job summary: Summary: Reporting to the organization's Chief Information Security Officer, the Sr. Information Security Operations Engineer supports the overall vision of the business's Information Security Program. The Sr. Information Security Operations Engineer is a skilled IT professional who uses his/her deep knowledge of information security and a risk-based approach to identify vulnerabilities within the business's environments and recommend improvement opportunities. Hybrid, Local candidates (Los An preferred, remote OK They will: Conduct independent comprehensive assessments of the physical, administrative, and technical security controls employed within Keck Medicine's IT systems to determine their overall effectiveness. Develops detailed plans for conducting penetration tests (red/blue/purple team) and exercises through collaboration with other engineers, operators, and analysts. Participates in targeting selection, validation, synchronization, and execution of cyber operation activities.Serve as the primary liaison between the enterprise IT engineering teams and the systems security engineering teams to coordinate security control improvements based on assessed vulnerabilities. Works in close coordination with the CISO on security-related issues, including assessing the severity of weaknesses and deficiencies in IT systems, creating and tracking plans of action and milestones, designing risk mitigation approaches, and advising on potential adverse effects of identified vulnerabilities. MIN Education: Bachelor's Degree required & Master's Degree preferred MIN Experience/Accountabilities: 10 years In an IT role, Information Security preferred. Experience leading project teams and driving change within an organization.7 years In a security operations role with strong emphasis on risk assessment and management (Healthcare and/or Academic industry preferred). Project management experience preferredKnowledge of IT concepts and protocols such as physical computing components, operating systems, administration, and networking.Security controls related to the use, processing, storage, and transmission of data.Cyber threats and vulnerabilities.Cryptography and cryptographic key management concepts.Penetration "Pen" testing principles, tools, and techniques.Application security risk assessments (e.g. Open Web Application Security Project Top 10 list). Skills in: generating and executing of penetration test operation plans in support of task objectives.auditing network security devices, such as firewalls, routers, and intrusion detection systems.conducting vulnerability scans, assessing vulnerability results, and recognizing vulnerabilities in IT or security systems.reading, interpreting, writing, modifying, and executing scripts (e.g., Python, PERL, PS) on Windows and Linux systems used to aid in penetration testing or to analyze resulting data.the use of penetration testing tools, techniques, and procedures to exploit and establish persistence on a target.assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.). Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.Ability to identify/describe techniques/methods for conducting technical exploitation of targets.Ability to perform security operations tactics, techniques, and procedures for exploitation purposes.Ability to share meaningful insights about the context of an organization's threat environment that improve its risk management posture.Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.strong leadership skills with a high level of drive and initiative. Ability to work with minimal supervision. location: Los Angeles, California job type: Permanent salary: $110,000 - 181,000 per year work hours: 8am to 5pm education: Bachelors responsibilities: Summary: Reporting to the organization's Chief Information Security Officer, the Sr. Information Security Operations Engineer supports the overall vision of the business's Information Security Program. The Sr. Information Security Operations Engineer is a skilled IT professional who uses his/her deep knowledge of information security and a risk-based approach to identify vulnerabilities within the business's environments and recommend improvement opportunities. Hybrid, Local candidates (Los An preferred, remote OK They will: Conduct independent comprehensive assessments of the physical, administrative, and technical security controls employed within Keck Medicine's IT systems to determine their overall effectiveness. Develops detailed plans for conducting penetration tests (red/blue/purple team) and exercises through collaboration with other engineers, operators, and analysts. Participates in targeting selection, validation, synchronization, and execution of cyber operation activities.Serve as the primary liaison between the enterprise IT engineering teams and the systems security engineering teams to coordinate security control improvements based on assessed vulnerabilities. Works in close coordination with the CISO on security-related issues, including assessing the severity of weaknesses and deficiencies in IT systems, creating and tracking plans of action and milestones, designing risk mitigation approaches, and advising on potential adverse effects of identified vulnerabilities. MIN Education: Bachelor's Degree required & Master's Degree preferred MIN Experience/Accountabilities: 10 years In an IT role, Information Security preferred. Experience leading project teams and driving change within an organization.7 years In a security operations role with strong emphasis on risk assessment and management (Healthcare and/or Academic industry preferred). Project management experience preferredKnowledge of IT concepts and protocols such as physical computing components, operating systems, administration, and networking.Security controls related to the use, processing, storage, and transmission of data.Cyber threats and vulnerabilities.Cryptography and cryptographic key management concepts.Penetration "Pen" testing principles, tools, and techniques.Application security risk assessments (e.g. Open Web Application Security Project Top 10 list). Skills in: generating and executing of penetration test operation plans in support of task objectives.auditing network security devices, such as firewalls, routers, and intrusion detection systems.conducting vulnerability scans, assessing vulnerability results, and recognizing vulnerabilities in IT or security systems.reading, interpreting, writing, modifying, and executing scripts (e.g., Python, PERL, PS) on Windows and Linux systems used to aid in penetration testing or to analyze resulting data.the use of penetration testing tools, techniques, and procedures to exploit and establish persistence on a target.assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.). Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.Ability to identify/describe techniques/methods for conducting technical exploitation of targets.Ability to perform security operations tactics, techniques, and procedures for exploitation purposes.Ability to share meaningful insights about the context of an organization's threat environment that improve its risk management posture.Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.strong leadership skills with a high level of drive and initiative. Ability to work with minimal supervision. qualifications: Experience level: ManagerMinimum 10 years of experienceEducation: Bachelors (required) skills: CEH (Certified Ethical Hackers)/PenTestNetwork SecurityFirewall EngineeringVendor Risk Auditing Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.At Randstad, we welcome people of all abilities and want to ensure that our hiring and interview process meets the needs of all applicants. If you require a reasonable accommodation to make your application or interview experience a great one, please contact HRsupport@randstadusa.com. Pay offered to a successful candidate will be based on several factors including the candidate's education, work experience, work location, specific job duties, certifications, etc. In addition, Randstad offers a comprehensive benefits package, including health, an incentive and recognition program, and 401K contribution (all benefits are based on eligibility). Qualified applicants in San Francisco with criminal histories will be considered for employment in accordance with the San Francisco Fair Chance Ordinance. We will consider for employment all qualified Applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance. For certain assignments, Covid-19 vaccination and/or testing may be required by Randstad's client or applicable federal mandate, subject to approved medical or religious accommodations. Carefully review the job posting for details on vaccine/testing requirements or ask your Randstad representative for more information.