Info Security Analyst III, Vulnerability Management at Hackensack University Medical Center in Edison, NJ
Overview How have YOU impacted someone's life today? At Hackensack Meridian Health our teams are focused on changing the lives of our patients by providing the highest level of care each and every day. From our hospitals, rehab centers and occupational health teams to our long-term care centers and at-home care capabilities, our complete spectrum of services will allow you to apply your skills in multiple settings while building your career, all within New Jersey's premier healthcare system. The Vulnerability Management (VM) Program's objective is to reduce Hackensack Meridian Health's (HMH) risk profile through the proactive identification, prioritization, and remediation of vulnerabilities in a systematic and comprehensive manner across systems (Host, Application, Database, etc.). The Information Security Analyst III, Vulnerability Management is responsible for handling the day-to-day operations of the Vulnerability Management service. This includes reviewing scheduled scan performance, reviewing and prioritizing scan results, regularly consuming threat and vulnerability intelligence, creating remediation tickets and assigning them to teams across HMH, and generating and distributing reports. Works closely with the Vulnerability Management Tool and coordinates with the Vulnerability Management Manager, Info Security Analyst IV, Vulnerability Management, Operations, Applications, and Infrastructure teams. This individual reports directly to the Vulnerability Management Manager. Responsibilities A day in the life of a Info Security Analyst III, Vulnerability Management at Hackensack Meridian Health includes:
Consumes external vulnerability and threat intelligence to stay up to date on industry trends and emerging risks that could impact HMH. Documents threats and vulnerabilities in the context of HMH and communicates them to the Vulnerability Management team. Performs initial investigation and triaging of tickets assigned to the Vulnerability Management team. Escalates tickets to Info Security Analyst IV, Vulnerability Management and/or Vulnerability Management Manager as needed. Assesses and triages vulnerability scan results based on risk assessments, CVSS, vulnerability intelligence, and enterprise/environment context. Tracks and reports vulnerability management metrics based upon remediated vulnerabilities. Works in conjunction with Application and System Owners in the remediation and exception processes for identified vulnerabilities. Coordinates regular and emergency vulnerability remediation processes with Patch Management, systems owners, and Change Management. Serves as the initial point of contact and troubleshooting resource for issues/errors resulting from scanning activities. Creates, modifies, and maintains policy, process, procedure, standards, and training documentation relevant to supporting the various technologies used by the Vulnerability Management team. Creates and executes ad hoc and scheduled vulnerability scans. Reviews service requests regarding scanning activities and determines initial steps for remediation or where/whom to route them. Assists in planning, design, implementation, testing, and operation of vulnerability management tools, processes, and systems. Monitors vulnerability scan results to determine effectiveness and overall scan health. Other duties and/or projects as assigned. Adheres to HMH Organizational competencies and standards of behavior. Qualifications Education, Knowledge, Skills and Abilities Required:
Bachelor's degree in business information systems, information security, cybersecurity, etc., or related degree.Work experience may be substituted. Minimum of 7 years of general IT experience with at least 5 years' of that experience in IT security. Technical experience with networks, operating systems (i.e., Windows, Linux), applications, etc. Understanding of vulnerability management goals, processes, and procedures. Knowledge of one or more Information Security frameworks (HIPAA, NIST, PCI, etc.) and industry better practices. Understanding of industry standards regarding vulnerability management (i.e., Common Vulnerability Scoring System (CVSS), Common Vulnerability and Exposures (CVE)). Familiarity with Information Security governance, risk, and compliance better practices and tools. Experience delivering formal presentations. Excellent verbal and written communication skills. Education, Knowledge, Skills and Abilities Preferred:
Preferred 2 years of that experience in Vulnerability Management. Understanding of regulatory and compliance mandates, including but not limited to HIPAA, HITECH, and PCI. Strong knowledge of healthcare environments. Experience and/or knowledge of one of the following Vulnerability Management tools:
Nessus / Tenable, Qualys, and/or Nexpose Insight VM. Experience in one or more of the following:
successful implementation of business relevant measures of Information Security effectiveness; and/or involvement in security incident investigation and resolution. Experience with IT ticketing solutions (e.g., FootPrints, ServiceNow, etc.). Licenses and Certifications Preferred:
Vendor certifications in Vulnerability Management products. Our Network Hackensack Meridian Health (HMH) is a Mandatory COVID-19 and Influenza Vaccination Facility As a courtesy to assist you in your job search, we would like to send your resume to other areas of our Hackensack Meridian Health network who may have current openings that fit your skills and experience.
