Hospital Corporation of America (HCA) *Position Title: *Location: *Position Type: Compensation: Start Date: Data Loss Prevention DLP Engineer – Senior/Consulting Level Nashville, TN Full-Time Salaried ASAP *JOB DESCRIPTION The Security Data Protection Engineer guides the implementation, configuration, and monitoring of Data Loss Prevention (DLP) solutions for HCA. A Data Protection Engineer strives to enforce security best practices, policies, standards and guidance to ensure the safeguard of HCA’s proprietary data, physical infrastructure and resources from internal and external threats. The Data Protection Engineer is required to maintain a comprehensive understanding of services provided by HCA, IT&S and develop relationships throughout the organization to assist Information Security in accomplishing its goals for the company. This should be a dynamic individual with advanced knowledge of the methodologies and best practices for the development, maintenance, and implementation of an enterprise DLP program. The ideal candidate has outstanding analytical skills, the ability to perform root cause analysis, a high level of initiative, creativity, and motivation, and outstanding oral and written communication skills. General Responsibilities Lead the design, implementation, and delivery of comprehensive data loss prevention technologies, including work estimation and consultative validation of technical feasibility and principles, in coordination with defined enterprise goals. Collaborate with stakeholders to capture initial and ongoing DLP detection policy requirements, develop and test these policies, and implement these successfully into the production DLP environment. Act as a primary contact for DLP design, issue troubleshooting, and incident handling, including reviewing DLP policy violation alerts and working with security, IT, and business stakeholders to investigate and resolve. Create and perform ongoing review and analysis of DLP monitoring frameworks and remediation workflows and make recommendations on appropriate modifications to improve their efficiency and effectiveness. Act as technical Subject Matter Expert on DLP standards, operations, and technology by performing ongoing research to maintain awareness of industry trends, best practices, and knowledge of other leading DLP capabilities in the market. Prepare detailed documentation for DLP policies, system configuration, procedures, and ongoing security incidents. Create and maintain operations, management, and ad hoc reports to monitor the performance of the DLP system, processes, and violation alerts. Organize resources to perform vulnerability assessments of operating systems, applications, databases and network infrastructure components to detect, enumerate and classify major vulnerabilities for performing trend analysis and reporting to Enterprise customers through the use of vulnerability assessment tools and methodologies. Evaluate the results from intrusion detection as engineers are monitoring, analyzing and reporting on all network and application communication specific protocols for unwanted manipulation to systems, malicious network traffic, network attacks against vulnerable services, data driven attacks on applications, host based attacks or unauthorized access to sensitive data. Schedule and maintain security operations management of operating systems, security applications and network infrastructure components to provide security configurations, controls for user account access, monitoring of services, centralized logging, network connectivity, job scheduling execution and routine maintenance through the use of administrative tools and methodologies. Advocate junior engineers in enterprise incident handling as the Security Incident Response Team (SIRT) by detecting, analyzing and performing remediation on attacks that deny the use of authorized applications, networks or systems, malicious entities that infect single or multiple hosts, unauthorized access without permission to application, data, networks, systems or other resources, inappropriate usage that violates acceptable use policies or various incident types that encompasses two or more incidents by assisting constituents that consist of enterprise legal staff, litigation or Ethics and Compliance. Classify malicious code as it pertains to the SIRT by identifying worms, viruses or attackers that attempt to breach systems by operating through proxies, anonymous dial-up accounts, wireless connections or illegal network access, monitoring preventive measures such as firewalls that provide real-time filtering and blocking from the network stack to the application layer or third party anti-virus applications and performing remediation through security event log analysis to detect anomalies and violations. Coordinate resources for auditing of applications, operating systems and networks to provide a measurable technical assessment that includes interviewing staff personnel, performing