Information Security Engineer

This position may be performed remotely from the following locations within the United States of America: Arkansas, Colorado, Florida, Georgia, Indiana, Kansas, Louisiana, Massachusetts, Michigan, Minnesota, Mississippi, Missouri, Montana, Nebraska, North Carolina, Ohio, Oklahoma, South Carolina, Tennessee, Texas, Utah, Vermont, Virginia, West Virginia, and Wisconsin.

The Security Engineer II will be responsible for implementing, maintaining, and optimizing security solutions. This role requires in-depth technical knowledge of security and IT systems, participation in advanced projects, and the ability to work with senior engineers on complex initiatives. The Security Engineer II will assist in implementing critical security functions and provide guidance to other engineers. This position actively participates in strategic planning and provides 24x7 on-call support with other members of the security engineering staff.

Responsibilities listed here are core to the position. Inability to perform these responsibilities with or without accommodation may result in disqualification.

1. Deploy, implement, document, and maintain security solutions.
2. Resolve complex security engineering tickets in ServiceNow, ensuring timely resolution and adherence to SLAs.
3. Develop and maintain comprehensive process documentation.
4. Lead or support security-related projects and initiatives from a technical perspective.
5. Identify and implement opportunities for process improvement and automation within the security engineering framework.
6. Support the development of operational models and workflows for the business.
7. Collaborate with IT teams and business units to ensure proper access controls and system integration.
8. Stay updated with industry trends by pursuing knowledge gaps in new technologies.
9. Manage vendor relationships, define service levels, and oversee security technologies.
10. Assist in creating business case proposals, technology analysis, and project planning.
11. Review contracts and ensure risk mitigation.
12. Support security awareness training.
13. Contribute to strategic contingency planning from a security perspective.
14. Mentor engineers and analysts on complex security issues.
15. Participate in business meetings and workshops for knowledge transfer.
16. Provide 24x7 on-call support based on staff rotation.
17. Adhere to OU Health IT standards, policies, and procedures.
18. Maintain confidentiality regarding patient care and employee information.

General Responsibilities

Perform other duties as assigned.

Minimum Qualifications

Education: Bachelor’s Degree required.

Experience: 3-5 years in Security Engineering. Experience with security services and tools such as network protocols, firewalls, IDS/IPS, SIEM, logging, Active Directory, DLP, etc. Experience implementing SSO and understanding of least privilege concepts. Managing multiple high-risk projects, including vendor involvement.

Certifications: One or more advanced security certifications (e.g., CCSP, CISM, GSEC) required or to be obtained within 36 months of hire. Other desirable certifications include CEH, CHFI, CISA, CRISC, CCNA.

Skills and Knowledge: Strong knowledge of cloud services, SSO, MFA, PAM, and security frameworks such as CIA, HIPAA, HITECH, HITRUST, NIST, ISO, COBIT. Proficient in supported OS (Windows Server, VMware ESX), network technology, scripting, and security regulation.

Excellent problem-solving, communication, leadership, and teamwork skills. Ability to lead projects, mentor team members, and implement process improvements.

OU Medicine combines OU Medical Center – Oklahoma City & Edmond, the Children's Hospital, OU Physicians, OU Children's Physicians, the University of Oklahoma College of Medicine, and the Peggy and Charles Stephenson Oklahoma Cancer Center.