American Heart Association Cybersecurity Engineer in Rochester, New York
Now is the time to join an organization that enables you to be a relentless force for a world of longer, healthier lives. Here at the American Heart Association, you matter and so does your career!
The American Heart Association has an excellent opportunity for a The Cybersecurity Engineer.
The Cybersecurity Engineer is responsible for coordinating DevSecOps in support of users of the Association’s data networks and application development teams. Responsible for providing technical input for projects related to these environments. Responsible for planning, implementing, maintaining, and supervising the Association’s security controls, practices and infrastructure. Also responsible for contributing to configuration management, change control, and reporting
The American Heart Association offers programs to help you maintain work/life satisfaction according to your changing needs and life situations. To help you be successful, you will have access to Heart U, our award-winning corporate university as well as various other training and support mechanisms locally and through our National Center.
#TheAHALife is our company culture, our way of life, reflecting our diversity and inclusion, our focus on work-life satisfaction, and our Guiding Values - Check out this hashtag on Facebook, Instagram, and Twitter today!
Essential Job Duties:
Assesses vulnerabilities and threats to the Association’s data networks, evaluates available security processes and technologies, and make recommendations to management and business partners for reducing the issues and increasing security in an appropriate and efficient manner.
Knowledge of DevOps practices and ability to champion security first, DevSecOps culture and practices
Knowledge of Threat Modeling methodologies or performing Architecture Risk Analysis
Ability to decompose applications and system designs in hybrid cloud architectures to identify potential threats
Security technologies may include but are not limited to: Data Loss Prevention (DLP), Security Incident Event Management (SIEM), User Behavior Analytics, Host Intrusion Prevention (HIPS) and Web/Email Gateway
Act as internal DevSecOps evangelist; demonstrating the benefits of embedding security and compliance to DevOps
Develop procedures to automate security and compliance checks during code builds and deployments, using not limited to DAST, SAST, SCA, API Gateways, RASP and Secrets Management
Developed automated orchestration routines to ensure ongoing protection of cloud services,
Support configuration management, quality assurance, and cybersecurity throughout the release cycle in an DevSecOps Agile environment
Work with all software and web development teams to ensure sound security practices and security is crafted and built into the applications from the ground up
Self-motivated and fully responsible for leading technology deliverables, analyzing gaps and driving improvements to cyber-deterrence capabilities,
Craft and develop solutions to integrate systems across the network to improve inter-operation as well as to continuously verify systems configuration against baselines,
Identify, select, and deploy emerging cloud and hybrid cloud security services across cloud services,
Implements and maintains configuration management and change control practices for security and other network administrative functions. Participates in and contributes to identification of security tools and network systems; long-range network planning; business continuity planning, implementation, and disaster exercises in support of the network infrastructure. May craft or initiate development of security architecture.
Implements and coordinates programs, processes, and procedures related to anti-virus protection and other activities related to the protection of systems from intentional or inadvertent access or destruction.
Monitors and coordinates a Network Intrusion Prevention system (IPS) for National Center and the Association’s secondary data center location and provides technical leadership for technical staff ensuring the Association’s network is adequately secured.
Collaborates with the Business Technology team to deliver a secure, reliable infrastructure environment, including network support for the National Center Data Center. Identifies technology opportunities and common issues or trends.
Recommends and implements the processes and vendor relationships associated with internet monitoring and intrusion detection. Evaluates and reports on the efficiency of internet security. Makes recommendations to management for appropriate improvements.
Participates, and contributes to technology projects as assigned. Performs other network administration duties as assigned and participates in day-to-day network operations and technical support issue resolutions.
Support vulnerability management program for different domains including application, network, server and infrastructure.
Bachelor’s Degree or equivalent work experience and or Professional License/Specialized Training
5 to 8 years (senior) work experience
Demonstrable experience working with configuration management/automation tools such as AWS CloudFormation, Ansible, Puppet, Saltstack, Rundeck
AWS Infrastructure and Platform service offerings (VPC, EC2, EBS, ELB, S3, and RDS
Operational tools on AWS and Azure such as Splunk, Crowdstrike, FalconOne, Deep Security, CyberArk
Supervising systems and frameworks (CloudWatch/CloudTrail, Nagios, Zabbix, Ganglia, Grafana, ELK)
NESSUS and WebInspect, SAST, DAST tools
Web Application Firewalls, API Gateways, Code Repositories
Experienced in Infrastructure monitoring & debugging
Proven written and verbal communication skills
Experience in information security systems, analysis, or engineering
Experience implementing and supporting enterprise security infrastructure and solutions including but not limited to firewalls, IDS, IPS and VPN
Experience with network monitoring, management and diagnostic tools
Experience in LAN/WAN technologies with focus in Cisco routers, switches, access wireless points, network monitoring, and network operations or similar technology position is required.
Proven ability to analyze application, server, network and security solutions
Troubleshooting skills for sophisticated technical environment
Travel required (5% overnight and local/daily)
Compensation & Benefits
The American Heart Association invests in its people. Here are the main components of our total rewards package. Visit Rewards & Benefits to see more details.
Compensation – Our goal is to ensure you have a competitive base salary. That’s why we regularly review the market value of jobs and make adjustments, as needed.
Performance and Recognition – You are rewarded for achieving success by merit increases and incentive programs, based on the type of position.
Benefits – We offer a wide array of benefits including medical, dental, vision, disability, and life insurance, along with a robust retirement program that includes an employer match and automatic contribution. As a mark of our commitment to employee well-being, we also offer an employee assistance program, employee wellness program and telemedicine, and medical consultation.
Professional Development – You can join one of our many Employee Resource Groups (ERG) or be a mentor/mentee in our professional mentoring program. HeartU is the Association’s national online university, with more than 100,000 resources designed to meet your needs and busy schedule.
Work-Life Harmonization – The Association offers Paid Time Off (PTO) at a minimum of 16 days per year for new employees. The number of days will increase based on seniority level. You will also have a total of 12 paid holidays off each year, which includes several days off at the end of the year.
Tuition Assistance - We support the career development of all employees. This program provides financial assistance to employees who wish to further their education and career in relation to their current duties and responsibilities, or for potential future positions in the organization.
The American Heart Association’s 2024 Goal: Every person deserves the opportunity for a full, healthy life. As champions for health equity, by 2024, the American Heart Association will advance cardiovascular health for all, including identifying and removing barriers to health care access and quality.
At American Heart Association | American Stroke Association, diversity, inclusion, and equal opportunity applies to both our workforce and the communities we serve as it relates to heart health and stroke prevention.
This position not a match with your skills? Click here to see other opportunities.
EOE/Protected Veterans/Persons with Disabilities
Posted Date 5 months ago (10/26/2022 5:38 PM)
Requisition ID 2022-9244
Job Category Information Technology
Additional Locations Diversity Distribution US - Top 57
Position Type Full Time