Job Information
Hackensack Meridian Health IT - Cybersecurity Analyst IV, Vulnerability Management - Digital Technology Services in Edison, New Jersey
Overview
Our team members are the heart of what makes us better.
At Hackensack Meridian Health we help our patients live better, healthier lives — and we help one another to succeed. With a culture rooted in connection and collaboration, our employees are team members. Here, competitive benefits are just the beginning. It’s also about how we support one another and how we show up for our community.
Together, we keep getting better - advancing our mission to transform healthcare and serve as a leader of positive change.
The Vulnerability Management (VM) Program's objective is to reduce Hackensack Meridian Health's (HMH) risk profile through the proactive identification, prioritization, and remediation of vulnerabilities in a systematic and comprehensive manner across systems (Host, Application, Database, etc.). The Cybersecurity Analyst IV, VM is responsible for handling the day-to-day operations of the Vulnerability Management service. This includes reviewing scheduled scan performance, reviewing and prioritizing scan results, regularly consuming threat and vulnerability intelligence, creating remediation tickets and assigning them to teams across HMH, and generating and distributing reports. Works closely with the Cybersecurity, Patch Management, Operations, Applications, and Infrastructure teams. This individual reports directly to the Manager, Vulnerability/Patch Management.
This is mostly a remote position and you will need to come into the Edison, NJ office 2-4 times a year, unless there is a a reason for the team members to be onsite (DTS event, troubleshooting event/incident, etc.).
Responsibilities
A day in the life of a Vulnerability Management (VM) at Hackensack Meridian Health includes:
Architects vulnerability scanning processes at the direction of the Vulnerability Management Manager. Oversees planning, design, implementation, testing, and operation of Vulnerability Management tools, processes, and systems. Maintains relationships with management and vendors to develop and implement new Vulnerability Management solutions to meet business requirements.
Leads ongoing Vulnerability Management optimization efforts and projects (e.g., scan scope expansion and validation, management of scanners, enhanced automation, etc.)
Consumes external vulnerability and threat intelligence to stay up to date on industry trends and determines how they impact HMH.
Identifies new assets/subnets to incorporate into vulnerability scans and routes findings to respective infrastructure teams for verification.
Monitors and maintains overall vulnerability system (scanners, appliances, agents, etc.) health and addresses issues when discovered. Prepares and performs updates to Vulnerability Management related tools when released.
Serves as an escalation point and troubleshooting resource for issues/errors resulting from scanning activities.
Mentors junior Vulnerability Management team members, IT staff, and other teams regarding Vulnerability Management tools and processes.
Assists in reviewing proposed new systems and network designs for potential cybersecurity risks and vulnerability scanning configuration needs; implement mitigation or countermeasures and resolve integration issues related to the implementation of new systems within the existing infrastructure.
Advises the leadership team on the appropriate administration of Vulnerability Management standards, assisting them in developing plans within their business units to manage these risks effectively by understanding the fundamental aspects of their business objectives.
Researches, evaluates and recommends vulnerability management solutions to maintain a strong cybersecurity posture, including developing business cases for cybersecurity investments.
Assesses and triages vulnerability scan results based on risk assessments, CVSS, vulnerability intelligence, and enterprise/environment context.
Assists in the development and monitoring of program specific metrics and KPIs.
Performs investigation and remediation of tickets assigned to the Vulnerability Management team.
Other duties and/or projects as assigned.
Adheres to HMH Organizational competencies and standards of behavior.
Qualifications
Education, Knowledge, Skills and Abilities Required:
Bachelor's degree in business information systems, cybersecurity, etc., or related degree.Work experience may be substituted.
Minimum of 10 years of general IT experience with at least 8 years of that experience in cybersecurity.
Experience working with system owners to remediate identified vulnerabilities.
Technical experience with networks, operating systems (i.e., Windows, Linux), applications, etc.
In depth knowledge of and experience deploying and operating one of the following (or comparable) Vulnerability Management tools: Nessus / Tenable, Qualys, and/or Nexpose Insight VM.
Experience in one or more of the following: successful implementation of business relevant measures of cybersecurity effectiveness; and/or involvement in cybersecurity incident investigation and resolution.
Experience working with one or more cybersecurity frameworks (HIPAA, NIST, PCI, etc.) and industry better practices.
Experience working in hospital environments/with healthcare related information systems (electronic medical records systems, clinical systems, etc.).
Strong knowledge of industry standards regarding vulnerability management (i.e., Common Vulnerability Scoring System (CVSS), Common Vulnerability and Exposures (CVE)).
Experience working with cybersecurity governance, risk, and compliance better practices and tools.
Experience delivering formal presentations.
Excellent verbal and written communication skills.
Education, Knowledge, Skills and Abilities Preferred:
Minimum of 4 years of work experience maintaining and administering a Vulnerability Management Program.
Proficient understanding of regulatory and compliance mandates, including but not limited to HIPAA, HITECH, and PCI.
Strong knowledge of healthcare environments.
Experience working with and configuring vulnerability scans using Nessus / Tenable.
Experience with IT ticketing solutions (e.g., FootPrints, ServiceNow, etc.).
Licenses and Certifications Preferred:
Certified Information Systems Security Professional (CISSP).
Vendor certifications in Vulnerability Management products.
If you feel that the above description speaks directly to your strengths and capabilities, then please apply today!
Job ID 2024-150653
Department DTS-Cybersecurity
Site HMH Hospitals Corporation
Job Location US-NJ-Edison
Position Type Full Time with Benefits
Standard Hours Per Week 40
Shift Day
Shift Hours Day
Weekend Work Weekends as Needed
On Call Work On-Call Commitment Required
Holiday Work As Needed
