Cerner is seeking an experienced Lead Vulnerability and Threat Analyst to fulfill the role of performing infrastructure and application based security vulnerability assessments and penetration tests in accordance with industry accepted standards and procedures.
The successful candidate will be tasked with analyzing system services, operating systems, networks and applications with the intent of discovering security gaps in an effort to further protect Cerner assets.
In addition, the successful candidate will collaborate with internal teams to assess risks and drive remediation and mitigation of findings as well as providing thought leadership on various security and compliance best practices.
- Bachelor’s degree in CIS, MIS, Information Systems, Information Security, Computer Science, Computer Engineering, Mathematics, Physics or related field, or equivalent relevant work experience
- At least 5 years of Information Technology Security work experience
- Certified Penetration Tester (CWAPT)
- Receipt of the appropriate government security clearance card applicable for your position
- Due to the client contract you will be assigned, this position requires you to be a U.S. citizen
- Experience using vulnerability tools such as or similar to Nessus, Qualys, Rapid7
- Experience with risk and security frameworks such as or similar to HIPAA, HITRUST, or PCI
- CISSP, CISA, or similar certification
- Experience with vulnerability assessment and exploit tools (e.g., Qualys, Nessus, Nexpose, HP Webinspect, Burpsuite Pro, Kali)
- Experience with high level programming languages (e.g., Java, C, C++, .NET (C#, VB))
- Experience with web application development (e.g., PHP, J2EE, JSP, Python, Ruby)
- Experience with service oriented architecture and web services
- Scripting language experience: Python, Ruby, Perl or Go
- Willing to work additional or irregular hours as needed and allowed by local regulations
- Willing to travel up to 20% as needed
- Work in accordance with corporate and organizational security policies and procedures, understand personal role in safeguarding corporate and client assets, and take appropriate action to prevent and report any compromises of security within scope of position
- Perform other responsibilities as assigned.