Vulnerability Management Lead Engineer

Banner Health Phoenix , AZ 85002

Posted 2 months ago

Primary City/State:

Phoenix, Arizona

Department Name:

IT Threat & Vulnerability Mgmt

Work Shift:

Day

Job Category:

Information Technology

Health care is constantly changing, and at Banner Health, we are at the front of that change. We are leading health care to make the experience the best it can be.

We want to change the lives of those in our care - and the people who choose to take on this challenge. If changing health care for the better sounds like something you want to be part of, we want to hear from you.

The Cybersecurity Vulnerability team's main objective is improving the offensive security of Banner Health. You will have the opportunity to help secure a large health care provider.

In this role you will get to work with industry tools and technologies needed to protect the organization from the latest cyber attacks. You will be responsible for identifying and mitigating technical weaknesses within Banner Health's infrastructure. The candidate will help build strategy, implement scanning policies, perform data analytics, and continuously monitor the effectiveness of the vulnerability management program. We are looking for a seasoned, cybersecurity professional that will take charge, track and achieve established metrics, be innovative, collaborative, drive efficiency with vulnerability response, manage up, and be a voice for the vulnerability management program.

The typical schedule for this role is Monday-Friday, 8a-5p with schedule flexibility. The primary location for this role will be at Banner Corporate (Phoenix Plaza - off Thomas and Central) but option for remote capabilities. An ideal candidate would possess a bachelor's degree with 4+ years of related experience, experience with vulnerability analysis, system engineering, data analytics, strong communication skills, and experience with vulnerability training/awareness.

Your pay and benefits (Total Rewards) are important components of your Journey at Banner Health. Banner Health offers a variety of benefit plans to help you and your family. We provide health and financial security options, so you can focus on being the best at what you do and enjoying your life.

Within Banner Health Corporate, you will have the opportunity to apply your unique experience and expertise in support of a nationally-recognized healthcare leader. We offer stimulating and rewarding careers in a wide array of disciplines. Whether your background is in Human Resources, Finance, Information Technology, Legal, Managed Care Programs or Public Relations, you'll find many options for contributing to our award-winning patient care.

POSITION SUMMARY

This position leads the designs, develops, configures, implements, tunes, maintains solutions, resolve technical and business issues related to cybersecurity threat & vulnerability management, identity management, security operations center, forensics, and data protection. Cybersecurity Engineers work with Cybersecurity Architects to execute strategic cyber initiatives, evaluate security components of the network, applications and end-user devices, and provides guidance to ensure new systems meet regulatory and technical standards.

Cybersecurity Engineers leads root-cause analysis on Cyber systems to determine improvement opportunities when failures occur. Cybersecurity Engineers work closely with other IT organizations to ensure cyber products are working and integrating with non-cyber environments (apps, networks, End User devices, Servers, etc).

CORE FUNCTIONS

1.Proactively initiates the design and implementation of cybersecurity solutions, upgrades, enhancements, while looking forward three to five years.

2.Leads in providing technical expertise and support for cybersecurity solutions, including operational aspects of the software.

3.Serves as subject matter expert in the design, implementation, and compliance of secure baseline configurations for applications and infrastructure components.

4.Proactively initiates technical assessments of systems and applications to ensure compliance with policy, standards and regulations.

5.Authors new cybersecurity standards and procedures. Leads the revision of existing cybersecurity policies, standards, and procedures, as needed.

6.Serves as technical leader for cybersecurity projects, including the development of project scope requirements, budgeting, work breakdown and operational handoff.

7.Identify threats and develop suitable defense measures, evaluate system changes for security implications, and recommend enhancements, research, and draft cybersecurity white papers, and provide first-class support to the cybersecurity operations staff for resolving difficult cybersecurity issues.

8.Under limited direction, self starter, this position is responsible for cybersecurity across multiple departments system-wide and requires interaction at all levels of staff and management. Work closely on cross functional IT Teams.

Leads work through indirect leadership across other cyber resources. Articulate complex Security functions into simple business ease.

MINIMUM QUALIFICATIONS

Must possess strong knowledge of business, information security and/or computer science as normally obtained through the completion of a bachelor's degree. Bachelor's Degree in Computer Science, Information Security, Information Systems, or related field, or equivalent.