security vulnerability scans, reviewing access controls or analyzing physical access to ensure availability, confidentiality and integrity to help the organization meet internal and external regulatory compliance. Define and schedule the program for social engineering to obtain confidential information by manipulation of legitimate users through the use of telephone conversations, face to face manipulation, or phishing attacks in order to educate users on security policies and procedures. Middle Tennessee Chapter of ISACA Job Posting Form Version 1.0: 10/13/12 Formulate the program and interpret the results of the attack and penetration testing of the HCA enterprise for information gathering, vulnerability detection, analysis and exploitation planning, and results reporting to remediate exploits and ensure confidentiality, integrity and availability of mission critical information assets. Mentor junior engineers in security knowledge and experience in technologies and methodologies as it relates to operating systems, firewalls, proxies, access controls, encryption, networking, programming/scripting, auditing, vulnerability assessments, intrusion management and operations management to assist the Threat and Vulnerability Management team with effective research, data gathering, analysis, metrics reporting and communications. Provide guidance using specialized knowledge and toolsets to operational teams during enterprise wide crisis scenarios, e.g. large-scale production service outages, outside of the routine change management process. 7 years relevant work experience Required Advanced experience with Data Loss Prevention tools administering, supporting, and/or consulting on DLP software products in an enterprise environment Comprehensive understanding of Security Methodologies enterprise level DLP and security methodologies, technologies, and best practices Advanced experience with TCPIP/UDP/ICMP Comprehensive knowledge of the OSI Reference Model Windows / Linux / UNIX operating systems Advanced experience with Networking components (routers, switches, load balancers, wireless access points, etc.) Advanced experience with routing protocols (BGP / OSPF) Comprehensive knowledge of firewalls, proxies, mail servers and web servers Advanced experience with operational support for operating systems, applications and networks Comprehensive knowledge of client/server relationships Comprehensive knowledge of relational databases and structured query language Advanced experience with vulnerability assessments Advanced experience with intrusion management and its components Comprehensive understanding of encryption algorithms and ciphers (PKI/SSL) Comprehensive knowledge of malicious code (worms, viruses, spyware, etc.) Comprehensive experience with Virtual Private Networking Comprehensive knowledge of multi-tier environments Advanced experience with packet inspection / sniffers Advanced experience in forensics and e-discovery Advanced experience in automation and scripting of applications and systems Advanced experience in anomaly detection (signature / behavioral) Advanced experience with event and log correlation Education College Graduate Preferred Technical Training in DLP Special Qualifications Effective team management skills Effective time management skills Effective organizational skills Effective written and oral communication skill Effective analytical skills Creative problem solving Competent using the Microsoft Office suite of products Other Working Conditions 7x24 on-call support rotation Occasional travel may be required Who is HCA, Hospital Corporation of America? The nation's leading provider of healthcare services Comprised of locally managed facilities that includes over 160 hospitals and more than 100 freestanding surgery centers in 20 states and Great Britain Employing approximately 200,000 people Recognized in Computerworld Magazine's Top 100 Workplaces to work for Information Technology Professionals, 5 years running. Middle Tennessee Chapter of ISACA Job Posting Form Version 1.0: 10/13/12 Recognized by the Ethisphere Institute as one of the World's Most Ethical Companies. *JOB REQUIREMENTS Please provide a description of skill sets and other qualification necessary for applicants. Travel: 7x24 on-call support rotation, occasional travel may be required Education: College graduate preferred as well as technical training in DLP Experience: 7 years relevant work experience Certification: COMPANY INFORMATION HCA One Park Plaza Nashville, TN 37203 www.hcahealthcare.com CONTACT INFORMATION Job Reference: 10207-10220 *Contact Name: Robert Banniza *Method: Robert.Banniza@hcahealthcare.com Website: http://hca.jobs/JobDetail.aspx?j=479678 SPECIAL INTRUCTIONS: Apply online using http://hca.jobs/JobDetail.aspx?j=479678 The Middle Tennessee Chapter of ISACA is not responsible for the content or accuracy of this job posting. Middle Tennessee Chapter of ISACA Job Posting Form Version 1.0: 10/13/12