Salary Range:
$100K -- $150K
Minimum Qualification
IT SecurityEstimated Salary: $20 to $28 per hour based on qualifications.
Consumes external vulnerability and threat intelligence to stay up to date on industry trends and emerging risks that could impact HMH. Documents threats and vulnerabilities in the context of HMH and communicates them to the Vulnerability Management team. Performs initial investigation and triaging of tickets assigned to the Vulnerability Management team. Escalates tickets to Info Security Analyst IV, Vulnerability Management and/or Vulnerability Management Manager as needed. Assesses and triages vulnerability scan results based on risk assessments, CVSS, vulnerability intelligence, and enterprise/environment context. Tracks and reports vulnerability management metrics based upon remediated vulnerabilities. Works in conjunction with Application and System Owners in the remediation and exception processes for identified vulnerabilities. Coordinates regular and emergency vulnerability remediation processes with Patch Management, systems owners, and Change Management. Serves as the initial point of contact and troubleshooting resource for issues/errors resulting from scanning activities. Creates, modifies, and maintains policy, process, procedure, standards, and training documentation relevant to supporting the various technologies used by the Vulnerability Management team. Creates and executes ad hoc and scheduled vulnerability scans. Reviews service requests regarding scanning activities and determines initial steps for remediation or where/whom to route them. Assists in planning, design, implementation, testing, and operation of vulnerability management tools, processes, and systems. Monitors vulnerability scan results to determine effectiveness and overall scan health. Other duties and/or projects as assigned. Adheres to HMH Organizational competencies and standards of behavior. Qualifications Education, Knowledge, Skills and Abilities Required:
Bachelor's degree in business information systems, information security, cybersecurity, etc., or related degree.Work experience may be substituted. Minimum of 7 years of general IT experience with at least 5 years' of that experience in IT security. Technical experience with networks, operating systems (i.e., Windows, Linux), applications, etc. Understanding of vulnerability management goals, processes, and procedures. Knowledge of one or more Information Security frameworks (HIPAA, NIST, PCI, etc.) and industry better practices. Understanding of industry standards regarding vulnerability management (i.e., Common Vulnerability Scoring System (CVSS), Common Vulnerability and Exposures (CVE)). Familiarity with Information Security governance, risk, and compliance better practices and tools. Experience delivering formal presentations. Excellent verbal and written communication skills. Education, Knowledge, Skills and Abilities Preferred:
Preferred 2 years of that experience in Vulnerability Management. Understanding of regulatory and compliance mandates, including but not limited to HIPAA, HITECH, and PCI. Strong knowledge of healthcare environments. Experience and/or knowledge of one of the following Vulnerability Management tools:
Nessus / Tenable, Qualys, and/or Nexpose Insight VM. Experience in one or more of the following:
successful implementation of business relevant measures of Information Security effectiveness; and/or involvement in security incident investigation and resolution. Experience with IT ticketing solutions (e.g., FootPrints, ServiceNow, etc.). Licenses and Certifications Preferred:
Vendor certifications in Vulnerability Management products. Our Network Hackensack Meridian Health (HMH) is a Mandatory COVID-19 and Influenza Vaccination Facility As a courtesy to assist you in your job search, we would like to send your resume to other areas of our Hackensack Meridian Health network who may have current openings that fit your skills and experience.
Salary Range:
$100K -- $150K
Minimum Qualification
IT SecurityEstimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
