivered with a peer-centered approach. We focus on making sure patients have their basic needs met, like access to care, economic stability, and connection to relationships and community. Then we help each person find their own way to wellness.

• Hybrid - remote/in-office options for the Nashville Office
• Medical, Dental and Vision Insurance Options
• Company funded HSA
• Monthly Gym Allowance
• Paid parental leave - all parents included!
• Company paid short term disability, long term disability and life insurance
• 401k matching
• Premium Employee Assistance Program, inclusive of counseling sessions
• Company Contributions to Future Minded Savings (think 529, HSA, Student Loan Reimbursement, and Emergency savings fund)
• Generous PTO package (accrual policy based on years of service) and an additional 10 paid company holidays

Research shows that while men apply to jobs when they meet an average of 60% of the criteria, women and other marginalized folks tend to only apply when they check every box. So, if you think you have what it takes, but don't necessarily meet every single point on one of our job openings, please still apply. We'd love to consider your application and see if you could be a great fit!