Skip to main content
IT@2X
J189326

Cloud Security Vulnerability Governance Analyst - CF

Highmark Health

  • Company Hignmark Health
  • Home, PA
  • IS/IT
  • Full time
  • Day (United States of America)

Company :

Highmark Health

Job Description : 

JOB SUMMARY

This job will be responsible for configuring vulnerability assessment tools, performing scans, analyzing vulnerabilities, identifying relevant threats, recommending corrective actions, and summarizing results for relevant operational teams. The incumbent will leverage analytic and technical skills to discover cyber risks; prioritize assets, assess risks and remediation/mitigation techniques; report on risks, and drive and track remediation/mitigation/acceptance of risk to improve security posture. Troubleshoots security issues and data discrepancies. Assists workforce with vulnerability data based inquiries and problems. Works closely with infrastructure architecture/engineering/operations, compliance, software vendors, business teams and other areas as necessary.


ESSENTIAL RESPONSIBILITIES

  • Validate scan results against prior results. Be able to perform data integrity and cleanliness checks (verify timeliness of scans, potential false positives).
  • Communicate criticality ratings and validate ratings are applied appropriately.
  • Reduce risk by analyzing the root cause of issues, their impact, and required corrective actions (e.g., recommends security controls or other actions for mitigating technical and business risk).
  • Enable validation of reduced risk, by confirming vulnerable assets remediate through reporting. Clearly identify and be able to separate new vulnerabilities or vulnerable assets from 'repeat' vulnerabilities.
  • Resolving escalated issues arising from operations and requiring coordination with other departments.
  • Contribute to the development of and improvement in cyber security standard procedures and methodologies within the team.
  • Deploy, enhance, and expand physical and virtual infrastructure for new or existing IT assets required for vulnerability monitoring.
  • Other duties as assigned or requested.


EDUCATION


Required

  • Bachelor's Degree in Information Technology, Information Systems Security, Cybersecurity, or related field


Substitutions

  • 6 years of related and progressive experience in lieu of Bachelor's degree


Preferred

  • Master's Degree in Information Technology, Information Systems Security, Cybersecurity, or related field


EXPERIENCE


Required

  • 3 years in IT Security 
  • 3 years with IT Infrastructure
  • 3 years with Information Systems


Preferred

  • 1 year in a Security Operations Center (SOC) 


LICENSES or CERTIFICATIONS


Required

  • None

Preferred ( any of the following)

  • Certified Ethical Hacker (CEH)
  • Offensive Security Certified Professional (OSCP) 
  • GIAC Security Essentials (GSEC)
  • GIAC Incident Handler Certification  (GCIH)
  • CompTIA Security+


SKILLS

  • Ability to undertake and complete tasks independently, meet schedules and delivery timelines, and to move swiftly from concepts and theory to action for the client
  • Advise clients on best practices in risk treatment and acceptance, response planning, security, cyber threats, crisis management, and emerging technologies
  • Self-motivated, self-aware, self –disciplined, self-improving, and self-governed
  • Effectively and proactively communicates in writing/speech both internally/externally from the server room to the board room
  • Using at least one scripting language (e.g.: Perl, Python, PowerShell)
  • Building enterprise governance, risk, and compliance programs or driving the program's evolution to meet new requirements
  • Ability to work within high performance, multi-discipline teams
  • Understanding application level vulnerabilities like XSS, SQL Injection, authentication bypass, weak cryptography, Session Management, etc.
  • Technical expertise in system security vulnerabilities and remediation techniques, network and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, etc.)
  • Technical expertise in security engineering, system and network security, authentication and security protocols, cryptography, and application security
  • Experience with penetration testing and vulnerability scanning tools such as: Kali Linux, Metasploit, Burp suite, Cobalt Strike, Rapid7 InsightVM, Tenable Nessus, Web Inspect, Scuba, Appdetective, Splunk, AppScan, Veracode, or similar


Language (Other than English):

None

Travel Requirement:

0% - 25%

PHYSICAL, MENTAL DEMANDS and WORKING CONDITIONS

Position Type

Office-based

Teaches / trains others regularly

Occasionally

Travel regularly from the office to various work sites or from site-to-site

Rarely

Works primarily out-of-the office selling products/services (sales employees)

Never

Physical work site required

Yes

Lifting: up to 10 pounds

Constantly

Lifting: 10 to 25 pounds

Occasionally

Lifting: 25 to 50 pounds

Rarely

Disclaimer: The job description has been designed to indicate the general nature and essential duties and responsibilities of work performed by employees within this job title. It may not contain a comprehensive inventory of all duties, responsibilities, and qualifications required of employees to do this job.

Compliance Requirement : This job adheres to the ethical and legal standards and behavioral expectations as set forth in the code of business conduct and company policies.


As a component of job responsibilities, employees may have access to covered information, cardholder data, or other confidential customer information that must be protected at all times.  In connection with this, all employees must comply with both the Health Insurance Portability Accountability Act of 1996 (HIPAA) as described in the Notice of Privacy Practices and Privacy Policies and Procedures as well as all data security guidelines established within the Company’s Handbook of Privacy Policies and Practices and Information Security Policy. 

Furthermore, it is every employee’s responsibility to comply with the company’s Code of Business Conduct. This includes but is not limited to adherence to applicable federal and state laws, rules, and regulations as well as company policies and training requirements.

Highmark Health and its affiliates prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, national origin, sexual orientation/gender identity or any other category protected by applicable federal, state or local law. Highmark Health and its affiliates take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, national origin, sexual orientation/gender identity, protected veteran status or disability.

Highmark Health and its affiliates prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, age, religion, sex, national origin, sexual orientation/gender identity or any other category protected by applicable federal, state or local law. Highmark Health and its affiliates take affirmative action to employ and advance in employment individuals without regard to race, color, age, religion, sex, national origin, sexual orientation/gender identity, protected veteran status or disability. 

EEO is The Law

Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled/Sexual Orientation/Gender Identity ( https://www.eeoc.gov/sites/default/files/migrated_files/employers/poster_screen_reader_optimized.pdf )

We endeavor to make this site accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact number below.

For accommodation requests, please contact HR Services Online at HRServices@highmarkhealth.org

California Consumer Privacy Act Employees, Contractors, and Applicants Notice


Thumbnail Join Talent Community@2X

Connect with a career that’s right for you.

Introduce yourself and we'll get in touch monthly to share career insights and company news.

Join Our Talent Community