Associate InfoSec Engineer Partners Healthcare
Somerville, MA

Job Description

About Us:

As a not-for-profit organization, Partners HealthCare is committed to supporting patient care, research, teaching, and service to the community by leading innovation across our system. Founded by Brigham and Women's Hospital and Massachusetts General Hospital, Partners HealthCare supports a complete continuum of care including community and specialty hospitals, a managed care organization, a physician network, community health centers, home care and other health-related entities. Several of our hospitals are teaching affiliates of Harvard Medical School, and our system is a national leader in biomedical research.

We're focused on a people-first culture for our system's patients and our professional family. That's why we provide our employees with more ways to achieve their potential. Partners HealthCare is committed to aligning our employees' personal aspirations with projects that match their capabilities and creating a culture that empowers our managers to become trusted mentors. We support each member of our team to own their personal development-and we recognize success at every step.

Our employees use the Partners HealthCare values to govern decisions, actions and behaviors. These values guide how we get our work done: Patients, Affordability, Accountability & Service Commitment, Decisiveness, Innovation & Thoughtful Risk; and how we treat each other: Diversity & Inclusion, Integrity & Respect, Learning, Continuous Improvement & Personal Growth, Teamwork & Collaboration.

General Summary/Overview

Under the direction of the Partners HealthCare Security Monitoring Team Lead and the Corporate Manager for Security Operations the incumbent is responsible for day-to-day operations of information security at Partners HealthCare Systems.

Monitor and analyze the components supporting the Security Operations Center (Intrusion detection systems, Malware Analysis, Forensics toolkits, user tracking, etc.). Works with team members to triage and handle security notifications and alerts. Works with team members to performs entry-level interpretation of security issues as provided by management and diagnostic tools. Responds to potential incidents as a member of the CSIRT.

Will be responsible for project support of several key strategic information technology initiatives for Partners HealthCare and its affiliates.

Principal Duties and Responsibilities:

* Member of the Computer Security Incident Response Team (CSIRT) providing support to resource owners during and after security breaches.
* Daily monitoring information security events by analyzing Intrusion Detections reports, various security logs and other sources.
* Develop and maintain a deep understanding of current issues in the realm of information security. Subscribes to major industry newsgroups and mailing lists and assess the impact of all emerging issues on systems and practices at Partners.
* Monitors security bulletins and alerts from all Partners' information system vendors.
* Develop and maintain broad understanding of information security including HIPAA, Mass ID Theft regulation 201 CMR 17, PCI, ISO27002, NIST and other information security frameworks and regulations.
* Uses the Partners HealthCare values to govern decisions, actions and behaviors. These values guide how we get our work done: Patients, Affordability, Accountability & Service Commitment, Decisiveness, Innovation & Thoughtful Risk; and how we treat each other: Diversity & Inclusion, Integrity & Respect, Learning, Continuous Improvement & Personal Growth, Teamwork & Collaboration.
* Occasional after hours and weekend work to perform tasks that cannot be done during business hours.
* Participates in CSIRT on call rotation
* Carries pager and cell phone 24x7.
* Bachelor's degree (B.A./B.S.) or equivalent in computer science or equivalent discipline from an accredited college or university required.
* 1-2 years of experience in IT required.
* 1-2 years of experience in an information security role or experience with security and internetworking devices and software, including at least one year experience with large mission-critical internetworks.
* Relevant information security and privacy certifications is a plus, including CISSP, CISM, CISA, PCIP, GSEC, GCIH, GCFE, GCFA, CEH, and GPEN
* Knowledge of HIPAA, Mass ID Theft regulation 201 CMR 17, and other appropriate information security regulatory requirements for healthcare entities is a plus.
* Experience with Computer incident and IDS security technologies is a plus.

Skills/Abilities/Competencies Required

* Demonstrated ability to analyze data contained in various incident response alerts
* Strong analytic and reasoning skills, particularly in solving large, complex problems.
* Ability to assume high levels of responsibility and to work with a minimum of day-to-day supervision.
* Ability to cooperatively and effectively work with people from all organizational levels and build consensus through negotiation and diplomacy.
* Ability to function as a member of the information security team, and to work collaboratively with multiple institutions, departments, and technical operations staffs across multiple facilities.
* Strong written and verbal communication and interpersonal skills
* Strong customer service skills.
* Strong organizational skills.
* Knowledge of the following Technologies:

o Unix and Microsoft operating systems

o Network protocols with strong emphasis on TCP/IP

o ITIL