Hospital Corporation of America (HCA)
*Position Title:
*Location:
*Position Type:
Compensation:
Start Date:
Data Loss Prevention DLP Engineer – Senior/Consulting Level
Nashville, TN
Full-Time
Salaried
ASAP
*JOB DESCRIPTION
The Security Data Protection Engineer guides the implementation, configuration, and monitoring of Data Loss Prevention (DLP)
solutions for HCA. A Data Protection Engineer strives to enforce security best practices, policies, standards and guidance to
ensure the safeguard of HCA’s proprietary data, physical infrastructure and resources from internal and external threats. The
Data Protection Engineer is required to maintain a comprehensive understanding of services provided by HCA, IT&S and develop
relationships throughout the organization to assist Information Security in accomplishing its goals for the company. This should
be a dynamic individual with advanced knowledge of the methodologies and best practices for the development, maintenance,
and implementation of an enterprise DLP program. The ideal candidate has outstanding analytical skills, the ability to perform
root cause analysis, a high level of initiative, creativity, and motivation, and outstanding oral and written communication skills.
General Responsibilities

Lead the design, implementation, and delivery of comprehensive data loss prevention technologies, including work
estimation and consultative validation of technical feasibility and principles, in coordination with defined enterprise
goals.

Collaborate with stakeholders to capture initial and ongoing DLP detection policy requirements, develop and test these
policies, and implement these successfully into the production DLP environment.

Act as a primary contact for DLP design, issue troubleshooting, and incident handling, including reviewing DLP policy
violation alerts and working with security, IT, and business stakeholders to investigate and resolve.

Create and perform ongoing review and analysis of DLP monitoring frameworks and remediation workflows and make
recommendations on appropriate modifications to improve their efficiency and effectiveness.

Act as technical Subject Matter Expert on DLP standards, operations, and technology by performing ongoing research
to maintain awareness of industry trends, best practices, and knowledge of other leading DLP capabilities in the
market.

Prepare detailed documentation for DLP policies, system configuration, procedures, and ongoing security incidents.

Create and maintain operations, management, and ad hoc reports to monitor the performance of the DLP system,
processes, and violation alerts.

Organize resources to perform vulnerability assessments of operating systems, applications, databases and network
infrastructure components to detect, enumerate and classify major vulnerabilities for performing trend analysis and
reporting to Enterprise customers through the use of vulnerability assessment tools and methodologies.

Evaluate the results from intrusion detection as engineers are monitoring, analyzing and reporting on all network and
application communication specific protocols for unwanted manipulation to systems, malicious network traffic, network
attacks against vulnerable services, data driven attacks on applications, host based attacks or unauthorized access to
sensitive data.

Schedule and maintain security operations management of operating systems, security applications and network
infrastructure components to provide security configurations, controls for user account access, monitoring of services,
centralized logging, network connectivity, job scheduling execution and routine maintenance through the use of
administrative tools and methodologies.

Advocate junior engineers in enterprise incident handling as the Security Incident Response Team (SIRT) by detecting,
analyzing and performing remediation on attacks that deny the use of authorized applications, networks or systems,
malicious entities that infect single or multiple hosts, unauthorized access without permission to application, data,
networks, systems or other resources, inappropriate usage that violates acceptable use policies or various incident
types that encompasses two or more incidents by assisting constituents that consist of enterprise legal staff, litigation
or Ethics and Compliance.

Classify malicious code as it pertains to the SIRT by identifying worms, viruses or attackers that attempt to breach
systems by operating through proxies, anonymous dial-up accounts, wireless connections or illegal network access,
monitoring preventive measures such as firewalls that provide real-time filtering and blocking from the network stack to
the application layer or third party anti-virus applications and performing remediation through security event log
analysis to detect anomalies and violations.

Coordinate resources for auditing of applications, operating systems and networks to provide a measurable technical
assessment that includes interviewing staff personnel, performing security vulnerability scans, reviewing access controls
or analyzing physical access to ensure availability, confidentiality and integrity to help the organization meet internal
and external regulatory compliance.

