Pennsylvania Medicine
Vulnerability Management Senior Analyst
Pennsylvania Medicine, Phila, Pennsylvania, United States, 19117
Penn Medicine is dedicated to our tripartite mission of providing the highest level of care to patients, conducting innovative research, and educating future leaders in the field of medicine. Working for this leading academic medical center means collaboration with top clinical, technical and business professionals across all disciplines.
Today at Penn Medicine, someone will make a breakthrough. Someone will heal a heart, deliver hopeful news, and give comfort and reassurance. Our employees shape our future each day. Are you living your life's work?
Summary:
The Vulnerability Management Senior Analyst functions as a technical expert that provides support to vulnerability management and remediation teams within the PennMed environment.The role ensures the effective use and distribution of vulnerability-related data through the design of reporting strategies and the creation of reporting artifacts.This role requires the ability to analyze enterprise vulnerability management data and identify trends, problems, and areas of improvement.The successful candidate will have a working knowledge of the data lifecycle, including technical acquisition techniques, data cleanup, quality assessment, normalization, transformation, verification, and reporting.They will provide meaningful insight based on the data that will drive future vulnerability management efforts and provide recommendations to decision makers.The role will work with the other data reporting professionals in information security and services to create consolidated reporting across these areas and to provide specialized reporting to meet specific objectives.Responsibilities:
Analyze and report on enterprise vulnerability management data from multiple sources in various formats as standalone or merged data setsImprove reporting maturity through automation, consolidation, and other techniques as necessaryParticipate in the development of ongoing vulnerability data management strategiesDevelop insights that lead to short- and long-term improvements in the enterprise vulnerability management programCommunicate complex information to stakeholders in a concise and understandable mannerAnalyze data to assist with identifying risk and prioritizing remediation effortsAssist others with developing reporting and providing analysis around enterprise vulnerability dataEnsure that organization's core values and vulture are embedded into all aspects of team's workWork with key stakeholders throughout the organization to build relationships based on an understanding of stakeholder needs and actions consistent with the company's standard of serviceProvide reporting and analysis to demonstrate program effectiveness, drive improvements in maturity and stakeholder awareness, and develop strategic programsWork with third-party providers to assess, report, remediate, and measure the effectiveness of team objectivesEducation or Equivalent Experience:
Bachelor's degree (Required)5+ years of experience in information technologies, especially information security, such as security operations and incident response, regulatory compliance or audit, vulnerability management, security engineering or similar experience. (Required)3+ years of experience with vulnerability management technology, process, and programs. (Required)Experience with penetration testing tools, such as Kali Linux, Responder, NMAP, Wireshark, Aircrack-ng, Maltego, Nikto, etc. (Required)Familiarity with security standards and frameworks such as: HIPAA, PCI DSS, HITRUST, NIST, ISO, etc. (Required)1+ years of experience in healthcare and academia. (Preferred)Information security certifications, such as Security+, Network+, CCNA Security, GSEC, GCIA, GCFA, GPEN, CEH. (Preferred)Skills/Abilities:
Demonstrated leadership, interpersonal and verbal communication skillsDemonstrated written communication skillsExpert knowledge of cybersecurity monitoring and incident response techniques, as applied to cloud, data, applications, platforms, operating systems and network cybersecurityExpert knowledge of cyber defense tools, including VM, SIEM, SOAR, EDR, UEBA, NDR, SWG, SEG, Firewalls, and othersA strong working understanding of cybersecurity architectural principlesAbility to troubleshoot, research and solve technically challenging cyber eventsOrganized, process-oriented and able to manage multiple concurrent work streamsAbility to work within tight timeframes and a fast paced environment with changing prioritiesKnowledge of laws, regulations, and standards relevant to the healthcare industry.
We believe that the best care for our patients starts with the best care for our employees. Our employee benefits programs help our employees get healthy and stay healthy. We offer a comprehensive compensation and benefits program that includes one of the finest prepaid tuition assistance programs in the region. Penn Medicine employees are actively engaged and committed to our mission. Together we will continue to make medical advances that help people live longer, healthier lives.
