Jobs · Business Development · Michigan

Sr. Vulnerability Analyst

Henry Ford Health · Detroit, MI · 2 mo ago
Business DevelopmentFull-time

About the role

The Senior Vulnerability Analyst is a key role in advancing vulnerability management throughout the HFHS enterprise through technical expertise with a focus on threat intelligence, vulnerability management, and offensive security. The Senior Vulnerability Analyst works collaboratively to support the identification, assessment, mitigation, and monitoring of vulnerabilities by utilizing various security tools and other techniques.

Responsibilities

  • Independently develop assessment plans, support, or lead projects.
  • Manage the activities of security personnel focused on aspects of the Threat and Vulnerability Management program.
  • Collaborate with IT to ensure vulnerability management and policy compliance security programs and technical controls are compliant with policies, applicable laws, and regulations.

Requirements

  • Bachelor's degree in business administration, Engineering, Information Systems, Information Assurance or closely related field, required.
  • Minimum seven (7) years of related IT or security experience, which includes five (5) years of direct information security experience, and a minimum of one (1) year experience directly related to offensive testing and/or threat assessment.
  • Strong working experience and understanding of industry leading vulnerability management tools. CISSP, CISM, or CISA is recommended. OSCP, CRTO, or other offensive testing certification is recommended.
  • Experience providing working knowledge and skills in the following: Security laws, mandates, standards, and best practices (i.e., HIPAA, ISO, ACA, DFIS, NACHA, Payor customer group security requirements, PCI, HITECH, GLB, etc.).
  • Demonstratable relevant work experience within information security including the areas of operational / technology auditing & risk, offensive testing, threat assessment, and vulnerability management.
  • Experience or knowledge of technical and operational, business and healthcare environment preferably Payor related healthcare activities.
  • Familiarity with national security standards, business continuity, disaster recover, auditing, risk management, vulnerability assessments, regulatory compliance, and incident management.
  • Strong understanding of project management and information technology background. Good analytical, organizational, verbal, and written communication skills. Ability to solve problems in a dynamic team environment and handle multiple assignments in a timely manner.
  • Experience in conflict management skills necessary to resolve issues where corporate areas disagree.
  • Ability to effectively interface with various levels of management internally and as well as contacts outside the organization.
  • Must be able to travel to other HFHS and Subsidiary facilities and vendor sites to meet with operating or audit personnel.
  • A service focused team player who can lead and mentor team members. Excellent customer service and interpersonal skills demonstrated both over the phone and face-to-face to communicate technical information in non-technical terms.
  • Consensus building and collaborative interpersonal skills. Good presentation skills.
  • Ability to work under pressure, establish priorities and respond with urgency.
  • Self-motivated with excellent verbal and written skills.

Qualifications

  • Education: Bachelor's degree in business administration, Engineering, Information Systems, Information Assurance or closely related field, required.
  • Experience: Minimum seven (7) years of related IT or security experience, which includes five (5) years of direct information security experience, and a minimum of one (1) year experience directly related to offensive testing and/or threat assessment.
  • Technical Skills: Strong working experience and understanding of industry leading vulnerability management tools. CISSP, CISM, or CISA is recommended. OSCP, CRTO, or other offensive testing certification is recommended.
  • Security Knowledge: Experience or knowledge of security laws, mandates, standards, and best practices (i.e., HIPAA, ISO, ACA, DFIS, NACHA, Payor customer group security requirements, PCI, HITECH, GLB, etc.).
  • Project Management: Strong understanding of project management and information technology background. Good analytical, organizational, verbal, and written communication skills. Ability to solve problems in a dynamic team environment and handle multiple assignments in a timely manner.
  • Interpersonal Skills: Experience in conflict management skills necessary to resolve issues where corporate areas disagree. Ability to effectively interface with various levels of management internally and as well as contacts outside the organization.
  • Travel: Must be able to travel to other HFHS and Subsidiary facilities and vendor sites to meet with operating or audit personnel.
  • Leadership: A service focused team player who can lead and mentor team members. Excellent customer service and interpersonal skills demonstrated both over the phone and face-to-face to communicate technical information in non-technical terms.
  • Work Ethic: Consensus building and collaborative interpersonal skills. Good presentation skills. Ability to work under pressure, establish priorities and respond with urgency. Self-motivated with excellent verbal and written skills.

Skills

  • Security Laws, Mandates, Standards, and Best Practices: HIPAA, ISO, ACA, DFIS, NACHA, Payor customer group security requirements, PCI, HITECH, GLB, etc.
  • Offensive Testing and Threat Assessment: CISSP, CISM, CISA, OSCP, CRTO, or other offensive testing certifications.
  • Project Management: Strong understanding of project management and information technology background.
  • Communication: Good analytical, organizational, verbal, and written communication skills.
  • Conflict Resolution: Experience in conflict management skills necessary to resolve issues where corporate areas disagree.
  • Team Leadership: A service focused team player who can lead and mentor team members.
  • Customer Service: Excellent customer service and interpersonal skills demonstrated both over the phone and face-to-face to communicate technical information in non-technical terms.
  • Work Ethic: Self-motivated with excellent verbal and written skills.

Benefits

The health and overall well-being of our team members is our priority. That’s why we offer support in the various components of our team’s well-being: physical, emotional, social, financial and spiritual. Our Total Rewards program includes competitive health plan options, with three consumer-driven health plans (CDHPs), a PPO plan and an HMO plan. Our team members enjoy a number of additional benefits, ranging from dental and eye care coverage to tuition assistance, family forming benefits, discounts to dozens of businesses and more. Employees classified as contingent status are not eligible for benefits.

Pay

Details about pay will be provided during the interview process.

Schedule

Details about schedule will be provided during the interview process.

Similar jobs