Info Security & Cyber security Engineer I

Job Description: Summary: The Information Security & Cybersecurity Engineer role develops, maintains, and coordinates the Organizationu2019s information security activities in support of the Lifetime Healthcare Companiesu2019 information security program. This position provides technical information security risk management and compliance services and support to the Organizationu2019s lines of business and further provides information security consulting and support to all levels of the Organizationu2019s management in support of the information security program. The cybersecurity disciplines range from Security Operations, Governance Risk and Compliance services, or Identity and Access Management. Essential Accountabilities: Level I u2022 Responsible for the design, implementation, and operation of Organization-wide security infrastructures. Evaluates and proposes new security solutions and advises and consults with the security manager and various levels of management regarding protection of computing resources and information assets. u2022 Assists in the maintenance and operational support for security technologies in defense against modern cybersecurity threats u2022 Delivers support for the Organizationu2019s Information Security Framework and strives to improve maturity of the Information Security program in certain Framework domains. u2022 Respond to requests within defined SLAs relating to various information security systems, programs, and processes. u2022 Maintains risk management documentation to monitor lifecycle progress, track acceptance decisions, and catalog remediation actions. Utilizes automated Governance, Risk, and Compliance tools to track artifacts of the risk management lifecycle. Consults with information systems owners to categorize systems; select, implement, and assess controls; and frame, assess and monitor risk. u2022 Enforces information security policies, standards, and procedures by administering and monitoring security reports; investigates possible security exceptions. u2022 Delivers information risk management services for new and existing automation products and projects. u2022 Participates in rotation of 24/7/365 on call coverage. u2022 Assists in the execution of HIPAA, MAR, PCI, and COBIT compliance activities. u2022 Integrates security tools and appropriate controls into new and existing systems and applications. u2022 Assists in department self-audits, internal audits, external audit reviews, and risk assessments for the division and for end user departments. u2022 Participates in security assessment of supplier and vendors develops recommendations to improve security and mitigate security risks. u2022 Consistently demonstrates high standards of integrity by supporting the Lifetime Healthcare Companiesu2019 mission and values, adhering to the Corporate Code of Conduct, and leading to the Lifetime Way values and beliefs. u2022 Maintains high regard for member privacy in accordance with the corporate privacy policies and procedures. u2022 Regular and reliable attendance is expected and required. u2022 Performs other functions as assigned by management. Level II (in addition to Level I Accountabilities) u2022 Keeps abreast of cyber threat landscape and evolving mitigation approaches and techniques. u2022 Performs as the Subject Matter Expert for at least one information security technology, processes, and practices internally to the Health Plan u2013 including making recommendations relating to this technology. u2022 Provides technical expertise and support to security administrators on distributed systems security and implements automated solutions for security administration requests. u2022 Trains and provides technical support to Security Administrators and lower-level InfoSec & Cybersecurity Engineers on distributed system and application security. u2022 Provides consultation and facilitation support services to the Organization and its subsidiaries in information security matters and ensures compliance with the Organizationu2019s information security policies and standards. u2022 Integrates security tools and appropriate controls into new systems and applications. u2022 Acts as a security consultant for Organizationu2019s IT platforms, databases, middle-wares, and messaging systems (with oversight from a more senior analyst). Level III (in addition to Level II Accountabilities) u2022 Performs as the Subject Matter Expert for at least two information security technology, processes, and practices internally to Health Plan. u2022 Designs, develops, integrates, tests, evaluates, and maintains cybersecurity technology products. u2022 Researches, engineers, and integrates new security solutions with an emphasis on solutions that aligns with overall cybersecurity strategy. u2022 Performs cyber defense incident triage, including determining scope, urgency, and potential impact, and identifying the specific vulnerability. u2022 Provides security consulting to business partners to ensure