Live Your Life's Work
We are an Equal Opportunity and Affirmative Action employer. Candidates are considered for employment without regard to race, ethnicity, color, sex, sexual orientation, gender identity, religion, national origin, ancestry, age, disability, marital status, familial status, genetic information, domestic or sexual violence victim status, citizenship status, military status, status as a protected veteran or any other status protected by applicable law.
Today at Penn Medicine, someone will make a breakthrough. Someone will heal a heart, deliver hopeful news, and give comfort and reassurance. Our employees shape our future each day. Are you living your life's work?
Summary:
The Vulnerability Management Senior Analyst functions as a technical expert that provides support to vulnerability management and remediation teams within the PennMed environment.The role ensures the effective use and distribution of vulnerability-related data through the design of reporting strategies and the creation of reporting artifacts.This role requires the ability to analyze enterprise vulnerability management data and identify trends, problems, and areas of improvement.The successful candidate will have a working knowledge of the data lifecycle, including technical acquisition techniques, data cleanup, quality assessment, normalization, transformation, verification, and reporting.They will provide meaningful insight based on the data that will drive future vulnerability management efforts and provide recommendations to decision makers.The role will work with the other data reporting professionals in information security and services to create consolidated reporting across these areas and to provide specialized reporting to meet specific objectives.Responsibilities:
Analyze and report on enterprise vulnerability management data from multiple sources in various formats as standalone or merged data setsImprove reporting maturity through automation, consolidation, and other techniques as necessaryParticipate in the development of ongoing vulnerability data management strategiesDevelop insights that lead to short- and long-term improvements in the enterprise vulnerability management programCommunicate complex information to stakeholders in a concise and understandable mannerAnalyze data to assist with identifying risk and prioritizing remediation effortsAssist others with developing reporting and providing analysis around enterprise vulnerability dataEnsure that organization's core values and vulture are embedded into all aspects of team's workWork with key stakeholders throughout the organization to build relationships based on an understanding of stakeholder needs and actions consistent with the company's standard of serviceProvide reporting and analysis to demonstrate program effectiveness, drive improvements in maturity and stakeholder awareness, and develop strategic programsWork with third-party providers to assess, report, remediate, and measure the effectiveness of team objectivesEducation or Equivalent Experience:
Bachelor's degree (Required)5+ years of experience in information technologies, especially information security, such as security operations and incident response, regulatory compliance or audit, vulnerability management, security engineering or similar experience. (Required)3+ years of experience with vulnerability management technology, process, and programs. (Required)Experience with penetration testing tools, such as Kali Linux, Responder, NMAP, Wireshark, Aircrack-ng, Maltego, Nikto, etc. (Required)Familiarity with security standards and frameworks such as: HIPAA, PCI DSS, HITRUST, NIST, ISO, etc. (Required)1+ years of experience in healthcare and academia. (Preferred)Information security certifications, such as Security+, Network+, CCNA Security, GSEC, GCIA, GCFA, GPEN, CEH. (Preferred)Skills/Abilities:
Demonstrated leadership, interpersonal and verbal communication skillsDemonstrated written communication skillsExpert knowledge of cybersecurity monitoring and incident response techniques, as applied to cloud, data, applications, platforms, operating systems and network cybersecurityExpert knowledge of cyber defense tools, including VM, SIEM, SOAR, EDR, UEBA, NDR, SWG, SEG, Firewalls, and othersA strong working understanding of cybersecurity architectural principlesAbility to troubleshoot, research and solve technically challenging cyber eventsOrganized, process-oriented and able to manage multiple concurrent work streamsAbility to work within tight timeframes and a fast paced environment with changing prioritiesKnowledge of laws, regulations, and standards relevant to the healthcare industry.
We believe that the best care for our patients starts with the best care for our employees. Our employee benefits programs help our employees get healthy and stay healthy. We offer a comprehensive compensation and benefits program that includes one of the finest prepaid tuition assistance programs in the region. Penn Medicine employees are actively engaged and committed to our mission. Together we will continue to make medical advances that help people live longer, healthier lives.
Live Your Life's Work
We are an Equal Opportunity and Affirmative Action employer. Candidates are considered for employment without regard to race, ethnicity, color, sex, sexual orientation, gender identity, religion, national origin, ancestry, age, disability, marital status, familial status, genetic information, domestic or sexual violence victim status, citizenship status, military status, status as a protected veteran or any other status protected by applicable law.