Senior Vulnerability Analyst is a key role in advancing vulnerability management throughout the HFHS enterprise through technical expertise with a focus on threat intelligence, vulnerability management, and offensive security. The Senior Vulnerability Analyst works collaboratively to support the identification, assessment, mitigation, and monitoring of vulnerabilities by utilizing various security tools and other techniques. The Senior Vulnerability Analyst independently develops assessment plans, supports, or leads projects, and may also manage the activities of security personnel that are focused on aspects of the Threat and Vulnerability Management program. The Senior Vulnerability Analyst reports to the Vulnerability Management Services Manager. In conjunction the Senior Vulnerability Analyst works in a collaborative effort with IT to assure vulnerability management and policy compliance security programs and technical controls are compliant with policies, applicable laws, and regulations.
EDUCATION AND EXPERIENCE: - Bachelor's degree in business administration, Engineering, and Information Systems, Information Assurance or closely related field, required
- Minimum seven (7) years of related IT or security experience, which includes five (5) years of direct information security experience, and a minimum of one (1) year experience directly related to offensive testing and/or threat assessment.
- Strong working experience and understanding of industry leading vulnerability management tools. CISSP, CISM, or CISA is recommended. OSCP, CRTO, or other offensive testing certification is recommended.
- Experience providing working knowledge and skills in the following: Security laws, mandates, standards, and best practices (i.e., HIPAA, ISO, ACA, DFIS, NACHA, Payor customer group security requirements, PCI, HITECH, GLB, etc.).
- Demonstratable relevant work experience within information security including the areas of operational / technology auditing & risk, offensive testing, threat assessment, and vulnerability management.
- Experience or knowledge of technical and operational, business and healthcare environment preferably Payor related healthcare activities.
- Familiarity with national security standards, business continuity, disaster recover, auditing, risk management, vulnerability assessments, regulatory compliance, and incident management.
- Strong understanding of project management and information technology background. Good analytical, organizational, verbal, and written communication skills. Ability to solve problems in a dynamic team environment and handle multiple assignments in a timely manner.
- Experience in conflict management skills necessary to resolve issues where corporate areas disagree.
- Ability to effectively interface with various levels of management internally and as well as contacts outside the organization.
- Must be able to travel to other HFHS and Subsidiary facilities and vendor sites to meet with operating or audit personnel.
- A service focused team player who can lead and mentor team members. Excellent customer service and interpersonal skills demonstrated both over the phone and face-to-face to communicate technical information in non-technical terms.
- Consensus building and collaborative interpersonal skills. Good presentation skills.
- Ability to work under pressure, establish priorities and respond with urgency.
- Self-motivated with excellent verbal and written skills.
