Job Opening: APPLICATION SECURITY ADMIN (2024)

APPLICATION SECURITY ADMIN

BrightSpring Health Services

Installs, configures, maintains, evaluates and troubleshoots security tools, including hardware, software, systems and services.

• Works with IT Management and Engineers to routinely recommend, develop, and maintain policies, standards, guidelines, and training materials on the secure configuration and operation of computer systems (desktops, laptops, smartphones, servers, network connections, and protection systems).
• Works with IT Management and Engineers to perform periodic security audits of RAS, VPN, Firewalls, Proxy's, , Servers, Remote Access Controls, Change Control, etc.
• Reviews error log and determines the cause and resolution of errors.
• Collaborates with cross-functional teams and clients to define, design and deliver new and enhanced security measures that meet the needs of the company, its clients and end users.
• Evaluates projects that impact the security infrastructure and implements or modifies user entitlements as it relates to the roll out of these projects.
• Researches and evaluates new security technology, techniques and industry best practices to minimize threats and vulnerabilities.
• Develops, maintains and updates documentation of all security tools, processes, procedures and policies.
• Works daily with IT Engineers to monitor for virus alerts and new virus threats using enterprise anti-virus software; configure and support anti-virus software; identify and prioritize new network threats and attacks; provide notification of virus notices/alerts and attacks; facilitate incident response and enterprise risk assessment; participate in investigations using network data analysis forensics techniques.
• Works with Business Owners, IT Application Development and Infrastructure stakeholders to assist in the planning, design, and implementation of enterprise-wide security architecture and systems, including business applications; authentication mechanisms, cryptography and role-based security; portals and web configurations; host and backend systems; DMZs, firewalls, VPNs, intrusion detection systems; penetration testing; vulnerability assessments; and disaster recovery.
• Works with IT managers and I.S. Security Specialists to provide quarterly risk assessment reports to the CIO executive lead team. Document security related events ad the net loss of revenue or other impact caused by each event in the previous quarter. Identify existing security weaknesses and concerns and describe each potential impact on the organization from an operational and financial standpoint. Reports and outputs are to be clear and concise and translate technology to business relevant information.
• Performs other tasks as assigned.
• Conducts job responsibilities in accordance with the standards set out in the Company's Code of Business Conduct and Ethics, its policies and procedures, the Corporate Compliance Agreement, applicable federal and state laws, and applicable professional standards.

Education/Learning Experience

• Required: Associate degree in Computer Information Systems, Computer Science, Computer Engineering, Information Systems Management, or equivalent experience
• Desired: Bachelor's degree in Computer Science, Information Systems, or related field

Work Experience

• Required: 3-5 years of experience in system and/or security administration in a Windows 2007-2010 environment; Microsoft Active Directory, Okta, experience with Anti-Virus, Spyware, Anti-SPAM, Personal Firewalls, and other end-user or gateway security solutions; familiarity with various network and host-based security applications and tools, such as network and host assessment scanning tools.
• Must possess working experience with MS Office applications including Access, Visio, and Project; must also be able to research, evaluate, and recommend security technology and solutions; experience required defining and documenting internal controls and procedures; conducting routine security audits and risk assessments, and following compliance adherence processes (i.e., SAS70/Sarbanes-Oxley/HIPAA/etc.)

Skills/Knowledge

• Required: None
• Desired: CompTIA Security or other IT security certification