Info Security Analyst IV, Vulnerability Management

Company: Hackensack Meridian Health
Location: Edison
Posted on: August 7, 2022

Job Description:

Description: How have -YOU -impacted someone's life today? At -Hackensack Meridian -Health -our teams are focused on changing the lives of our patients by providing the highest level of care each and every day. From our hospitals, rehab centers and occupational health teams to our long-term care centers and at-home care capabilities, our complete spectrum of services will allow you to apply your skills in multiple settings while building your career, all within New Jersey's premier healthcare system. - -The Vulnerability Management (VM) Program's objective is to reduce Hackensack Meridian Health's (HMH) risk profile through the proactive identification, prioritization, and remediation of vulnerabilities in a systematic and comprehensive manner across systems (Host, Application, Database, etc.). The Information Security Analyst IV, Vulnerability Management is responsible for handling the day-to-day operations of the Vulnerability Management service. This includes reviewing scheduled scan performance, reviewing and prioritizing scan results, regularly consuming threat and vulnerability intelligence, creating remediation tickets and assigning them to teams across HMH, and generating and distributing reports. Works closely with the Vulnerability Management Tool and coordinates with the Vulnerability Management Manager, Info Security Analyst III, Vulnerability Management, Operations, Applications, and Infrastructure teams. This individual reports directly to the Vulnerability Management Manager. -This is a hybrid position(50/50) and the office is located in Edison, NJ. -Responsibilties: A day in the life of a -Info Security Analyst IV, Vulnerability Management at Hackensack Meridian -Health -includes:

• Architects vulnerability scanning processes at the direction of the Vulnerability Management Manager. Oversees planning, design, implementation, testing, and operation of Vulnerability Management tools, processes, and systems. Maintains relationships with management and vendors to develop and implement new Vulnerability Management solutions to meet business requirements.
• Leads ongoing Vulnerability Management optimization efforts and projects (e.g., scan scope expansion and validation, management of scanners, enhanced automation, etc.)
• Consumes external vulnerability and threat intelligence to stay up to date on industry trends and determines how they impact HMH.
• Identifies new assets/subnets to incorporate into vulnerability scans and routes findings to respective infrastructure teams for verification.
• Monitors and maintains overall vulnerability system (scanners, appliances, agents, etc.) health and addresses issues when discovered. Prepares and performs updates to Vulnerability Management related tools when released.
• Serves as an escalation point and troubleshooting resource for issues/errors resulting from scanning activities.
• Mentors junior Vulnerability Management team members, IT staff, and other teams regarding Vulnerability Management tools and processes.
• Assists in reviewing proposed new systems and network designs for potential security risks and vulnerability scanning configuration needs; implement mitigation or countermeasures and resolve integration issues related to the implementation of new systems within the existing infrastructure.
• Advises the leadership team on the appropriate administration of Vulnerability Management standards, assisting them in developing plans within their business units to manage these risks effectively by understanding the fundamental aspects of their business objectives. -
• Researches, evaluates and recommends vulnerability management solutions to maintain a strong security posture, including developing business cases for security investments.
• Assesses and triages vulnerability scan results based on risk assessments, CVSS, vulnerability intelligence, and enterprise/environment context.
• Assists in the development and monitoring of program specific metrics and KPIs.
• Performs investigation and remediation of tickets assigned to the Vulnerability Management team.
• Other duties and/or projects as assigned.
• Adheres to HMH Organizational competencies and standards of behavior.Qualifications: Education, Knowledge, Skills and Abilities Required:
  • Bachelor's degree in business information systems, information security, cybersecurity, etc., or related degree.Work experience may be substituted.
  • Minimum of 10 years of general IT experience with at least 8 years' of that experience in IT security.
  • Experience working with system owners to remediate identified vulnerabilities.
  • Technical experience with networks, operating systems (i.e., Windows, Linux), applications, etc.
  • In depth knowledge of and experience deploying and operating one of the following (or comparable) Vulnerability Management tools: Nessus / Tenable, Qualys, adn/or Nexpose Insight VM.
  • Experience in one or more of the following: successful implementation of business relevant measures of Information Security effectiveness; and/or iInvolvement in security incident investigation and resolution.
  • Experience working with one or more Information Security frameworks (HIPAA, NIST, PCI, etc.) and industry better practices.
  • Experience working in hospital environments/with healthcare related information systems (electronic medical records systems, clinical systems, etc.).
  • Strong knowledge of industry standards regarding vulnerability management (i.e., Common Vulnerability Scoring System (CVSS), Common Vulnerability and Exposures (CVE)).
  • Experience working with Information Security governance, risk, and compliance better practices and tools.
  • Experience delivering formal presentations.
  • Excellent verbal and written communication skills. Education, Knowledge, Skills and Abilities Preferred:
    • Minimum of 4 years of work experience maintaining and administering a Vulnerability Management Program.
    • Proficient understanding of regulatory and compliance mandates, including but not limited to HIPAA, HITECH, and PCI.
    • Strong knowledge of healthcare environments.
    • Experience working with and configuring vulnerability scans using Nessus / Tenable.
    • Experience with IT ticketing solutions (e.g., FootPrints, ServiceNow, etc.). Licenses and Certifications Preferred:
      • Certified Information Systems Security Professional (CISSP).
      • Vendor certifications in Vulnerability Management products.

Keywords: Hackensack Meridian Health, New York , Info Security Analyst IV, Vulnerability Management, Executive , Edison, New York