Establishes policies and procedures necessary to ensure the security of information system assets and to protect them from intentional or inadvertent access, disclosure, or destruction in accordance with company policies and industry standards such as HIPAA, Sarbanes-Oxley, SAS70, DIACAP, and PCI. Ensures that user community understands and adheres to necessary procedures to maintain security. Must be able to weigh business needs against security concerns and articulate issues and options to management. Performs risk assessments for sensitive internal and external systems and perform threat modeling.
- Develops procedures necessary to ensure the security of information system assets and to protect them from intentional or inadvertent access, disclosure, or destruction.
- Assists project teams in the implementation of security measures to meet corporate security policies and external regulations, e.g., Sarbanes Oxley and DIACAP.
- Assists in the performs risk assessments and security audits of internal and external facilities against established standards.
- Maintains appropriate security documentation for applications and systems.
- Assists in the communication and implementation of components of the ESI security awareness program.
- Performs additional duties as assigned.
- Bachelor’s degree in computer related field.
- Expertise and experience in securing operating systems and network infrastructure
- Expertise in securing fundamental networking protocols: DNS, HTTP, TCP, UDP, TLS, IPSEC, 802.1x, NFS
- Understanding of encryption fundamentals (symmetric/asymmetric, ECB/CBC operations, AES, etc.)
- Understanding of risk modeling concepts and frameworks (STRIDE, DREAD, FAIR, etc.)
- Understanding of common exploitation techniques and mitigations
- Strong understanding of the attacker kill chain
- Strong documentation skills
- Experience implementing, managing, and supporting a vulnerability management platform is a strong plus (e.g. Qualys, Nexpose, Nessus, Retina)
- Certified Ethical Hacking (CEH) and network penetration testing experience a plus
- Vulnerability assessment process and tools experience a plus: OWASP, Metasploit, nmap, nessus, Burp Suite, SpiDynamics, AppScan, etc.
- Certifications in information security (CISSP, CISM, GIAC, or equivalent) are preferred.
ABOUT THE DEPARTMENT
Do you enjoy the challenge of defending an enterprise from security breaches? Come put your skills to work at an organization trusted to protect client, patient and company data amid the ever-changing landscape of information security threats and risks. Our cyber defenders are challenged and trusted with maintaining our secure infrastructure day in and day out, while delivering an enterprise computing environment that is resilient to breaches and disruptions. If you’re as passionate about data security as we are and want to be at the center of our noble mission to make healthcare safer and more affordable, explore our opportunities.
ABOUT EXPRESS SCRIPTS
Advance your career with the company that makes it easier for people to choose better health.
Express Scripts is a leading healthcare company serving tens of millions of consumers. We are looking for individuals who are passionate, creative and committed to creating systems and service solutions that promote better health outcomes. Join the company that Fortune magazine ranked as one of the “Most Admired Companies” in the pharmacy category. Then, use your intelligence, creativity, integrity and hard work to help us enhance our products and services. We offer a highly competitive base salary and a comprehensive benefits program, including medical, prescription drug, dental, vision, 401(k) with company match, life insurance, paid time off, tuition assistance and an employee stock purchase plan.
Express Scripts is committed to hiring and retaining a diverse workforce. We are an Equal Opportunity Employer, making decisions without regard to race, color, religion, sex, national origin, age, veteran status, disability, or any other protected class. Applicants must be able to pass a drug test and background investigation. Express Scripts is a VEVRAA Federal Contractor.