Job DescriptionOur cybersecurity team is essential in safeguarding UCM's digital environment by proactively identifying and addressing security risks. We are seeking a mid-level professional to join our Vulnerability Management & Offensive Security (VMOS) team, where you will gain hands-on experience in vulnerability management, penetration testing, and offensive security operations within a supportive and collaborative environment.
In this role, you will assist with managing internal and external attack surfaces, running vulnerability scans, triaging scan results, and working alongside asset and application owners to help remediate security issues. You will also support penetration testing activities and participate in red and purple team exercises to develop your offensive security skills. This position offers a strong foundation for a career in cybersecurity within a complex healthcare setting.
Essential Job Functions:- Assist in executing vulnerability scans and monitoring scan results.
- Support triaging and prioritizing vulnerabilities for remediation.
- Identify asset and application owners and coordinate patching efforts.
- Assess and communicate vulnerability risk.
- Participate in vulnerability validation and testing.
- Contribute to red team and purple team exercises.
- Document findings and assist in preparing reports.
- Maintain scanning application configuration.
- Collaborate with team members and other departments to improve security.
- Stay informed about basic cybersecurity threats and vulnerabilities.
- Manage and maintain exceptions for scanning and vulnerability patching.
Required Qualifications:- Bachelor's degree in Computer Science, Information Security, or related field, or equivalent internship/work experience.
- 3 to 5 years of experience in vulnerability management.
- Well-rounded understanding of vulnerability management concepts.
- Familiarity with network protocols, operating systems, and web technologies.
- Strong analytical and communication skills.
- Experience with vulnerability management and scanning tools.
Preferred Qualifications- Relevant security related certifications (e.g., Security+, CEH)
- Experience with Rapid7
- Eagerness to learn and grow in offensive security
Position Details- Job Type/FTE: Full Time (1.0 FTE)
- Shift: Day
- Location: Remote
- Unit/Department: Information Security
- CBA Code: Non-Union
Compensation & Benefits OverviewUChicago Medicine is committed to transparency in compensation and benefits. The pay range provided reflects the anticipated wage or salary reasonably expected to be offered for the position.
The pay range is based on a full-time equivalent (1.0 FTE) and is reflective of current market data, reviewed on an annual basis. Compensation offered at the time of hire will vary based on candidate qualifications and experience and organizational considerations, such as internal equity. Pay ranges for employees subject to Collective Bargaining Agreements are negotiated by the medical center and their respective union.
Review the full complement of benefit options for eligible roles at Benefits - UChicago Medicine.