This is an exciting time to join our dynamic organization! BioReference, an OPKO Health company, is the largest full service specialty laboratory in the United States that gives healthcare providers and patients the power to make confident healthcare decisions. With a focus on oncology, urology and women's health, BioReference offers comprehensive test solutions and unparalleled expertise based on a 40 year legacy of proven science and exceptional service. Join our team and become part of the journey in making our patients and customers the highest priority.
Bioreference Laboratories Inc., an OPKO Health Company, and one the major diagnostic laboratories in the nation, is looking for an experienced Cybersecurity Engineer at a Manager or a Director level position (this is an organizational level, may not include any direct reports).
The incumbent will be a seasoned, motivated, self-starter and maintain an advanced understanding of cyber security risks, threats, vulnerabilities, and attack vectors in a modern digital workplace. He/she will continuously assess the evolving threat landscape (malware, APT, etc.) and new technologies, solutions and services in a transformational business environment; conduct cybersecurity assessments of digital solutions hosted in the cloud, on premise or in a hybrid mode; design, architect and/or propose cybersecurity solutions and remediation; perform vulnerability and incident management functions; and be responsible for designing effective configuration and operation of security appliances, devices, servers and network technologies. Business acumen in healthcare and pharmaceutical industry highly focused on business benefit, digital transformation, business writing capability along with the capability to work with all areas and levels are some of the essential parts of this position.
Key Responsibilities
Technical design reviews, integration, testing, and documentation for applications, servers and network components
Conduct cybersecurity assessment of systems and applications following corporate standards, HIPAA and NIST requirements
Conduct systems and vendor risk assessments following regulatory requirements, e.g., HIPAA, SOX, etc
Responsible for technical advisory to operational teams
Identify threats and develop suitable defense measures, evaluate system changes for security implications, and recommend enhancements, research, and draft cyber security reports, and provide support to the operations staff for resolving difficult cyber security issues
Provide expertise in configuring Windows and Linux host-based security as well as network and cloud-based security systems, with a strong understanding of Azure IaaS and PaaS environments
Provide security best practice guidance and expertise as it relates to traffic flow throughout the entire application layer and backend databases, such as application encryption and TLS. This would be required for both on-prem and Azure environments in addition to endpoint connectivity, such as Linux, Mac and Mobile endpoints in addition to external SaaS integration.
Support installation and configuration of network security architectures, including firewalls, router ACLs, web content filters, WAF and DMZ
Maintain, configure and run penetration testing and vulnerability scanning using industry standard tools and techniques
Perform root cause analysis on failed scans and security incidents
Prepare Threat Profiles/Risk Assessments for vulnerabilities based on internal testing, CVE #, SANS, CIS, etc. as required. A write-up of a given vulnerability describing the technical details and severity of the issue in the context of business risks and benefits
Assist other cybersecurity as well as cross functional team members by providing assistance, guidance, and support where you are a Subject Matter Expert (SME)
Provide consultancy and leadership in all aspects of cybersecurity, including application, infrastructure and database security
Document security reports, assign remediation to related IT teams, follow up and support the remediation to conclusion
Technical Requirements
At least 10 years of Cybersecurity Engineer (Preferred)
Solid understanding of (1) Active Directory domains, groups, organizational units, security permissions and capabilities, (2) MS Exchange and Outlook security, (3) Mobile Device security (4) firewall, DMZ and router configurations, (5) Web services and application API security, (6) working knowledge or understanding of Linux configuration and security, (7) Database security configurations, (8) workstation and server security, (9) security patch management, (10) access controls, segregation of duties and conflict of interest, (11) user provisioning and controls, (12) vendor security and risk management
Networking experience with the TCP/IP stack, OSI model, penetration and vulnerability assessment tools
Working knowledge of power shell, Java, .Net
Experience with Salesforce environment, including Salesforce Shield, is a plus
Experience designing end-to-end security solutions
Must have experience with HIPAA, SOX or other similar strict regulatory requirements
Fast learner, quick thinker, multi-tasking with an excellent communication Skills oral as well as written, and ability to work independently in a time pressured environment
Educational Requirements
High School or Equivalent
Bachelors degree in a related field. Computer science or related area is a plus (Preferred)
CISSP, CISA, GIAC or similar security certification
BioReference Laboratories is an Equal Opportunity Employer
