Company :Highmark Health
Job Description :
This job will be responsible for configuring vulnerability assessment tools, performing scans, analyzing vulnerabilities, identifying relevant threats, recommending corrective actions, and summarizing results for relevant operational teams. The incumbent will leverage analytic and technical skills to discover cyber risks; prioritize assets, assess risks and remediation/mitigation techniques; report on risks, and drive and track remediation/mitigation/acceptance of risk to improve security posture. Troubleshoots security issues and data discrepancies. Assists workforce with vulnerability data based inquiries and problems. Works closely with infrastructure architecture/engineering/operations, compliance, software vendors, business teams and other areas as necessary.
- Validate scan results against prior results. Be able to perform data integrity and cleanliness checks (verify timeliness of scans, potential false positives).
- Communicate criticality ratings and validate ratings are applied appropriately.
- Reduce risk by analyzing the root cause of issues, their impact, and required corrective actions (e.g., recommends security controls or other actions for mitigating technical and business risk).
- Enable validation of reduced risk, by confirming vulnerable assets remediate through reporting. Clearly identify and be able to separate new vulnerabilities or vulnerable assets from 'repeat' vulnerabilities.
- Resolving escalated issues arising from operations and requiring coordination with other departments.
- Contribute to the development of and improvement in cyber security standard procedures and methodologies within the team.
- Deploy, enhance, and expand physical and virtual infrastructure for new or existing IT assets required for vulnerability monitoring.
- Other duties as assigned or requested.
- Bachelor's Degree in Information Technology, Information Systems Security, Cybersecurity, or related field
- 6 years of related and progressive experience in lieu of Bachelor's degree
- Master's Degree in Information Technology, Information Systems Security, Cybersecurity, or related field
- 3 years in IT Security
- 3 years with IT Infrastructure
- 3 years with Information Systems
- 1 year in a Security Operations Center (SOC)
LICENSES or CERTIFICATIONS
Preferred ( any of the following)
- Certified Ethical Hacker (CEH)
- Offensive Security Certified Professional (OSCP)
- GIAC Security Essentials (GSEC)
- GIAC Incident Handler Certification (GCIH)
- CompTIA Security+
- Ability to undertake and complete tasks independently, meet schedules and delivery timelines, and to move swiftly from concepts and theory to action for the client
- Advise clients on best practices in risk treatment and acceptance, response planning, security, cyber threats, crisis management, and emerging technologies
- Self-motivated, self-aware, self –disciplined, self-improving, and self-governed
- Effectively and proactively communicates in writing/speech both internally/externally from the server room to the board room
- Using at least one scripting language (e.g.: Perl, Python, PowerShell)
- Building enterprise governance, risk, and compliance programs or driving the program's evolution to meet new requirements
- Ability to work within high performance, multi-discipline teams
- Understanding application level vulnerabilities like XSS, SQL Injection, authentication bypass, weak cryptography, Session Management, etc.
- Technical expertise in system security vulnerabilities and remediation techniques, network and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, etc.)
- Technical expertise in security engineering, system and network security, authentication and security protocols, cryptography, and application security
- Experience with penetration testing and vulnerability scanning tools such as: Kali Linux, Metasploit, Burp suite, Cobalt Strike, Rapid7 InsightVM, Tenable Nessus, Web Inspect, Scuba, Appdetective, Splunk, AppScan, Veracode, or similar
Language (Other than English):
0% - 25%
PHYSICAL, MENTAL DEMANDS and WORKING CONDITIONS
Teaches / trains others regularly
Travel regularly from the office to various work sites or from site-to-site
Works primarily out-of-the office selling products/services (sales employees)
Physical work site required
Lifting: up to 10 pounds
Lifting: 10 to 25 pounds
Lifting: 25 to 50 pounds
Disclaimer: The job description has been designed to indicate the general nature and essential duties and responsibilities of work performed by employees within this job title. It may not contain a comprehensive inventory of all duties, responsibilities, and qualifications required of employees to do this job.
Compliance Requirement : This job adheres to the ethical and legal standards and behavioral expectations as set forth in the code of business conduct and company policies.
As a component of job responsibilities, employees may have access to covered information, cardholder data, or other confidential customer information that must be protected at all times. In connection with this, all employees must comply with both the Health Insurance Portability Accountability Act of 1996 (HIPAA) as described in the Notice of Privacy Practices and Privacy Policies and Procedures as well as all data security guidelines established within the Company’s Handbook of Privacy Policies and Practices and Information Security Policy.
Furthermore, it is every employee’s responsibility to comply with the company’s Code of Business Conduct. This includes but is not limited to adherence to applicable federal and state laws, rules, and regulations as well as company policies and training requirements.
Highmark Health and its affiliates prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, national origin, sexual orientation/gender identity or any other category protected by applicable federal, state or local law. Highmark Health and its affiliates take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, national origin, sexual orientation/gender identity, protected veteran status or disability.
Highmark Health and its affiliates prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, age, religion, sex, national origin, sexual orientation/gender identity or any other category protected by applicable federal, state or local law. Highmark Health and its affiliates take affirmative action to employ and advance in employment individuals without regard to race, color, age, religion, sex, national origin, sexual orientation/gender identity, protected veteran status or disability.
EEO is The Law
Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled/Sexual Orientation/Gender Identity ( https://www.eeoc.gov/sites/default/files/migrated_files/employers/poster_screen_reader_optimized.pdf )
We endeavor to make this site accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact number below.
For accommodation requests, please contact HR Services Online at HRServices@highmarkhealth.org