Security Engineer

Why Orthofix?

We are a leading global spine and orthopedics company with a premier portfolio of biologics, innovative spinal hardware, bone growth therapies, specialized orthopedic solutions and a leading surgical navigation system.

Our combined company is over 1,600 strong, with products distributed in 68 countries worldwide and a global R&D, commercial and manufacturing footprint, and this is just the beginning!

Come join our global team of dedicated professionals who through their extraordinary efforts demonstrate every day their commitment to our mission of improving the lives of patients.

At SeaSpine and Orthofix our culture is built around Integrity and the core beliefs we live by : Exceed Expectations, Work Together, Be Respectful, Get Lean and Have Fun!

How you'll make a difference?

This position has the primary responsibility for implementing strategic initiatives involving information technology (IT) security capabilities and technical controls globally.

As directed, this position participates in the design, development, and delivery of those security capabilities within the IT department as well as facilitating or advising of controls for the business units when needed.

The responsibilities also include assisting in the development of technical standards and standard operating procedures and other related governance pertinent to IT operations.

This position works closely with IT operations staff (US and International) and may also interact with Finance, Operations, Sales, Compliance, Legal, Quality Assurance, Human Resources, and other areas to ensure that company information assets are protected as required by regulatory compliance at all levels, federal and state and corporate.

The Security Engineer must have strong expertise and experience in implementing and managing the Technical Security Safeguards required by HIPAA / HITECH, PCI-DSS and Sarbanes-Oxley Act, as well as responsibility and oversight securing configurations on operating environments, including networks, routers / firewalls, workstations, mobile devices.

Duties will include collaboration with DBAs and web programmers for data encryption and secure programming strategies .

This position primarily supports strategic initiatives involving information technology (IT) security controls. This position designs, develops, and delivers security controls across the IT systems as directed.

The responsibility also includes facilitating and executing the enforcement and administration of the IT Security program’s monitoring and governance efforts related to security events and support for remote and network access systems for the Orthofix office locations.

The IT Security Engineer is responsible for monitoring security systems to detect potential attacks as they occur and validating controls in business systems.

This includes providing a full analysis of previous malicious attacks, using multiple infrastructure and security systems to look for suspicious or anomalous activities, and adhering to the global Orthofix incident response plan to help in the response activities.

Strong expertise and experience in implementing and managing the Technical Security Safeguards implemented by Orthofix IT Security standards are required, as well as responsibility for oversight for securing configurations on operating environments, including networks, routers / firewalls, workstations, and mobile devices.

What will your duties and responsibilities be?

Facilitate and execute the enforcement and administration of the Global IT Security Program’s monitoring and governance efforts.

Perform daily operational real-time monitoring and analysis of security events, particularly suspicious / malicious activities, from multiple sources and identify unauthorized activities.

Provide security-related on-call emergency support as defined by standard operating procedures. Participate as a Security Incident Response Team member and conduct and steward investigation activities.

Work closely with other IT groups while conducting investigations.

Review threat information, keep up to date with the latest threats, and gain an understanding of common vulnerabilities and cyber-attack techniques.

Act as project lead for small projects or as a technical contributor to larger projects.

Manage the vulnerability management process.

Securing the configurations on operating environments, including networks, routers / firewalls, workstations, and mobile devices.

Support internal and external penetration exercises, including remediation and improvement of security operations and incident response.

Defend systems against unauthorized access and malicious activities.

Recommend configurations and support security tools such as firewalls, anti-virus software, patch management systems, etc.

Perform vulnerability detection, risk analyses, and security assessments.

Identify anomalies and abnormalities and report violations.

Respond immediately to security incidents and provide post-incident analysis.

Train company staff in security matters as needed, from end user to leadership position.

Provide effective communication to business leaders and end users as needed.

Participate in any information security-related activity as directed.

Maintain and update CASB policies.

Develop and maintain a baseline for operating systems, applications, and network equipment.

Maintain and update WAF policies.

Monitor external security posture and design mitigation plans in collaboration with stakeholders.

Collaborate with team members to learn and assist with the Application Development and Embedded Devices security program.

Identify gaps in coverage and update policies and controls as technology evolves.

Audit patching compliance and present metrics to reflect the current state.

Interact with the Infrastructure team on all servers, network equipment, security posture, and applications.

Work with InfoSec Team Members to create periodic newsletters for Cybersecurity awareness to all users based on ongoing risks observed.

Perform Security Vendor Reviews as part of the Vendor Assessment Program

Maintain and update the Data Loss Prevention Program.

Maintain and update the email gateway policies based on ongoing threats.

Audit firewall policies and work with the infrastructure team to enhance protection.

What skills and experience will you need?

5+ years of IT security administration with networked systems in a medium or large business environment

5+ years of hands-on experience in configuring and managing servers, networks including firewalls, routers, client machines, mobile device.

Fluency in English, written and spoken.

Professional certification in IT security management is desirable.

Hands-on knowledge of Infrastructure components.

Security-related certificates from one of the following vendors are highly desired.

ISC2

CompTIA

ISACA

EC-Council

GIAC

Cloud Security Alliance

OffSec

Cisco

Experience in mitigating risks and adverse events on web-facing applications, servers, client machines, and mobile devices.

Experience remediating audit issues, including developing compensating controls.

Strong knowledge of the NIST Cyber Security framework, particularly the vulnerability management process.

Experience in designing and implementing technical security safeguards.

Experience in developing policy-based safeguards around the use of technology and infrastructure.

Hands-on knowledge of the following :

Data Loss Prevention tools

Web Application Firewalls

SIEM tools

Email gateways, preferably Mimecast.

Rapid7 tools (preferred)

Solid understanding of mail flow

Advanced problem-solving skills.

Excellent verbal and written communication skills

Adaptability for learning new business concepts within new environments and staff situations.

SUPERVISORY RESPONSIBILITIES :

Close collaboration with all IT Managers and their staff is required.

What qualifications are preferred?

Education / Certifications :

N / A

Additional Experience, Skills, Knowledge and / or Abilities :

N / A

PHYSICAL REQUIREMENTS / ADVERSE WORKING CONDITIONS

Regularly required to sit for extended periods of time; frequently required to stand, walk, and use business equipment on daily basis such as PC, copier, fax, telephone, etc.

occasionally required to reach overhead, bend and lift objects up to 20 lbs.

Eyesight and hearing must be correctable to standard level.

DISCLAIMER