Senior Information Security Engineer

At SCA Health, we believe health care is about people – the patients we serve, the physicians we support and the teammates who push us forward. Behind every successful facility, procedure or innovation is a team of 15,000+ professionals working together, learning from each other and living out the mission, vision and values that define our organization. 

As part of Optum, SCA Health is redefining specialty care by developing more accessible, patient-centered practice solutions for a network of more than 370 ambulatory surgical centers, over 400 specialty physician practice clinics and numerous labs and surgical hospitals. Our work spans a broad spectrum of services, all designed to support physicians, health systems and employers in delivering efficient, value-based care to patients without compromising quality or autonomy.  

What sets SCA Health apart isn’t just what we do, it’s how we do it. Each decision we make is rooted in seven core values: 

• Clinical quality 
• Integrity 
• Service excellence 
• Teamwork 
• Accountability 
• Continuous improvement 
• Inclusion 

Our values aren’t empty words – they inform our attitudes, actions and culture. At SCA Health, your work directly impacts patients, physicians and communities. Here, you’ll find opportunities to build your career alongside a team that values your expertise, invests in your success, and shares a common mission to care for patients, serve physicians and improve health care in America.    

At SCA Health, we offer a comprehensive benefits package to support your health, well-being, and financial future. Our offerings include medical, dental, and vision coverage, 401k plan with company match, paid time off, life and disability insurance, and more. Please visit, https://careers.sca.health/why-sca, to learn more about our benefits.

Your ideas should inspire change. If you join our team, they will. 

We are seeking a seasoned Senior Information Security Engineer to strengthen our IT Security team. This role involves overseeing a broad range of security functions, including vulnerability management, intrusion prevention systems (IPS), data classification, web proxy management, SIEM monitoring, anti-virus management, and comprehensive security monitoring. The Senior Information Security Engineer will be responsible for maintaining the security posture of the organization’s infrastructure, collaborating with cross-functional teams, and ensuring the implementation of security best practices across all areas.

As a key contributor, the ideal candidate will have a strong technical background across multiple security domains and be capable of leading initiatives to detect, respond to, and remediate threats. They will also play a vital role in mentoring junior engineers and analysts, fostering a culture of continuous learning and collaboration.

Key Responsibilities: 

• Perform Vulnerability assessments and collaborate with IT Teams to implement remediation strategies.
• Participate in incident response efforts by identifying, analyzing, and responding to security threats.
• Continuously gather and integrate threat intelligence to improve detection and defense capabilities.
• Implement and manage data classification protocols to safeguard sensitive information.
• Maintain and enhance the organization’s Intrusion prevention systems (IPS) and Anti-Virus management tools.
• Oversee security monitoring activities, ensuring timely detection of potential security incidents.
• Work closely with IT and business teams to implement security best practices and ensure compliance with established policies.
• Lead security-related projects from design through implementation, ensuring timely completion and alignments with security objectives.
• Conduct security control assessments and recommend enhancements to improve the organization’s security posture
• Mentor and train Jr. Engineers and Analysts to promote knowledge sharing and professional growth within the team.
• Develop and maintain up-to-date Information Security policies, guidelines, and standards based on evolving security trends and internal needs.
• Stay informed with the latest security threats and vulnerabilities, sharing knowledge with the team to adjust security strategies accordingly.
• Perform other duties related to security operations as required

Desirable Skills:

• Experience with scripting languages (Powershell, Python, Perl, etc) to automate routine security tasks.
• Familiarity with penetration testing methodologies and tools to identify vulnerabilities and enhance security system defenses
• Knowledge of cloud security practices and controls, particularly in hybrid environments.
• Understanding of network protocols, packet analysis, and the ability to use forensic tools for investigation purposes.
• Ability to work effectively in a fast-paced dynamic environment with shifting priorities.

Mentoring and Development:

• Serve as a mentor to junior security staff, guiding them in technical growth and fostering a collaborative and innovative work culture
• Lead by example in fostering an environment of continuous learning and professional development. 

Minimum Qualifications:

• Bachelors degree in Computer Science, Information Security, Information Technology, or a related field. Equivalent experience and relevant certifications may be considered.
• 3-5 Years of experience in information security, managing and deploying a range of security tools and technologies such as SIEM, IPS/IDS, Vulnerability Management, and Endpoint Security
• Security certifications such as CISSP, CEH, GCIH, or equivalent are preferred.

Other Qualifications

• Proven experience in incident response, including threat detection, analysis, and remediation.
• Experience with security projects such as system hardening, security tool implementation, or risk assessments.
• Extensive knowledge of security tools and technologies, including SIEM, IDS/IPS, web proxies, anti-virus, and vulnerability management systems.
• Strong communication skills, with the ability to translate complex security concepts into actionable recommendations for both technical and non-technical stakeholders.
• Strong analytical and troubleshooting skills to diagnose security incidents and implement effective countermeasures.
• Ability to balance security requirements with business operational needs.