Cybersecurity Engineer III

Cybersecurity Engineer III

Department Name: IT Network Services

Work Shift: Day

Job Category: Information Technology

About Banner Health

Banner Health was named to Fortune’s Most Innovative Companies in America 2025 list for the third consecutive year and named to Newsweek's list of Most Trustworthy Companies in America for the second year in a row. We’re proud to be recognized for our commitment to the latest health care advancements and excellent patient care.

As Banner continues to leverage technology to deliver the highest quality of possible care, Cybersecurity is a top priority. Firewalls Services is responsible for planning, implementing, managing, monitoring, and upgrading security measures for the protection of the organization's data, systems, and networks as well as troubleshooting security and network platforms. This position ensures that the organization's data and infrastructure are protected from insider and outsider threats by enabling the appropriate security controls while responding to all system and/or network security breaches.

Position Summary

This position leads the designs, develops, configures, implements, tunes, maintains solutions, and resolves technical and business issues related to cybersecurity threat & vulnerability management, identity management, security operations center, forensics, and data protection. Cybersecurity Engineers work with Cybersecurity Architects to execute strategic cyber initiatives, evaluate security components of the network, applications and end-user devices, and provide guidance to ensure new systems meet regulatory and technical standards. Cybersecurity Engineers lead root-cause analysis on Cyber systems to determine improvement opportunities when failures occur. Cybersecurity Engineers work closely with other IT organizations to ensure cyber products are working and integrating with non-cyber environments (apps, networks, End User devices, Servers, etc).

Core Functions

• Proactively initiate the design and implementation of cybersecurity solutions, upgrades, and enhancements, looking forward three to five years.
• Provide technical expertise and support for cybersecurity solutions, including operational aspects of the software.
• Serve as a subject matter expert in the design, implementation, and compliance of secure baseline configurations for applications and infrastructure components.
• Proactively initiate technical assessments of systems and applications to ensure compliance with policy, standards, and regulations.
• Author new cybersecurity standards and procedures. Lead the revision of existing cybersecurity policies, standards, and procedures, as needed.
• Serve as a technical leader for cybersecurity projects, including the development of project scope requirements, budgeting, work breakdown, and operational handoff.
• Identify threats and develop suitable defense measures, evaluate system changes for security implications, and recommend enhancements. Research and draft cybersecurity white papers, and provide first-class support to the cybersecurity operations staff for resolving difficult cybersecurity issues.
• Under limited direction, this self-starter position is responsible for cybersecurity across multiple departments system-wide and requires interaction at all levels of staff and management. Work closely on cross-functional IT Teams. Lead work through indirect leadership across other cyber resources. Articulate complex Security functions into simple business ease.

Key Responsibilities for Cybersecurity Engineer III

• Investigate and remediate cybersecurity incidents.
• Escalate cybersecurity incidents as defined by procedure.
• Liaise closely with other teams to ensure correct response and remediation of cybersecurity incidents.
• Act as an innovator and SME within design and architecture.
• Oversee major Cyber Security projects through to completion.
• Participate in on-call duties as required.

Minimum Qualifications

• Bachelor’s Degree in Computer Science, Information Security, Information Systems, or related field, or equivalent.
• Seven plus years of experience in enterprise-scale information security engineering, preferably in healthcare.
• Three plus years of experience in a healthcare environment or an equivalent combination of relevant education, technical, business, and healthcare experience.
• Experience with IT operations, automation of security processes, coding and scripting languages, ability to document security processes, and use case development.
• Experience with assessing cyber products, including vendor selection, defining requirements, and contractual documentation development.
• Experienced in assessing and reaching out to vendors for needed features via enhancement requests.
• Expert understanding of regulatory and compliance mandates (HIPAA, HITECH, PCI, Sarbanes-Oxley).
• Experienced in planning, designing, implementing, operating, maintaining, and managing the lifecycle of cybersecurity solutions.
• Advanced knowledge of Security Engineering Principles (risk management, resilience, vulnerability management, Information Security, NIST, MITRE ATT@CK).
• Advanced expertise in Cyber products supporting Data Loss Prevention, EDR, AntiVirus, Perimeter services, threat systems, cyber platform analytics, SIEM, CASB, CLOUD Security.
• Proven Cloud Security experience.
• Requires independent judgment, critical decision-making, excellent analytical skills, with excellent verbal and written communications.
• Ability to think quickly under difficult or complex conditions and clearly communicate to appropriate staff.
• Ability to balance project workloads with customer support and on-call demands.
• Must demonstrate deep knowledge of information technology and information security principles and practices.
• Requires communication and presentation skills to engage technical and non-technical audiences.
• Requires ability to communicate and interact across facilities and at various levels.
• Skills to mentor less experienced team members.
• Variable shifts and hours, and responding to after-hours notifications may be required.

Preferred Qualifications

• Certification in two or more of the following: Systems Security Certified Practitioner (SSCP), HealthCare Information Security & Privacy Practitioner (HCISPP), CompTIA Security+, Certified Information Systems Security Professional (CISSP) – Engineering (ISSEP), Certified Ethical Hacker (CEH), SANS GIAC, or Certified Information Systems Auditor (CISA).
• Four plus years as a System Administrator or in IT Operations.
• Four plus years in risk management or GRC experience in the healthcare/medical environment.
• Five plus years’ experience in a healthcare environment or an equivalent combination of relevant education, technical, business and healthcare experience.

Work Arrangement and Location

This can be a remote position if you live in the following states ONLY: AL, AK, AR, FL, GA, ID, IN, IA, KS, KY, LA, MD, MI, MN, MS, MO, NH, NM, NY, NC, ND, OH, OK, OR, PA, SC, TN, TX, UT, VA, WA, WI AZ CA CO NE NV WY. No other states will be considered. On-call duties are included.

Total Rewards

Your pay and benefits (Total Rewards) are important components of your Journey at Banner Health. Banner Health offers a variety of benefit plans to help you and your family. We provide health and financial security options, so you can focus on being the best at at what you do and enjoying your life.

EEO Statement:

EEO/Disabled/Veterans

Our organization supports a drug-free work environment.

Privacy Policy:

Privacy Policy

Key skills/competency

• Cybersecurity Engineering
• Information Security
• Network Security
• Threat and Vulnerability Management
• Identity Management
• Security Operations Center (SOC)
• Forensics
• Data Protection
• Risk Management
• Compliance (HIPAA, HITECH, PCI, SOX)