solution designs are aligned with security principles and cybersecurity frameworks. Level IV (in addition to Level III Accountabilities) u2022 Acts as Team Leader amongst the group of engineers. u2022 Performs as the Subject Matter Expert for more than three information security technologies, processes, and practices internally to the Health Plan, and externally in the industry as a whole. Minimum Qualifications: NOTE: We include multiple levels of classification differentiated by demonstrated knowledge, skills, and the ability to manage increasingly independent and/or complex assignments, broader responsibility, additional decision making, and in some cases, becoming a resource to others. In addition to using this differentiated approach to place new hires, it also provides guideposts for employee development and promotional opportunities. All Levels u2022 Bachelor's degree in computer science, Information Technology, or relevant field. In lieu of degree, six (6) cumulative years of related experience required. u2022 Hands on experience with the following operating systems preferred: mainframe, Windows, and UNIX (Linux, AIX, Solaris, etc.). u2022 Basic knowledge of a minimum of one concept and/or tool listed below: o Encryption o PKI o Network and application security, and related firewalls (Palo Alto Networks, Imperva, etc.) o AD, LDAP, and various authentication implementations o Virus detection and end point security (McAfee preferred) o Vulnerability scanner and pen testing tools (e.g., Rapid 7, Nessus, Nexpose, Metasploit, Appscan, Burp suite, Ida Pro etc.) o IDS/IPS and related tools o SIEM and tools (e.g., ArcSight, Splunk, SolarWind LEM, QRadar, McAfee, etc.) o Common web application security vulnerabilities (e.g., OWASP top ten) u2022 Excellent verbal communications skills and concise written communication skills. u2022 Excellent organization and multi-tasking skills. Level II (in addition to Level I Qualifications) u2022 Three (3) of related work experience, and basic knowledge of a minimum of two (2) concepts and/or tools listed above (under Level I). u2022 Experience with security controls for operating systems, applications, and database management systems. u2022 Experience in evaluating security software packages. u2022 Experience with security automation, including associated reporting and notification. u2022 Knowledge of network regulations, industry standards and operational constraints of networks systems. Level III (in addition to Level II Qualifications) u2022 Five (5) years of related work experience, and basic knowledge of a minimum of three (3) concepts and/or tools listed above (under Level I). u2022 CISSP, CISA, CISM or other relevant security certification, or equivalent experience, and knowledge preferred. u2022 Experience providing work direction for one or more individualu2019s specific projects and initiatives. u2022 Experience providing guidance and mentorship to more junior team members. u2022 Knowledge of Security Frameworks and translating aspects into enhancing security postures. Level IV (in addition to Level III Qualifications) u2022 Seven (7) years of related work experience, and basic knowledge of a minimum of four (4) concepts and/or tools listed above (under Level I). u2022 Two (2) years demonstrated expertise in at least three (3) concentrations within information security technology. u2022 Experience with creating and managing security architecture. Physical Requirements: u2022 Ability to work prolonged periods sitting and/or standing at a workstation and working on a computer. u2022 Ability to work while sitting and/or standing at a workstation viewing a computer and using a keyboard, mouse and/or phone for three (3) or more hours at a time. u2022 Ability to travel across the Health Plan service region for meetings and/or trainings as needed. u2022 Ability to work in a home office for continuous periods of time for business continuity. In support of the Americans with Disabilities Act, this job description lists only those responsibilities and qualifications deemed essential to the position. Equal Opportunity Employer Compensation Range(s): E3 - Min 60,410 Mid 83,167 Max 106,929 The salary range indicated in this posting represents the minimum and maximum of the salary range for this position. Actual salary will vary depending on factors including, but not limited to, budget available, prior experience, knowledge, skill and education as they relate to the positionu2019s minimum qualifications, in addition to internal equity. The posted salary range reflects just one component of our total rewards package. Other components of the total rewards package may include participation in group health and/or dental insurance, retirement plan, wellness program, paid time away from work, and paid holidays. Please note: There may be opportunity for remote work within all jobs posted by the Excellus Talent Acquisition team. This decision is made on a case-by-case basis. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Created: 2026-03-30