One Call

Join Our Team and Make a Difference! 

Are you looking for an impactful role where you finish the workday knowing you helped someone? Whether you are part of our care coordination team or playing a supporting role, the work our colleagues do every day enables us to collectively reach our mission of getting people the care they need when they need it. By staying committed to our core values of Think Big, Go Fast, Deliver Awe, and Win Together we can positively impact the lives of the injured workers we serve and get them back to the things that matter most in life.

Salary Range:

This compensation range considers a wide range of factors, including, but not limited to, skill set, experience and training, licensure and certifications, and other business and organizational needs. The disclosed range estimate is not adjusted for geographic differential associated with the location where the position may be filled. At One Call, it is not typical for an individual to be hired at or near the top of the range for their role, and compensation decisions are dependent on the facts and circumstances of each case.  

What We Provide in Return for Your Commitment to Our Mission 
We offer a vast array of benefits to help support the whole you, including:  

• Remote Work: We are a remote-first company and almost all positions receive the flexibility of working from home. 
• Generous Time Off: Besides 8 company holidays and 2 personal days every year, all colleagues receive a minimum of 18 days of paid time off. 
• Comprehensive Benefits Package: Including medical, dental, vision, and pet insurance; 401(k) matching program; and company-paid life insurance and short and long-term disability coverage.   
• Supportive Services: Just like our colleagues get injured workers the care they need when they need it, we want to do the same for our colleagues in their time of need. We offer a Colleague Assistance Program that provides free counseling and financial services, and our One Call Foundation, a non-profit arm of our company, provides colleagues financial assistance during times of unexpected hardship.  

JOB SUMMARY:

The Information Security Engineer executes information security plans to protect computer systems, networks, and data. Provides expertise and support for information security functions including security operations, architecture & engineering, and compliance. Engineers, designs, and builds security solutions across One Call’s technology infrastructure ensuring solutions support One Call’s technology and information security roadmaps.

ESSENTIAL DUTIES & RESPONSIBILITIES:

• Work with cross functional teams to advance an overarching IT security architecture to strengthen security posture, and reduce risks to confidentiality, integrity and availability of systems and data.
• Assist in the development and maintenance of an Information Security roadmap for all technology domains and provide input on the strategic direction of the architecture & engineering team.
• Maintains and operates information system security controls and countermeasures; supervises and trains operators in the administration of these systems; documents the operation, use, and expected outputs of these systems.
• Acts as a technical consultant for the enterprise, ensuring security design for systems aligns with business needs, architecture, and technical standards.
• Determines security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates.
• Plans security systems by evaluating network and security technologies; developing requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, cloud environments, and related security and network devices.
• Works closely with other teams to ensure security solution consistency with the enterprise architecture and strategy. This includes the review of detailed specifications for IT systems and the associated designs, scalability, completeness, quality, and performance.
• Upgrades security systems by monitoring security environment; identifying security gaps; evaluating and implementing enhancements.
• Prepares system security reports by collecting, analyzing, and summarizing data and trends.
• Develops IT security configurations and standards to increase consistency and strengthen overall security posture.
• Responsible for administration and configuration of IT security appliances.
• Analyzes IT security threats and system vulnerabilities.
• Provides support for information security policy, regulatory, contractual, and statutory requirements.
• Provide support for the overall implementation of security cloud architecture.
• Improve and develop new designs and security strategies across all types of cloud-based applications (including infrastructure, platform, and software as a service).
• Employ cloud-based APIs when suitable to write network/system level tools for safeguarding cloud environments.
• Spot and execute new security technologies and best practices into the company’s cloud environments.
• Create integrations and automations using scripting with python or powershell.
• Perform other duties as assigned.

EDUCATIONAL AND EXPERIENCE REQUIREMENTS:

• Bachelor’s degree in Computer Science, Information Systems, Mathematics, or equivalent work experience.
• Preferred candidate maintains a security certification related to their engineering discipline including but not limited to: GCED, CISSP-ISSEP, GCSA, CCSP, Azure Security Engineer Associate, CIAM.
• 5+ years general IT experience and/or 3+ years information security engineering-related experience in a complex IT environment preferred.

ESSENTIAL KNOWLEDGE, SKILLS & ABILITIES:

• Must be willing to continually advance Information Security knowledge and abilities through engagement of both formal and informal educational opportunities.
• Excellent written/verbal communication skills, a strong customer service orientation, and demonstrated organizational skills required.
• Must be able to be on-call and work after hours as needed.
• Stays current with advancements in technology and techniques to ensure that security solutions are continuously improved, supported, and aligned with industry and company standards.
• Expert knowledge of enterprise level security systems and implementation procedures, corporate and government security regulations, security software products, domain structures, user authentication, user profiles, and digital signatures.
• Strong familiarity with Linux and Windows operating systems and cloud provider ecosystems including Microsoft Azure and Amazon AWS.
• Working knowledge of directory service solutions, open standards and authentication methods such as AD, DNS, LDAP, OAuth, MFA, federation and certificates.
• Excellent understanding of endpoint security technologies and controls.
• Experience with asset management platforms such as JupiterOne, Axonius, OneTrust, Lansweeper, etc.
• Excellent understanding of cloud security and experience with design and/or implementation of applications in the cloud.
• Understanding of cloud deployment models: Private Cloud, Public Cloud, Hybrid Cloud; Cloud service models: Infrastructure as a service (IaaS), Platform as a service (PaaS) and Software as a service (SaaS); implementation of relevant controls to ensure confidentiality, integrity and availability of OCCM data.
• Practical knowledge of cloud foundation services related to compute, network, storage, content delivery, administration and security, deployment and management, automation technologies.
• Design security for cloud systems that utilize load balancing, horizontal scalability and high availability.
• SecDevOps know-how securing, building and deploying infrastructure with cloud deployment, build and test automation technologies like ansible, chef, puppet, docker, Jenkins, etc.
• In depth knowledge of Health Insurance Portability and Accountability Act (HIPAA).
• Extensive knowledge of technical security controls and technologies (e.g. IDS, IPS, traditional, NextGen and Web Application Firewalls).
• Experience with identity and access management technologies such as Beyond Trust, Delinea, Savyint, SailPoint, etc.
• Experience with purple teaming is helpful.
• Experience with scripting in powershell or python.

PHYSICAL/MENTAL DEMANDS & WORK ENVIRONMENT:

• For roles located in office or home settings, this job is primarily sedentary and may involve repetitive motions; the employee is regularly required to sit, use hands and fingers, speak, and hear.
• For roles located in the field, this job is primarily active; the employee is regularly mobile and must be able to utilize transportation (such as driving), sit, use hands and fingers, speak, and hear.
• The employee is occasionally required to stand, walk, and lift objects (up to 10lbs weight; up to 4 ft. height).
• Specific vision abilities required by this job include the ability to see things from a close distance and ability to adjust focus
• The work environment utilizes florescent lighting; noise level is moderate.
• The emotional demand of the job may cause undue stress from, but not limited to, moderate/heavy workload.
• Reasonable accommodation will be individually assessed and possibly made to enable individuals with disabilities to perform the essential functions of the position.

Please be advised this job description is subject to change at any time.

Information Security Engineer II
Intermediate professional role. Moderate skills with high level of proficiency. Develops and implements solutions that require analysis and research. Works on small to large, complex projects that require increased skill in multiple technical environments. Possesses knowledge in a specific business area. Works on one or more projects as a team member or occasionally as a project lead. May coach more junior technical staff. Works under general supervision with latitude for independent judgment. May consult with senior peers on certain projects. Typically requires 3 or more years of information security experience. Typically reports to an IT Security Manager.