Info Security Analyst IV, Vulnerability Management
Company: Hackensack Meridian Health
Location: Edison
Posted on: August 7, 2022
Job Description:
Description: How have -YOU -impacted someone's life today? At
-Hackensack Meridian -Health -our teams are focused on changing the
lives of our patients by providing the highest level of care each
and every day. From our hospitals, rehab centers and occupational
health teams to our long-term care centers and at-home care
capabilities, our complete spectrum of services will allow you to
apply your skills in multiple settings while building your career,
all within New Jersey's premier healthcare system. - -The
Vulnerability Management (VM) Program's objective is to reduce
Hackensack Meridian Health's (HMH) risk profile through the
proactive identification, prioritization, and remediation of
vulnerabilities in a systematic and comprehensive manner across
systems (Host, Application, Database, etc.). The Information
Security Analyst IV, Vulnerability Management is responsible for
handling the day-to-day operations of the Vulnerability Management
service. This includes reviewing scheduled scan performance,
reviewing and prioritizing scan results, regularly consuming threat
and vulnerability intelligence, creating remediation tickets and
assigning them to teams across HMH, and generating and distributing
reports. Works closely with the Vulnerability Management Tool and
coordinates with the Vulnerability Management Manager, Info
Security Analyst III, Vulnerability Management, Operations,
Applications, and Infrastructure teams. This individual reports
directly to the Vulnerability Management Manager. -This is a hybrid
position(50/50) and the office is located in Edison, NJ.
-Responsibilties: A day in the life of a -Info Security Analyst IV,
Vulnerability Management at Hackensack Meridian -Health
-includes:
- Architects vulnerability scanning processes at the direction of
the Vulnerability Management Manager. Oversees planning, design,
implementation, testing, and operation of Vulnerability Management
tools, processes, and systems. Maintains relationships with
management and vendors to develop and implement new Vulnerability
Management solutions to meet business requirements.
- Leads ongoing Vulnerability Management optimization efforts and
projects (e.g., scan scope expansion and validation, management of
scanners, enhanced automation, etc.)
- Consumes external vulnerability and threat intelligence to stay
up to date on industry trends and determines how they impact
HMH.
- Identifies new assets/subnets to incorporate into vulnerability
scans and routes findings to respective infrastructure teams for
verification.
- Monitors and maintains overall vulnerability system (scanners,
appliances, agents, etc.) health and addresses issues when
discovered. Prepares and performs updates to Vulnerability
Management related tools when released.
- Serves as an escalation point and troubleshooting resource for
issues/errors resulting from scanning activities.
- Mentors junior Vulnerability Management team members, IT staff,
and other teams regarding Vulnerability Management tools and
processes.
- Assists in reviewing proposed new systems and network designs
for potential security risks and vulnerability scanning
configuration needs; implement mitigation or countermeasures and
resolve integration issues related to the implementation of new
systems within the existing infrastructure.
- Advises the leadership team on the appropriate administration
of Vulnerability Management standards, assisting them in developing
plans within their business units to manage these risks effectively
by understanding the fundamental aspects of their business
objectives. -
- Researches, evaluates and recommends vulnerability management
solutions to maintain a strong security posture, including
developing business cases for security investments.
- Assesses and triages vulnerability scan results based on risk
assessments, CVSS, vulnerability intelligence, and
enterprise/environment context.
- Assists in the development and monitoring of program specific
metrics and KPIs.
- Performs investigation and remediation of tickets assigned to
the Vulnerability Management team.
- Other duties and/or projects as assigned.
- Adheres to HMH Organizational competencies and standards of
behavior.Qualifications: Education, Knowledge, Skills and Abilities
Required:
- Bachelor's degree in business information systems, information
security, cybersecurity, etc., or related degree.Work experience
may be substituted.
- Minimum of 10 years of general IT experience with at least 8
years' of that experience in IT security.
- Experience working with system owners to remediate identified
vulnerabilities.
- Technical experience with networks, operating systems (i.e.,
Windows, Linux), applications, etc.
- In depth knowledge of and experience deploying and operating
one of the following (or comparable) Vulnerability Management
tools: Nessus / Tenable, Qualys, adn/or Nexpose Insight VM.
- Experience in one or more of the following: successful
implementation of business relevant measures of Information
Security effectiveness; and/or iInvolvement in security incident
investigation and resolution.
- Experience working with one or more Information Security
frameworks (HIPAA, NIST, PCI, etc.) and industry better
practices.
- Experience working in hospital environments/with healthcare
related information systems (electronic medical records systems,
clinical systems, etc.).
- Strong knowledge of industry standards regarding vulnerability
management (i.e., Common Vulnerability Scoring System (CVSS),
Common Vulnerability and Exposures (CVE)).
- Experience working with Information Security governance, risk,
and compliance better practices and tools.
- Experience delivering formal presentations.
- Excellent verbal and written communication skills. Education,
Knowledge, Skills and Abilities Preferred:
- Minimum of 4 years of work experience maintaining and
administering a Vulnerability Management Program.
- Proficient understanding of regulatory and compliance mandates,
including but not limited to HIPAA, HITECH, and PCI.
- Strong knowledge of healthcare environments.
- Experience working with and configuring vulnerability scans
using Nessus / Tenable.
- Experience with IT ticketing solutions (e.g., FootPrints,
ServiceNow, etc.). Licenses and Certifications Preferred:
- Certified Information Systems Security Professional
(CISSP).
- Vendor certifications in Vulnerability Management
products.
Keywords: Hackensack Meridian Health, New York , Info Security Analyst IV, Vulnerability Management, Executive , Edison, New York
Didn't find what you're looking for? Search again!
Loading more jobs...