Seven plus years of experience of enterprise-scale information security engineering, preferably in healthcare.Must also possess three plus years' experience in a healthcare environment or an equivalent combination of relevant education, technical, business and healthcare experience. Experience, IT operations, automation of security processes, coding and scripting languages, ability to document security processes as well as use case development.

Experience with the assessing cyber products, including vendor selection, define requirements, contractual documentation development.

Experienced assessing and reaching out to vendors for needed features via enhancement requests. Expert understanding of regulatory and compliance mandates, including but not limited to HIPAA, HITECH, PCI, Sarbanes-Oxley.

Experienced in planning, designing and implementing cybersecurity solutions, operating, maintaining and managing the lifecycle of cybersecurity solutions. Advanced knowledge of Security Engineering Principles, including risk management, resilience, vulnerability management, Information Security, NIST, MITRE ATT@CK, etc. Advanced expertise in Cyber products supporting Data Loss Prevention, EDR, AntiVirus, Perimeter services, threat systems, cyber platform analytics, SIEM, CASB, CLOUD Security, ETC.

Proven Cloud Security experience. Requires independent judgment, critical decision making, excellent analytical skills, with excellent verbal and written communications. Ability to think quickly under difficult or complex conditions and clearly communicate to appropriate staff; ability to balance project workloads with customer support and on-call demands.

Must demonstrate deep knowledge of information technology and information security principles and practices. Requires communication and presentation skills to engage technical and non-technical audiences. Requires ability to communicate and interact across facilities and at various levels.

Incumbent will have skills to mentor less experienced team members. As is typical in this industry, variable shifts and hours and responding to after-hours notifications may be required.

PREFERRED QUALIFICATIONS

Certification in two or more of the following areas Systems Security Certified Practitioner (SSCP), HealthCare Information Security & Privacy Practitioner, (HCISPP), CompTIA Security+, Certified Information Systems Security Professional (CISSP) - Engineering (ISSEP), Certified Ethical Hacker (CEH), SANS GIAC, or Certified Information Systems Auditor (CISA). Four plus years as a System Administrator or in IT Operations. Or four plus years in risk management or GRC experience in the healthcare/medical environment. Five plus years' experience in a healthcare environment or an equivalent combination of relevant education, technical, business and healthcare experience.

Additional related education and/or experience preferred.



icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Vulnerability Management Engineer

