Information Security Engineer I

Founded in 1973, O’Neil Digital Solutions (ODS) is a leading IT consulting firm specializing in the optimization of complex end-to-end business process systems for a multitude of business verticals including Financial Services, Digital Media, Healthcare, and Transportation industries. ODS provides high-touch bespoke software engineering, systems integration, and infrastructure management services to clients of all sizes and industries. From large scale mass communication projects to highly secure and confidential data analytics using Big Data frameworks like Hadoop and AWS Redshift, ODS has a broad set of proven technical capabilities that help companies make complex digital transformations. ODS offers state of the art publishing solutions through our customer-centric applications and services include electronic document delivery, web applications, high-speed digital printing (color and black & white), automated composition, offset printing, warehousing and fulfillment services. ODS is headquartered in Los Angeles, CA and also has offices/plants in Texas and North Carolina centrally located to serve clients across the country.

Summary

As an Information Security and Data Privacy Engineer I at O’Neil, you will collaborate with internal teams that deal with PHI belonging to many patients and it is imperative that this data is secured. We are building our security team to help safeguard this information, and your work will improve our overall security posture. From helping us implement detection capabilities for anomalous behavior, threat-hunting, spearheading security incident response, conducting training for our engineering team to keeping up with industry best practices, you will be empowered to do the work that is most important for the organization. This is a technical role that will be involved in different aspects of the security incident response life-cycle.

Duties and Responsibilities

• Assist in implementing Security Information and Event Management (SIEM), which includes but is not limited to maintaining logs, assisting in developing company best practices for security alert correlations, and performing root cause analysis after incidents.
• Assist with Endpoint Detection and Response (EDR) vendor analysis and deployment, including partnering with IT to develop a decision matrix for EDR vendor selection, assist with deployment, and developing patterns for automatic response to identified threats.
• Perform regular privacy assessments and impact analysis on databases and operational processes by developing effective tools, training, and guidance to help identify and mitigate risk. This includes data anonymization, pseudonymization, and encryption.
• Assist with detection, analysis, and containment of an incident.
• Help identify key performance metrics for security IR and implement instrumentation for those metrics.
• Maintain, manage, and prioritize hardware, software, systems, and/or product backlog, while actively identifying risks, constraints, and dependencies that would impact roadmap.
• Demonstrate, integrate, and collaborate on enhancing existing security solutions and services to address any gaps or deficiencies.
• Assist with security incident response drill scenarios and lead tabletop exercises.
• Ensure proper training for stakeholders regarding their incident response roles and responsibilities in the event of a breach.
• Collaborate with internal teams to ensure the data retention or system requirements, user-facing privacy controls, new or existing software, and big data solutions enable the business to be data-driven while protecting the data assets.
• Help to write and deploy SQL to archive and/or purge data from databases and to locate, review, explain, and document data for privacy requirements.
• Work with the legal department to produce data both internally and externally and ensure any legal request or litigation hold requirements are met.
• Assist with projects and enhancements, including gathering requirements, conducting research, task management, and updating key partners and stakeholders with the goal of developing solutions to help mitigate privacy vulnerabilities and future privacy risks.
• Assist to conduct structured and unstructured data scans, testing, and debugging of applications by using a variety of technical privacy tools to increase compliance and documentation of procedures and information assets.
• Study and interpret past privacy events and current privacy threats to improve privacy compliance using advanced technologies and design principles to develop and implement new tools and processes.
• Assist both internal and external teams on data governance strategy, updates to legal regulations, and direction on future roadmaps.
• Collaborate with vendors on data and privacy standards.

Qualifications & Requirements

• Bachelor’s Degree in computer science, IT, systems engineering, or equivalent experience.
• 1+ years of experience in the security industry working in any combination of the following areas: Risk management, cloud operations and engineering, network security monitoring, log analysis, static and dynamic malware analysis, NIST Kill Chain, MITRE ATT&CK framework, threat hunting, SIEM, EDR.
• Experience responding to security events.
• Writing and reviewing code (Java, Python, Node, or similar).
• Excellent written and verbal communication, facilitation, and presentation skills to collaborate effectively with software engineering teams.
• Implementing security detection capabilities.
• Proven ability to make decisions and perform complex problem-solving activities under pressure.
• Some knowledge of AWS cloud infrastructure and their threat landscape.

Working Conditions

Must be able to perform the essential job duties. Work is performed primarily in an office environment. Typically requires the ability to sit for extended periods of time (66%+ each work day), ability to hear the telephone, ability to enter data on a computer, and may also require the ability to lift up to 10 pounds.

Equal Opportunity Employer

O'Neil Digital Solutions is an equal opportunity employer. All aspects of employment including the decision to hire, promote, discipline, or discharge, will be based on merit, competence, performance, and business needs. We do not discriminate on the basis of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law.