Information Technology | San Francisco, CA, United States
Audax Health is looking for an Information Security Engineer to join
our IT team. This type of role is a unique personality set that likes
to thrive on dealing with vulnerabilities and preventing intrusions.
In the situation that an event does take place, this person would help
detail the scope and impact and help drive the remediation.
This individual will be responsible for the incident response
process as it pertains to our security of our products
both internally and externally. They will be working proactively to
ensure safety across our organization, and partner with the
appropriate teams for the handling of any security
incidents. We'll also expect this individual to perform vulnerability
testing across our products.
Skills and Requirements
- Respond to computer security incidents according to the
Computer Security Incident Response Policy (CSIRP).
guidance to first responders for handling information security
- Coordinate efforts among multiple business units
- Provide timely and relevant updates to
appropriate stakeholders and decision makers.
investigation findings to relevant business units to help improve
information security posture.
- Validate and maintain
incident response plan and processes to address potential
- Compile and analyze data for management reporting
- Monitor information security related Web sites (US-CERT, SANS
Internet Storm Center, etc.) and mailing lists (DHS Infrastructure,
BugTraq, etc.) to stay up to date on current attacks and
- Analyze potential impact of new threats and exploits
and communicate risks to relevant business units.
- Three or more years of technical experience in the information
security field, preferably in this particular industry
- Three or more years of practical experience in an incident
- Advanced knowledge of information systems
security concepts and technologies; network architecture; general
database concepts; document management; hardware and software
troubleshooting; intrusion tools; and computer forensic tools such
as EnCaseR and open source alternatives
- Familiarity with
security regulatory requirements and standards (such as NIST 800
series, ISO 2700x series, GLBA, FFIEC)
- Advanced knowledge
and experience with the Apple and Linux operating systems
- Working knowledge of and experience in investigating malicious
Demonstrated ability to apply technical and analytical skills in a
- Ability to work extremely well under pressure while
maintaining a professional image and approach
information analysis abilities; ability to perform independent
analysis and distill relevant findings and root cause
- Strong analytical writing skills to articulate complex ideas
clearly and effectively; experience creating and presenting
documentation and management reports
- Team player with
proven ability to work effectively with other business units, IT
management and staff, vendors, and consultants
communication skills such as planning and leading effective
meetings, conducting structured interviews to collect information,
interpersonal and negotiation skills, and presenting to a variety of
- Advanced skills to present information to
stakeholders and/or decision makers in an effective and professional
- Bachelor’s degree in management information systems, computer
science, or related discipline is required.
degrees and certificate programs in relevant areas that demonstrate
analytical writing will also be considered.
certified/qualified or ability to pursue obtaining these
certifications within six months of hire
- SANS GCIH or GCFA,
CISA, CISM, EnCER certification(s) and preferred but not