Sr. Engineer - Information Security
Our goals are to provide excellent service, utilize advanced technology, and proficiently deliver results. To accomplish these goals, we constantly seek individuals who look for ways to do things better. We are a company whose
cultivates teamwork, rewards excellence, focuses on quality for every aspect of our business, and promotes community involvement.
Tabula Rasa HealthCare (TRHC) is a leader in providing patient-specific, data-driven technology and solutions that enable healthcare organizations to optimize performance to improve patient outcomes, reduce hospitalizations, lower healthcare costs, and manage risk. Medication risk management is TRHC’s lead offering, and its cloud-based software applications, including EireneRx® and MedWise™, provide solutions for a range of payers, providers and other healthcare organizations.
TRHC empowers our employees to provide excellent service, utilize advanced technology, and proficiently deliver results. Our 32Fundamentals are what we are and who we are. Our culture cultivates teamwork, rewards excellence, focuses on quality for every aspect of our business, and promotes community involvement. As a part of our team, you will help us bring innovative service models to healthcare, improving patient outcomes.
The Senior Information Security Engineer is responsible for working cross-functionally with multiple business units and IT partners, as well as external service partners to ensure the design and implementation of applications follow security standards and meet policy requirements. This position will also serve as a technical leader in the development of process and standards for multiple areas, leading all vulnerability efforts.
- Develops security strategies, programs and guidance documentation that drive the strategy.
- Leads risk assessments for products and applications used by the organization.
- Leads the development of standards and processes, to ensure that security goals and objectives are met, and the environment security profile meets the risk appetite of the company.
- Actively participates in Governance, Risk and Compliance activities performed within the Information Security Team.
- Routinely interacts with the managed services provider to ensure the vulnerability risk management meets objectives and the provider performs services effectively.
- Leads vulnerability assessments and monitoring services across all critical applications, leading a program where security is prioritized.
- Leads the deployment and/or development of training programs to ensure staff are prepared for and understand their role in securing our products and services.
- Coordinates with other business unit team members to ensure timelines are met, in accordance with our polices.
- Continuously improves the processes and procedures to include report exceptions/risk acceptance for further review.
- Manage third party providers utilized to deliver products and services within their scoped areas.
- Participates in requirements gathering by interjecting required security controls necessary to ensure compliance.
- Works with business units to define static, dynamic security analysis testing and external penetration testing requirements and provide oversight to vulnerability findings for remediation and/or mitigation.
- Develops risk-based mitigation strategies for networks, operating systems, and applications.
- Compiles and tracks vulnerabilities and mitigation results to quantify program effectiveness.
- Ensures performance of network-based scans to identify possible network security attacks and host-based scans to identify vulnerabilities in workstations, servers, and other network hosts.
- Confers with IT group and business units to discuss issues such as data access needs, security violations, and application changes, ultimately ensuring risk dispositions are determined.
- Interacts routinely with managed service providers, vendors, consultants/advisers, and professional organizations.
- Participate with the business in implementing solutions to mitigate identity risks and enhance system security.
- Leads the development of security policies.
The above essential functions are representative of major duties of positions in this job classification. Specific duties and responsibilities may vary based upon departmental needs. Other duties may be assigned like the above consistent with knowledge, skills and abilities required for the job. Not all the duties may be assigned to a position.
These represent the desired qualifications of the ideal candidate. They are not meant to limit consideration for candidates who do not meet all the standards listed. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Required: Bachelor's degree in in a computer or information management or related field.
- Required: Minimum of 10 years IT Security or other IT related work experience
- Preferred: Certifications including CISSP, CEH, CISM or CISA.
- Preferred: Working knowledge of vulnerability assessment technologies like Rapid7, Tenable, Qualys, Gitlab Ultimate, Veracode, Acunetix; knowledge with the following IT Security Frameworks: PCI, HIPAA, SOX, NIST.
OTHER SKILLS and ABILITIES:
- Understanding of Sarbanes Oxley (SOX) Compliance requirements and IT General Controls.
- Familiarity with a broad range of IT and Information Security products and technologies such as identity and access management, vulnerability management, encryption and key management, logging and monitoring and application security.
- Familiarity with cloud and SaaS-based environments and technologies with associated auditing methodologies.
- Expert presentation, documentation, and communication skills. Proven ability to interact and communicate clearly and effectively with individuals at various levels across an organization.
- Demonstrates ability to work independently and as part of a team.
- Demonstrates strong attention to detail, influencing and problem resolution skills.
PHYSICAL/MENTAL DEMANDS: This position is administrative in nature and will present physical demands requisite to a position requiring: hearing, seeing, sitting, standing, talking, and walking. The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.
WORK HOURS: Schedules are set to accommodate the requirements of the position and the needs of the organization and may be adjusted as needed.
TRAVEL: Travel may be required for special department events, trade shows, or conferences.
The Company is proud to be an equal opportunity employer. All qualified applicants will receive consideration without regard to ancestry or national origin, race or color, religion or creed, age, disability, AIDS/HIV, gender, marital or family status, pregnancy, childbirth or related medical conditions, genetic information, military service, protected caregiver obligations, sexual orientation, protected financial status or other classification protected by applicable law.
- Pay Type Salary
- Moorestown, NJ 08057, USA