POSITION SUMMARY
Unique opportunity for the ideal candidate with 3+ years’ experience in and understanding of Database and Big Data environments with affinity for cybersecurity / vulnerability and risk management.
This role resides within the Infrastructure Governance Strategy / Vulnerability Management (IGS / VM) team supporting overall Global Infrastructure teams.
We partner and work directly with our Information Protection organization in support of a vast array of infrastructure technology teams all sharing the common goal to continuously improve our security posture through proactive risk assessments, analysis and solutions.
The team’s mission is to identify system weaknesses with the ultimate purpose of reducing risk in a prioritized manner.
The ideal candidate will identify security issues and drive mitigation prioritization through excellent analytical, engineering, communication, and technical skills, partner with asset owners to ensure the stability of our infrastructure and drive continuous improvement in our patching and lifecycle processes.
This role will be required to display engineering excellence utilizing and maintaining a diverse set of vulnerability assessment tools and techniques.
In addition to performing assessments the role requires active participation in the vulnerability management process, collaborating with key stakeholders to drive secure design and solutions.
ESSENTIAL FUNCTIONS
- Partner with Infrastructure Database and Big Data teams to address vulnerabilities discovered during assessments and scans.
- Provide recommendations on opportunities to automate, orchestrate, or otherwise improve established security processes, including detection and assessment of vulnerabilities.
- Enable infrastructure, platform, and application teams to drive a stronger security posture, by leveraging security and vulnerability management tools like ServiceNow SecOps, Tenable, Prisma, Guardium and others such as GSC platforms such as OnSpring.
- Understanding of vulnerability assessments across all layers of the network / host / application / database stack.
- Ability to think like an attacker and partner with key stakeholders to develop defensive controls and hardening configurations.
- Provide vulnerability scanning and remediation guidance, false positive validation, compliance scanning and policy and standard creation.
- Demonstrate strong technical / analytical skills while providing accurate analysis of security-related findings.
- Collaborate with Stakeholders, Tech lead and Team members to discuss the vulnerabilities and risk and implement remediation and / or mitigating controls in an efficient way.
- Report on risk / vulnerability metrics and trending patterns to drive remediation and / or mitigating controls.
QUALIFICATIONS
- In depth knowledge of vulnerability, configuration management platforms, such as Tenable.SC, Tenable.IO, ServiceNOW SecOps, Prisma, Guardium, Nexpose, Qualys, ForeScout etc.
- Strong knowledge and experience with relational, non-relational and big data databases such as Oracle, MongoDB, PostgreSQL, MSSQL, DB2 z / OS, DB2LUW, Teradata, Hadoop, etc.
- Experience with automation, scripting, and API integrations.
- Understand operational maintenance of production systems, troubleshooting and performance tuning.
- Develop and coach team members and peers at different skill levels.
- Ability to work in an agile culture and manage time effectively.
- Certification in information security (CISSP, OSCP, GWAPT or equivalent) preferred.
- Bachelor’s degree in computer related field preferred.
- 3+ years of relevant working experience; 1+ years of experience focused on cybersecurity, vulnerability / configuration management, risk management, or similar experience.
ABOUT THE DEPARTMENT
Do you enjoy the challenge of defending an enterprise from security breaches? Come put your skills to work at an organization trusted to protect client, patient and company data amid the ever-changing landscape of cyber security threats and risks.
Our cyber defenders are challenged and trusted with maintaining our secure infrastructure day in and day out, while delivering an enterprise computing environment that is resilient to breaches and disruptions.
If you’re as passionate about data security as we are and want to be at the center of our noble mission to make healthcare safer and more affordable, explore our opportunities.