BrightSpring Health Services

BrightSpring Health Services is seeking an experienced Information Security Engineer II to join our growing Security Team. The Information Security Engineer is a valuable member of the IT Security Team and responsible for understanding security risk, business goals and introducing security controls to reduce risk to an appropriate level. Our team is broad and diverse; we use many different tools and technologies to protect our environment. Our team is always thinking about the continually evolving business and how to keep it secure and effective.

The Security Engineer II is a security subject matter expert in one or more security platform, with security engineering experience in IT Enterprise and network disciplines to support the company's enterprise security objectives.

Illustrates proficiency by implementing solutions and enforcing security policies and standards
• Acts as a lead for the Security Engineering team and interacts regularly with other departments to implement solutions and/or act as the primary point of contact for information security matters
• Uses SIEMs and other threat intelligence sources to evaluate the current threat landscape
• Uses security products and techniques to routinely monitor for vulnerabilities, threats, alerts, and attacks
• Determines if any immediate or future action is necessary to protect information system assets and acts accordingly
• Works with Network and Server Administrators to achieve results and submits reports on findings, status, and recommendations to the Security Engineering Manager
• Works with IT resources and business leaders to assist in the research, development, configuration, upgrade, and implementation of one or two IT Security platforms related products and services and leads and supports projects
• Collaborate with cloud architects, developers, and other IT teams to ensure a secure cloud environment.
• Conducts standard security investigations using data analysis and forensic techniques; supports and is a key member of the Incident Response (IR) team, including standardizing, improving, and maintaining IR processes
• Works with Business Owners and IT Application Development and Infrastructure stakeholders to assist in the planning, and implementation of enterprise-wide security systems, including physical security, authentication mechanisms, cryptography, role-based security, host and backend systems, DMZs, firewalls, VPNs, IPS/IDS systems, penetration testing, vulnerability assessments, and disaster recovery
• Performs other tasks as assigned

• Minimum of three years Security administration/management in Enterprise environment
• Five or more years of either SIEM, SASE, EDR, Email Security and/or security framework implementation; other end-user, network, and host-based security solutions
• Five or more years in the administration or monitoring of security platforms within an enterprise environment with combination of secure web gateways; endpoint detection and response; remote access technologies; endpoint protection methodologies; secure configuration of network equipment, Microsoft Windows Active Directory, web application development, infrastructure, and database security
• GCIH, OSCP, CPP, CISSP, GCIA, or CCSP certifications preferred
• Ability to research, evaluate, and recommend security technology and solutions; define and document internal controls and procedures and conduct routine security audits and risk assessments