Information Security Engineer

Join a Company That Puts People First!

At Aveanna, we’re proud to foster a workplace culture that celebrates diversity, encourages connection, and supports our team members every step of the way. Here’s what sets us apart:

Award-Winning Culture

- Ranked the #1 company to work for in Georgia in 2024 by U.S. News & World Report.

Employee Connection & Support

- Aveanna Connection Groups: Employee-led groups where shared identities and experiences create spaces for connection, collaboration, and support.

- Aveanna Social Circles: Join groups based on your interests, like books, music, or movies, to build camaraderie and lasting friendships.

- Aveanna Employee Relief Fund: A resource to help our team members through unexpected hardships, because we’re stronger together.

Inclusive Learning Environment

- We believe in growing together. Our inclusive learning sessions are open to all employees, fostering collaboration and shared success.

Commitment to Community

- Every year, we dedicate a day to giving back through our Annual Service Day, making a meaningful impact in the communities we serve.

Position Overview
The Information Security Engineer is responsible for the maturing of IT security programs to meet security requirements related to function, protection, assurance, risk management, and compliance. This individual will be responsible for documenting, testing and maturing a comprehensive information security program to protect all aspects of business and application assets across the organization.

Essential Job Functions
Facilitate architecture, design, implementation, deployment, and operational discussions to ensure HIPAA and PCI compliant technology solutions.
Validate current security standards against industry best practices and provide recommendations for improvements.
Use vulnerability management tools to identify and prioritize risks across the enterprise.
Research, evaluate, design, test, recommend and plan the implementation of new or updated information security technologies.
Document and validate business procedures against published policies.
Define security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems.
Play an advisory role in application development or acquisition projects to assess security requirements and controls and to ensure that security controls are implemented as planned. Complete remediation activities and initiate actions to ensure that compliance and security gaps are successfully addressed.
Research and assess new threats and security alerts and recommend remedial actions.
Develop plans for security systems by evaluating network and security technologies; developing requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related security and network devices
Interface with the Project Management teams to ensure security services are met in all phases of the SDLC.
Business continuity and disaster recovery validation against SLA definitions.
Support compliance and financial audit requests.

Requirements
3 to 5 years of experience in IT, with a minimum of one year in security architecture.
Experience conducting disaster recovery, business continuity, incident response exercises.
In-depth experience implementing security solutions.
Knowledgeable in the design and implementation of security architectures that enable well-integrated transactional, collaborative and analytical systems.
In depth knowledge of information security regulations such as, FISMA, HIPAA, HITECH, PSQIA, Gramm-Leach-Bliley, SOX.
In depth knowledge CIS, NIST, and ISO 27001 standards.
Ability to perform vulnerability scans and provide remediation. Tenable Nessus experience a plus.
Experience with EDR solutions.
Experience with integrating, updating, and tuning a SIEM.
Experience with maintaining AV and endpoint encryption suite.
Exceptional interpersonal skills, including teamwork, facilitation and negotiation.
Must be able to work independently with minimal supervision.
Ability to perform network forensics and resolve IDS alerts.
Ability to rapidly comprehend the functions and capabilities of new technologies.
Strong knowledge in Windows and Network administration.
Ability to perform system hardening.


Preferences
Certifications: CISSP, OSCP, CISA preferred
Known publications in the security field (blogs, recorded presentations, or new articles)
Having writing organization policies from scratch


Other Skills/Abilities
Must be able to adhere to confidentiality standards and professional boundaries at all times
Attention to detail
Time Management
Ability to remain calm and professional in stressful situations
Strong commitment to excellence
Quick-thinking and astute decision making skills
Effective problem-solving and conflict resolution
Excellent organization and communication skills

Physical Requirements
Must be able to speak, write, read and understand English
Occasional lifting, carrying, pushing and pulling of 25 pounds
Prolonged walking, sitting, standing, bending, kneeling, reaching, twisting
Must be able to sit and climb stairs

Environment
Performs duties in an office environment during agency operating hours
Must be able to function in a wide variety of environments which may involve exposure to allergens and other various conditions

Other Duties
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

Headhunters and recruitment agencies may not submit resumes/CVs through this website or directly to managers. Aveanna does not accept unsolicited headhunter and agency resumes, and will not pay fees to any third-party agency or company that does not have a signed agreement with Aveanna.

As an employer accepting Medicare and Medicaid funds, employees must comply with all health-related requirements in all relevant jurisdictions, including required vaccinations and testing, subject to exemptions for medical or religious reasons as appropriate.

Notice for Job Applicants Residing in California