Cardinal Health
Sr. Security Engineer
At a glance
Location: US-OH-Dublin Map
Posted: 03/09/2020
Closing: 04/08/2020
Degree: Not Specified
Type: Full-Time
Experience: Not Specified
Cardinal Health
Job description

The Fuse Commercial Technologies group focuses on building technology solutions for use directly in patient care environments. Our existing applications support oncology clinics, retail, and institutional pharmacies ranging from inventory, dispense, and clinical intervention workflows. We have an interest in providing value-add services and products to our customers, so our product portfolio is ever-changing. 

This role exists within Cardinal Health’s Fuse software development center. Fuse maintains an unexpected start-up atmosphere within a Fortune 19 company. Our enticing, casual, and creative environment are specifically designed to foster the ingenuity of every individual. We know that ideas happen anywhere. At Fuse, the ideas are shared among other great minds, vetted each day, and turned into extraordinary healthcare solutions. To learn more about the atmosphere at Fuse, please see our launch video

Job Overview:

The Senior Security Engineer is an organizational leader that participates in developing and executing organizational strategy across commercial technologies and is influential across the company. They are a leader in security and Identity Management with hands-on engineering experience to work alongside the development teams to implement secure authentication, authorization, and API patterns. They are an expert at designing as well as implementing security and identity management solution of scale. They work in an Agile development environment securing, architecting, designing, leading, and delivering technology solutions to transform healthcare into a safer and more cost-effective industry. 

The individual also assists in maintaining security and compliance initiatives to ensure that corporate policies, standards, procedures, and audit activities are in alignment with business, IT, and regulatory requirements. Success in the role is measured by the effectiveness of the implementation of information security and compliance directives.

Job Responsibilities Include:

  • Design, implement and maintain an authentication system for eco-system single sign-on; including the development of authentication forms, pages, and inbound federation solutions
  • Leads the development of identity management technology transitions and architecture evolutions by creating foundational examples of working solutions and coach teams on how to build on those examples
  • Provide guidance as well as code examples for the development teams to design and implement the secure patterns for authentication, session management, and authorization
  • Design, implement (code), review, and troubleshoot highly scalable software, both client and server-side
  • Monitor security trends and drive security best practices throughout the organization
  • Lead and document threat modeling exercises for applications and systems
  • Co-ordinate with enterprise identity management and security teams to align goals and roadmaps
  • Evaluating, designing, testing, and recommending new or improved controls to keep Fuse current with industry standards and compliance requirements
  • Lead and participate in business, culture, technical, and practice initiatives that support continuous improvement across the organization

Required Qualifications:

  • Degree in Computer Science, Software Engineering, or equivalent experience
  • Experience integrating with Okta or other cloud identity solutions 
  • Proficient working in multiple Security domains (e.g., Cryptography, Authentication, Authorization, OWASP, Vulnerability Management, Threat Modeling, Identity Management)
  • Proficiency in multiple programming languages, expertise in at least one
  • Experience advising and mentoring diverse teams where you do not have direct authority
  • Strong written and verbal communication skills

Preferred Qualifications:

  • 5+ years of hands-on development experience with some portion of time as a lead developer/architect
  • 3+ years of hands security experience of implementing application authentication, authorization, and API secure patterns
  • Professional certification in the information security space (e.g., CISM, CISSP, CISA, GIAC) or other security certification at a similar level
  • Familiarity with security frameworks associated with one or more industry standards (e.g., COBIT, COSO, HIPAA/HITECH, ISO, ITIL, NIST, PCI DSS, SOC or SOX)
  • Experience with understanding HIPAA/HITECH regulations and guidelines for securing ePHI & PII data
  • Understanding of protocols underlying security domains (e.g., FIDO, U2F, Web-Auth, SSO, SAML, OAuth)
  • Strong problem solving and organizational skills
  • Java and JavaScript experience highly preferred

Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.

Sr. Security Engineer