Job Information
Penn Medicine Vulnerability Management Senior Analyst in Philadelphia, Pennsylvania
Description
Penn Medicine is dedicated to our tripartite mission of providing the highest level of care to patients, conducting innovative research, and educating future leaders in the field of medicine. Working for this leading academic medical center means collaboration with top clinical, technical and business professionals across all disciplines.
Today at Penn Medicine, someone will make a breakthrough. Someone will heal a heart, deliver hopeful news, and give comfort and reassurance. Our employees shape our future each day. Are you living your life's work?
Summary:
- The Vulnerability Management Senior Analyst functions as a technical expert that provides support to vulnerability management and remediation teams within the PennMed environment. The role ensures the effective use and distribution of vulnerability-related data through the design of reporting strategies and the creation of reporting artifacts. This role requires the ability to analyze enterprise vulnerability management data and identify trends, problems, and areas of improvement. The successful candidate will have a working knowledge of the data lifecycle, including technical acquisition techniques, data cleanup, quality assessment, normalization, transformation, verification, and reporting. They will provide meaningful insight based on the data that will drive future vulnerability management efforts and provide recommendations to decision makers. The role will work with the other data reporting professionals in information security and services to create consolidated reporting across these areas and to provide specialized reporting to meet specific objectives.
Responsibilities:
Analyze and report on enterprise vulnerability management data from multiple sources in various formats as standalone or merged data sets
Improve reporting maturity through automation, consolidation, and other techniques as necessary
Participate in the development of ongoing vulnerability data management strategies
Develop insights that lead to short- and long-term improvements in the enterprise vulnerability management program
Communicate complex information to stakeholders in a concise and understandable manner
Analyze data to assist with identifying risk and prioritizing remediation efforts
Assist others with developing reporting and providing analysis around enterprise vulnerability data
Ensure that organization’s core values and vulture are embedded into all aspects of team’s work
Work with key stakeholders throughout the organization to build relationships based on an understanding of stakeholder needs and actions consistent with the company’s standard of service
Provide reporting and analysis to demonstrate program effectiveness, drive improvements in maturity and stakeholder awareness, and develop strategic programs
Work with third-party providers to assess, report, remediate, and measure the effectiveness of team objectives
Education or Equivalent Experience:
Bachelor's degree (Required)
5+ years of experience in information technologies, especially information security, such as security operations and incident response, regulatory compliance or audit, vulnerability management, security engineering or similar experience. (Required)
3+ years of experience with vulnerability management technology, process, and programs. (Required)
Experience with penetration testing tools, such as Kali Linux, Responder, NMAP, Wireshark, Aircrack-ng, Maltego, Nikto, etc. (Required)
Familiarity with security standards and frameworks such as: HIPAA, PCI DSS, HITRUST, NIST, ISO, etc. (Required)
1+ years of experience in healthcare and academia. (Preferred)
Information security certifications, such as Security+, Network+, CCNA Security, GSEC, GCIA, GCFA, GPEN, CEH. (Preferred)
Skills/Abilities:
Demonstrated leadership, interpersonal and verbal communication skills
Demonstrated written communication skills
Expert knowledge of cybersecurity monitoring and incident response techniques, as applied to cloud, data, applications, platforms, operating systems and network cybersecurity
Expert knowledge of cyber defense tools, including VM, SIEM, SOAR, EDR, UEBA, NDR, SWG, SEG, Firewalls, and others
A strong working understanding of cybersecurity architectural principles
Ability to troubleshoot, research and solve technically challenging cyber events
Organized, process-oriented and able to manage multiple concurrent work streams
Ability to work within tight timeframes and a fast paced environment with changing priorities
Knowledge of laws, regulations, and standards relevant to the healthcare industry.
We believe that the best care for our patients starts with the best care for our employees. Our employee benefits programs help our employees get healthy and stay healthy. We offer a comprehensive compensation and benefits program that includes one of the finest prepaid tuition assistance programs in the region. Penn Medicine employees are actively engaged and committed to our mission. Together we will continue to make medical advances that help people live longer, healthier lives.
Live Your Life's Work
We are an Equal Opportunity and Affirmative Action employer. Candidates are considered for employment without regard to race, ethnicity, color, sex, sexual orientation, gender identity, religion, national origin, ancestry, age, disability, marital status, familial status, genetic information, domestic or sexual violence victim status, citizenship status, military status, status as a protected veteran or any other status protected by applicable law.
REQNUMBER: 218458