Information Security Engineer (Remote)
$97,885 - $137,030/Yr
Mayo Clinic - Rochester, MN
posted 18 days ago
Full-time - Entry Level
Remote - Rochester, MN
Hospitals
About the position
The Information Security Engineer at Mayo Clinic plays a crucial role in safeguarding the organization's information systems. This position involves hands-on security research and technical representation within the Office of Information Security (OIS) team, focusing on identifying and mitigating vulnerabilities in IT infrastructure, medical devices, and software applications. The engineer will leverage both automated tools and manual techniques to emulate attacker tactics and ensure the security of Mayo Clinic's digital assets.
Responsibilities
- Apply technical expertise in penetration testing, vulnerability research, red teaming, code auditing, and reverse engineering to perform in-depth security assessments of IT infrastructure (on-prem and cloud), medical devices, and various types of software (including web and mobile applications)
- Identify, understand, and explain the root cause of technical security vulnerabilities and clearly report steps to reproduce a vulnerability
- Develop and recommend technical strategies to mitigate or remediate identified vulnerabilities to asset owners
- Regularly research and learn new TTPs in public and closed forums, and work with teammates to assess risk and implement and validate controls as necessary
- Perform other security-related duties or enhancements as assigned
Requirements
- Basic security testing skills (vulnerability identification, root cause & impact analysis, technical documentation, risk rating, and presentation)
- Good understanding of at least two operating systems (Microsoft Windows, GNU/Linux, Android, macOS, or iOS)
- Familiarity with security tools, including Metasploit Framework, Burp Suite, Frida, Wireshark, and Responder
- Basic understanding of cryptographic primitives
- Basic understanding of system-level concepts
- Understanding of OWASP, NIST CVSS, and the software development lifecycle (SDLC)
- Strong problem-solving and analytical skills
- Have an astute attention to detail
- Highly organized and efficient
- Capacity to work remotely, independently, and be willing to seek advice/assistance
Nice-to-haves
- Experience in at least one programming language (Rust, Go, Java, .NET, C or C++) or one scripting language (Python, PHP, Ruby)
- Experience in testing cloud infrastructures (AWS, GCP)
- Experience in mobile application penetration testing (iOS and Android)
Benefits
- Medical: Multiple plan options
- Dental: Delta Dental or reimbursement account for flexible coverage
- Vision: Affordable plan with national network
- Pre-Tax Savings: HSA and FSAs for eligible expenses
- Retirement: Competitive retirement package to secure your future