Define and schedule the program for social engineering to obtain confidential information by manipulation of legitimate
users through the use of telephone conversations, face to face manipulation, or phishing attacks in order to educate
users on security policies and procedures.
Middle Tennessee Chapter of ISACA Job Posting Form
Version 1.0: 10/13/12



Formulate the program and interpret the results of the attack and penetration testing of the HCA enterprise for
information gathering, vulnerability detection, analysis and exploitation planning, and results reporting to remediate
exploits and ensure confidentiality, integrity and availability of mission critical information assets.
Mentor junior engineers in security knowledge and experience in technologies and methodologies as it relates to
operating systems, firewalls, proxies, access controls, encryption, networking, programming/scripting, auditing,
vulnerability assessments, intrusion management and operations management to assist the Threat and Vulnerability
Management team with effective research, data gathering, analysis, metrics reporting and communications.
Provide guidance using specialized knowledge and toolsets to operational teams during enterprise wide crisis scenarios,
e.g. large-scale production service outages, outside of the routine change management process.
7 years relevant work experience
Required

Advanced experience with Data Loss Prevention tools administering, supporting, and/or consulting on DLP software
products in an enterprise environment

Comprehensive understanding of Security Methodologies enterprise level DLP and security methodologies, technologies,
and best practices

Advanced experience with TCPIP/UDP/ICMP

Comprehensive knowledge of the OSI Reference Model

Windows / Linux / UNIX operating systems

Advanced experience with Networking components (routers, switches, load balancers, wireless access points, etc.)

Advanced experience with routing protocols (BGP / OSPF)

Comprehensive knowledge of firewalls, proxies, mail servers and web servers

Advanced experience with operational support for operating systems, applications and networks

Comprehensive knowledge of client/server relationships

Comprehensive knowledge of relational databases and structured query language

Advanced experience with vulnerability assessments

Advanced experience with intrusion management and its components

Comprehensive understanding of encryption algorithms and ciphers (PKI/SSL)

Comprehensive knowledge of malicious code (worms, viruses, spyware, etc.)

Comprehensive experience with Virtual Private Networking

Comprehensive knowledge of multi-tier environments

Advanced experience with packet inspection / sniffers

Advanced experience in forensics and e-discovery

Advanced experience in automation and scripting of applications and systems

Advanced experience in anomaly detection (signature / behavioral)

Advanced experience with event and log correlation
Education

College Graduate Preferred

Technical Training in DLP
Special Qualifications

Effective team management skills

Effective time management skills

Effective organizational skills

Effective written and oral communication skill

Effective analytical skills

Creative problem solving

Competent using the Microsoft Office suite of products
Other Working Conditions

7x24 on-call support rotation

Occasional travel may be required
Who is HCA, Hospital Corporation of America?

The nation's leading provider of healthcare services

Comprised of locally managed facilities that includes over 160 hospitals and more than 100 freestanding surgery
centers in 20 states and Great Britain

Employing approximately 200,000 people

Recognized in Computerworld Magazine's Top 100 Workplaces to work for Information Technology Professionals, 5
years running.
Middle Tennessee Chapter of ISACA Job Posting Form
Version 1.0: 10/13/12

Recognized by the Ethisphere Institute as one of the World's Most Ethical Companies.
*JOB REQUIREMENTS
Please provide a description of skill sets and other qualification necessary for applicants.
Travel:
7x24 on-call support rotation, occasional travel may be required
Education:
College graduate preferred as well as technical training in DLP
Experience:
7 years relevant work experience
Certification:
COMPANY INFORMATION
HCA
One Park Plaza
Nashville, TN 37203
www.hcahealthcare.com
CONTACT INFORMATION
Job Reference:
10207-10220
*Contact Name: Robert Banniza
*Method:
Robert.Banniza@hcahealthcare.com
Website:
http://hca.jobs/JobDetail.aspx?j=479678
SPECIAL INTRUCTIONS:
Apply online using http://hca.jobs/JobDetail.aspx?j=479678
The Middle Tennessee Chapter of ISACA is not responsible for the content or accuracy of this job posting.
Middle Tennessee Chapter of ISACA Job Posting Form
Version 1.0: 10/13/12