No relocation assistance is available.
Job description below.
Sorry, don't have the salary range (I'm not the hiring manager, just a concerned citizen).
For more information and to submit a resume, visit http://www.merck.com/careers/search_jobs.html and perform a Job Number Search for INF000637.
Description
As the nation's leading provider of high-quality, affordable prescription drug care throughout the United States, Medco Health Solutions, a subsidiary of Merck & Co., Inc., has pioneered the business of prescription drug care.
Medco Health, a leading pharmacy benefit manager (PBM), employs more than 15,000 employees nationwide, including 2,800 registered pharmacists. With annual revenues of $29 billion, we provide pharmaceutical care for approximately 65 million Americans - nearly 1 in 4 - on behalf of 1,680 health plan and employer clients throughout the nation.
Perform risk assessments of proposed new or modified application functionality and their impact on the existing security stance of Medco Health’s internally and externally developed web applications.
· Ensure that security concerns are properly addressed in outsourced applications, both prior to and following the contract process.
· Perform functional design analysis from a security perspective for new applications/projects.
· Establish and enforce Security Controls.
· Ensure compliance with Programming & Security Practices and Standards, and recommend improvements and enhancements to these standards as needed. Work with application service providers, business sponsors, applications architects and developers, configuration management, Core Services and Internet Infrastructure & Internet Security teams to ensure adherence to standards and continuity of security in the Systems Development Life Cycle.
· Develop Security test plans
· Design and participate in implementation of Preventive, Detective, and Corrective Controls to protect the confidentiality, integrity, and availability of information processed by the applications.
· Identify and investigate anomalous log entries for impact on the security, integrity, of applications code and information.
· Implement, automate, and maintain reporting tools for in Security Analysis.
· Work with stakeholders in resolution of issues.
· Monitor vulnerability notices from vendors, security agencies (CERT, FIRST, etc.) and governmental resources (CIAC, NIPC, etc.). Assist in tracking company compliance in resolving such vulnerabilities.
· Publish instructional and implementation guides.
· Implement and enforce corporate-wide standards, policies, and procedures.
· Work with internal and external auditors, responding to audit recommendations and preparing reports to senior management.
· Assist in the review, test, lockdown, and certification of application implementations.
· Conduct regular, scheduled penetration tests of applications and ad hoc vulnerability testing.
· Facilitate investigations of inappropriate usage of systems and resources.
· Ensure the day-to-day procedures and guidelines are adhered to in accordance with internal Merck-Medco and external regulatory/third party standards.
· Provide support and security expertise to ensure delivery dates for all Internet/Extranet application initiatives and infrastructure projects.
Qualifications Experience with a formal Systems Development Life Cycle Data warehousing PKI/Digital Certificate implementations Familiarity/Experience with HIPAA privacy and/or security requirements and health care security standards a plus CISSP or SANS certification preferred but not required.
Platforms: HP-UX 10.20 - 11.x, Microsoft Windows NT/2000/XP; Sun Solaris; Linux Web Servers: iPlanet Web Server 4.x/6.x; Microsoft IIS v 5+; Apache Databases: Oracle 8x; NCR Teradata. Other products: BroadVision, Plumtree Corporate Portal; Siebel; MicroStrategy; Actuate, Netegrity SiteMinder or other Identification/authentication products.
-- Chris Calabrese, CISSP, GCIA, GCFA Distributed Systems Security MedcoHealth.com
This e-mail message and any attachments contain confidential information from Medco Health Solutions, Inc. If you are not the intended recipient, you are hereby notified that disclosure, printing, copying, distribution, or the taking of any action in reliance on the contents of this electronic information is strictly prohibited. If you have received this e-mail message in error, please immediately notify the sender by reply message and then delete the electronic message and any attachments.
