Cyber Security Senior Engineer
The Security Associate Engineer - Contractor, Vulnerability Management position will report to the Manager, Vulnerability Management and Cyber Hygiene as part of the overall Fusion Center focused on identifying, protecting, responding and containing threats and Vulnerabilities to the overall organization.
The expectations for this position are:
• Responsible for ensuring the appropriate operational security procedures are maintained for information systems, programs and data.
• Maintains and assists in developing the processes and systems to effectively manage the operations of security systems the VMCH team is responsible for throughout the enterprise.
• Provide service line support for vulnerability and configuration remediation, engagement, and escalation. Process Information Security vulnerability and configuration issues and tickets of moderate complexity.
• Follow established process for common requests and issues. Capture details around and escalate uncommon/unique requests to senior technical staff and management.
• Perform reviews and analysis of system and applications vulnerabilities and configurations, and support Security technical Risk Management processes.
• Proactively identify, engage on, and escalate vulnerability and configuration issues, either system/application specific or systemic.
• Assist with technical vulnerability assessment services.
Essential Key Job Responsibilities
• Assist in maintaining a variety of scanning platforms, including external scanning and vulnerability asset scanning.
• Provide vulnerability and configuration issue engagement, reporting, remediation tracking, and communication. Processes and assists peers with requests, engages with technical owners on vulnerability and configuration issues involving network, server, endpoint, and other systems.
• Responsible for processing inbound Information Security requests and tickets.
• Responsible for vulnerability and configuration research, resolution, and managed escalation, occasionally troubleshooting complex, or critical risk vulnerabilities and configurations. Provides assistance when needed in root-cause analysis efforts to determine improvement opportunities when failures occur.
• Provide team related engagement with Security Engineering, Identity Management Engineering, Security Architecture, CSOC, Network Engineering, Clinical Engineering, Systems Engineering, Application Development, and/or other IT Operations and business function owners.
• Assists in formal and informal security and vulnerability assessments.
• Manage workload, prioritizing tasks and documenting time, and other duties as directed by management.
• Pursue continuing education to grow and maintain knowledge of best practices, compliance requirements, vulnerabilities, threats and trends in information security, translating into operational action items, policies, procedures, standards and guidelines as part of the IT Security team.
• Participate in the collection and documentation of departmental knowledge artifacts, participant in the development and population of knowledge management and collaboration systems for the IT Security team.
• Communicates security and technical information to team members and across the IT Organization.
• Assists Management in identifying knowledge and process gaps.
Required Education and Experience
• Bachelor’s Degree in Computer Science, Information Security, Information Systems, or related field, or equivalent professional experience required.
• Previous experience in related job area (Vulnerability Management, Information Security, Identity/Access Management, IT Audit, Threat Management, Forensics/eDiscovery, Security Compliance, Policies and Standards) required.
• Previous experience in IT security/system/network operations and administration or programming preferred.
Required Licensure and Certifications
One or more relevant technical/professional security certifications (such as: COMP-TIA Network+ , Security+, SANS GIAC, CISSP, CRISC, CISA, or vendor-specific) preferred.
Required Minimum Knowledge, Skills, Abilities and Training
• Experience in Windows, UNIX/Linux OS and/or Cisco IOS preferred.
• Functional understanding of regulatory and compliance mandates and frameworks, including but not limited to: HIPAA, HITECH, PCI, Sarbanes-Oxley, Center for Internet Security (CIS), or NIST preferred.
• Experience conducting Vulnerability Testing (Network, Application, Database, and/or System Security), Analysis, Prioritization, and Documentation, and the management of communication with leadership and affected stakeholders preferred.
• Knowledge of healthcare environments preferred.
• Previous project management or project coordination experience preferred.
• Previous Information Security experience in the healthcare/medical environment strongly preferred.
- Function: Information Security
- Job Ref: 197974
Cyber Security Senior Engineer