Security Engineer

The American Nurses Association (ANA) is the premier organization representing the interests of the nation's 4 million registered nurses. ANA advances the nursing profession by fostering high standards of nursing practice, promoting a safe and ethical work environment, bolstering the health and wellness of nurses, and advocating on health care issues that affect nurses and the public. ANA is at the forefront of improving the quality of health care for all. 

The information security engineer is responsible for providing engineering design, analysis, and support for routers, firewalls, networks, and operating systems.
They are responsible for configuring vulnerability assessment tools, performing scans, analyzing vulnerabilities, identifying relevant threats, recommending corrective actions, and summarizing results for relevant operational teams.

The information security engineer is responsible for the development, review, implementation, and maintenance of the organization’s information security awareness program. The role reduces risk throughout the organization by ensuring employees know and understand information security’s policies and behave with a security mindset.

The information security engineer develops and implements information security architecture and technology solutions to address the current and emerging information security and compliance requirements of the organization.

•Researches, designs, and implements information security solutions for organization systems and products that comply with all applicable security policies and standards
•Works with IT and internal and external business partners to ensure that security is factored in the evaluation, selection, development, installation and configuration process of hardware and software
•Produces vulnerability, configuration, and coverage metrics and reporting to demonstrate assessment coverage and remediation effectiveness
•Ensures security awareness trainings, communications, and marketing are engaging and influences changes in employees’ behavior
•Examines network, server, and application logs to determine trends and identify security incidents
•Ensure PCI certification is maintained

•Bachelor’s degree in computer science, information security, or a related field; master’s preferred.
•Networking background, knowledge of network protocols, including UDP/TCP
•Certified Information Systems Security Professional (CISSP) or Global Information Assurance Certification (GIAC)
•US Citizen or Green Card holder, able to obtain a Public Trust

Related Work Experience
•Over three years of experience using at least one scripting language (e.g.: Perl, Python, PowerShell)
•Over five years of experience in information security, especially in a security engineering role
•Over five years of experience with regulatory compliance and information security management frameworks (e.g., IS027000, SANS Critical Security Controls, NIST 800, etc.)

 • Technical expertise in network security knowledge, to include VPN, Firewall, network monitoring, intrusion detection, web server security, and wireless security
• Strong knowledge of common vulnerabilities and exploitation techniques
• Practical experience with database security, content filtering, vulnerability scanning, and anti-malware
• An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
• An ability to effectively influence others to modify their opinions, plans, or behaviors

Preferred Skills & Experience
•Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
•Technical expertise in system security vulnerabilities and remediation techniques, network and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, .net, IIS, CVE, MITRE ATT&CK, etc.)
•Technical expertise in security engineering, system and network security, authentication and security protocols, cryptography, and application security using Cisco security products, devops and Azure security controls.
•Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part
•Ability to assess the impact of emerging business and end-user technologies on information security requirements and architecture
•Strong interpersonal skills, with an emphasis on the ability to effectively influence others
•Ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner

ANA’s state of the art office is located in the heart of beautiful downtown Silver Spring, Maryland, just blocks from the Metro and a wide range of restaurants and shops. ANA offers competitive salaries, a flexible work schedule and great benefits that include the following and many more:
• Attractive benefit plan for Health, Dental, Vision, RX
• 3 weeks paid vacation and Christmas week off (paid)
• 9 paid holidays, birthday holiday, and 12 sick days
• Excellent matching 401K plan
• Tuition Reimbursement and Professional Development
• Flexible Spending Accounts