It - Cybersecurity Analyst Iv, Vulnerability Management - Digital Technology Services

Hackensack Meridian Health - Edison, NJ

posted 4 months ago

Full-time - Mid Level
Edison, NJ
Hospitals

About the position

The Cybersecurity Analyst IV, Vulnerability Management (VM) at Hackensack Meridian Health plays a crucial role in enhancing the organization's cybersecurity posture by managing the day-to-day operations of the Vulnerability Management service. This position is integral to the proactive identification, prioritization, and remediation of vulnerabilities across various systems, including hosts, applications, and databases. The primary objective of the VM Program is to systematically reduce the risk profile of Hackensack Meridian Health through comprehensive vulnerability management practices. In this role, the Cybersecurity Analyst IV will be responsible for overseeing the planning, design, implementation, testing, and operation of Vulnerability Management tools and processes. This includes maintaining relationships with management and vendors to develop and implement new solutions that meet business requirements. The analyst will lead ongoing optimization efforts and projects, such as expanding scan scopes, managing scanners, and enhancing automation. Staying informed about external vulnerability and threat intelligence is essential, as it allows the analyst to assess how industry trends impact the organization. The position requires the identification of new assets and subnets for vulnerability scans, monitoring the health of vulnerability systems, and addressing any issues that arise. The analyst will also serve as an escalation point for troubleshooting scanning-related issues and will mentor junior team members and IT staff on Vulnerability Management tools and processes. Additionally, the analyst will assist in reviewing new systems and network designs for potential cybersecurity risks and will advise leadership on managing these risks effectively. The Cybersecurity Analyst IV will also be involved in researching and recommending vulnerability management solutions, assessing vulnerability scan results based on risk assessments, and developing program-specific metrics and KPIs. This role is vital in ensuring that Hackensack Meridian Health maintains a strong cybersecurity posture and adheres to organizational competencies and standards of behavior.

Responsibilities

  • Architects vulnerability scanning processes at the direction of the Vulnerability Management Manager.
  • Oversees planning, design, implementation, testing, and operation of Vulnerability Management tools, processes, and systems.
  • Maintains relationships with management and vendors to develop and implement new Vulnerability Management solutions to meet business requirements.
  • Leads ongoing Vulnerability Management optimization efforts and projects (e.g., scan scope expansion and validation, management of scanners, enhanced automation, etc.).
  • Consumes external vulnerability and threat intelligence to stay up to date on industry trends and determines how they impact HMH.
  • Identifies new assets/subnets to incorporate into vulnerability scans and routes findings to respective infrastructure teams for verification.
  • Monitors and maintains overall vulnerability system (scanners, appliances, agents, etc.) health and addresses issues when discovered.
  • Prepares and performs updates to Vulnerability Management related tools when released.
  • Serves as an escalation point and troubleshooting resource for issues/errors resulting from scanning activities.
  • Mentors junior Vulnerability Management team members, IT staff, and other teams regarding Vulnerability Management tools and processes.
  • Assists in reviewing proposed new systems and network designs for potential cybersecurity risks and vulnerability scanning configuration needs; implement mitigation or countermeasures and resolve integration issues related to the implementation of new systems within the existing infrastructure.
  • Advises the leadership team on the appropriate administration of Vulnerability Management standards, assisting them in developing plans within their business units to manage these risks effectively by understanding the fundamental aspects of their business objectives.
  • Researches, evaluates and recommends vulnerability management solutions to maintain a strong cybersecurity posture, including developing business cases for cybersecurity investments.
  • Assesses and triages vulnerability scan results based on risk assessments, CVSS, vulnerability intelligence, and enterprise/environment context.
  • Assists in the development and monitoring of program specific metrics and KPIs.
  • Performs investigation and remediation of tickets assigned to the Vulnerability Management team.
  • Other duties and/or projects as assigned.

Requirements

  • Bachelor's degree in business information systems, cybersecurity, or related degree (work experience may be substituted).
  • Minimum of 10 years of general IT experience with at least 8 years in cybersecurity.
  • Experience working with system owners to remediate identified vulnerabilities.
  • Technical experience with networks, operating systems (i.e., Windows, Linux), applications, etc.
  • In-depth knowledge of and experience deploying and operating one of the following (or comparable) Vulnerability Management tools: Nessus / Tenable, Qualys, and/or Nexpose Insight VM.
  • Experience in one or more of the following: successful implementation of business relevant measures of cybersecurity effectiveness; and/or involvement in cybersecurity incident investigation and resolution.
  • Experience working with one or more cybersecurity frameworks (HIPAA, NIST, PCI, etc.) and industry best practices.
  • Experience working in hospital environments/with healthcare related information systems (electronic medical records systems, clinical systems, etc.).
  • Strong knowledge of industry standards regarding vulnerability management (i.e., Common Vulnerability Scoring System (CVSS), Common Vulnerability and Exposures (CVE)).
  • Experience working with cybersecurity governance, risk, and compliance best practices and tools.
  • Experience delivering formal presentations.
  • Excellent verbal and written communication skills.

Nice-to-haves

  • Minimum of 4 years of work experience maintaining and administering a Vulnerability Management Program.
  • Proficient understanding of regulatory and compliance mandates, including but not limited to HIPAA, HITECH, and PCI.
  • Strong knowledge of healthcare environments.
  • Experience working with and configuring vulnerability scans using Nessus / Tenable.
  • Experience with IT ticketing solutions (e.g., FootPrints, ServiceNow, etc.).

Benefits

  • Competitive benefits package
  • Supportive work culture
  • Opportunities for professional development
  • Community engagement initiatives

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service