Banner Health

Posted 2 months ago

VIEW JOBS 10/9/2020 12:00:00 AM 2021-01-07T00:00 Primary City/State: Phoenix, Arizona Department Name: IT Threat & Vulnerability Mgmt Work Shift: Day Job Category: Information Technology Health care is constantly changing, and at Banner Health, we are at the front of that change. We are leading health care to make the experience the best it can be. We want to change the lives of those in our care - and the people who choose to take on this challenge. If changing health care for the better sounds like something you want to be part of, we want to hear from you. The Cybersecurity Vulnerability Management team's main objective is improving the offensive security of Banner Health. In this role as the Vulnerability Management Engineer you will get to work with industry tools and technologies needed to protect the organization from the latest cyber attacks. You will be responsible for performing detailed vulnerability assessments on new and current systems within the environment. Additionally, the engineer will also be responsible for building security alerts from internal/external sources and performing scans to determine Banner's exposure to new threats. The candidate will be responsible for building technologies to help track, coordinate, and remediate items for application owners. We are looking for a cybersecurity professional that will take charge, track and achieve established metrics, be innovative, collaborative, and drive efficiency with vulnerability response. The typical schedule for this role is Monday-Friday, 8a-5p with schedule flexibility. The primary location for this role will be at Banner Corporate (Thomas and Central) but option for remote capabilities. An ideal candidate would possess a bachelor's degree with 3+ years of related experience, experience with vulnerability management, system engineering, data analytics, strong communication skills, and experience with vulnerability training/awareness. Your pay and benefits (Total Rewards) are important components of your Journey at Banner Health. Banner Health offers a variety of benefit plans to help you and your family. We provide health and financial security options, so you can focus on being the best at what you do and enjoying your life. Within Banner Health Corporate, you will have the opportunity to apply your unique experience and expertise in support of a nationally-recognized healthcare leader. We offer stimulating and rewarding careers in a wide array of disciplines. Whether your background is in Human Resources, Finance, Information Technology, Legal, Managed Care Programs or Public Relations, you'll find many options for contributing to our award-winning patient care. POSITION SUMMARY This position designs, develops, configures, implements, tunes, maintains solutions, resolve technical and business issues related to cybersecurity threat & vulnerability management, identity management, security operations center, forensics, and data protection. Cybersecurity Engineers work with Cybersecurity Architects to execute strategic cyber initiatives, evaluate security components of the network, applications and end-user devices, and provides guidance to ensure new systems meet regulatory and technical standards. Cybersecurity Engineers participate in root-cause analysis efforts to determine improvement opportunities when failures occur. Manage Cyber systems, ensures they are tuned, on the current release and manages appropriate change management across the IT organization and the business. CORE FUNCTIONS 1. Leads in the design and implementation of cybersecurity solutions. 2. Leads in providing technical expertise and support for cybersecurity solutions, including operational aspects of the software, hardware, network/firewall. 3. Leads in the design, implementation, and compliance of secure configurations for applications and infrastructure components. 4. Leads in technical assessments of systems and applications to ensure compliance with policy, standards and regulations. 5. Leads in the ongoing evaluation and development of security policies and procedures. Leads the revision of policies and procedures, as needed. 6. Serves as technical lead of cybersecurity projects, including the development of project scope requirements, cybersecurity product implementation, tuning, operational support model creation. 7. Under general direction, this position is responsible for cybersecurity across multiple departments system-wide and requires interaction at all levels of staff and management. Work closely on cross functional IT Teams. MINIMUM QUALIFICATIONS Must possess strong knowledge of business, information security and/or computer science as normally obtained through the completion of a bachelor's degree in Computer Science, Information Security, Information Systems, or related field. Four to six years of experience of enterprise-scale information security engineering, preferably in healthcare.  Must also possess one to three years' experience in a healthcare environment or an equivalent combination of relevant education, technical, business and healthcare experience.  Experience, IT operations, automation of cybersecurity processes, coding and scripting languages, ability to document cybersecurity processes as well as use case development. Experience with the assessing cyber products, including vendor selection, define requirements, contractual documentation development. Experienced in planning, designing and implementing cybersecurity solutions. Experienced in operating, maintaining and implementing, upgrading and lifecycle of cybersecurity solutions. Proficient understanding of regulatory and compliance mandates, including but not limited to HIPAA, HITECH, PCI, Sarbanes-Oxley. Advanced knowledge of Security Engineering Principles, including risk management, resilience, vulnerability management, Information Security, NIST, MITRE ATT@CK, etc. Expertise in Cyber products supporting Data Loss Prevention, EDR, AntiVirus, Perimeter services, Threat systems, cyber platform analytics, SIEM, CASB, CLOUD Security, ETC. Requires independent judgment, critical decision making, excellent analytical skills, with excellent verbal and written communications. Ability to think quickly under difficult or complex conditions and clearly communicate to appropriate staff; ability to balance project workloads with customer support and on-call demands. Must demonstrate knowledge of information technology and information security principles and practices. Requires communication and presentation skills to engage technical and non-technical audiences. Requires ability to communicate and interact across facilities and at various levels. Incumbent will have skills to mentor less experienced team members. As is typical in this industry, variable shifts and hours and responding to after-hours notifications may be required. PREFERRED QUALIFICATIONS Certification in two or more of the following areas: Systems Security Certified Practitioner (SSCP), HealthCare Information Security & Privacy Practitioner, (HCISPP), CompTIA Security+, Certified Information Systems Security Professional (CISSP) - Engineering (ISSEP), Certified Ethical Hacker (CEH), SANS GIAC, or Certified Information Systems Auditor (CISA).  Three plus years as a System Administrator, Security Operations or in IT Operations. Or three plus years in risk management or GRC experience in the healthcare/medical environment. Must also possess three plus years' experience in a healthcare environment or an equivalent combination of relevant education, technical, business and healthcare experience. Additional related education and/or experience preferred. Banner Health Phoenix AZ

Vulnerability Management Lead Engineer

Banner Health