[Hiring] Threat & Vulnerability II Analyst @BJC HealthCare

Role Description

BJC is hiring for a Threat and Vulnerability II Analyst. We are looking for applicants with broad IT experience. This is a remote position.

The Threat & Vulnerability Analyst II is responsible for the overall management lifecycle of the Threat & Vulnerability Management program. The role is technical, and candidates must possess a solid understanding of information security and preferably have held positions in cybersecurity and systems administration. They must understand applications, operating systems, networking, cloud infrastructure, and advanced attacker tactics, techniques, and procedures (TTPs). Additionally, analysts are expected to maintain a high level of rigor to stay up-to-date with advancements in technology, while also retaining knowledge of older systems and applications in use. The position must collaborate with others on the team for remediation and additional validation, as well as contribute to other collaborative approaches driven by the security team strategy. Epic or applicable certifications will be required within 6 months of hire.

Responsibilities

• Participates in threat hunting and penetration testing operations; detects and mitigates threats utilizing cybersecurity measures, including:
  • Intrusion prevention and Detection
  • Access Control and Authorization
  • Policy Enforcement Security
  • Protocol Analysis
  • Firewall Management
  • Incident Response
  • Encryption
  • Web filtering
  • Advanced Threat Protection
  • Vulnerability Assessment
  • Penetration Testing
  • Web Application Assessment
  • Wireless Assessment
  • Social Engineering
  • Physical Assessment
  • Open Source Intelligence
  • Threat Modeling
  • Patch Management
• Collaborates with security groups such as red teams, threat intelligence, and risk management to form a holistic team dedicated to thwarting attackers and reducing attack surface.
• Works closely with infrastructure teams to advise and support remediation efforts to close vulnerability exposure to new threats in the wild and verify the organization’s security posture against them.
• Regularly researches and learns new TTPs in public and closed forums, and works with colleagues to assess risk and implement/validate controls as necessary.
• Maintains an active database comprising third-party assets, their vulnerability state, remediation recommendations, overall security posture, and potential threat to the business.
• Plans and leads the organization's approach to vulnerability research. Identifies new and emerging threats and vulnerabilities.
• Maintains a strong external network. Takes a leading part in external-facing professional activities to facilitate information gathering and set the scope of research work.
• Engages with, and influences, relevant stakeholders to communicate results of research and the required response.
• Develops organizational policies and guidelines for monitoring emerging threats and vulnerabilities.
• Plans and manages vulnerability research activities. Maintains a strong external network in the area of vulnerability research.
• Gathers information on new and emerging threats and vulnerabilities. Assesses and documents the impacts and threats to the organization.
• Creates reports and shares knowledge and insights with stakeholders. Provides expert advice and guidance to support the adoption of tools and techniques for vulnerability research.
• Contributes to the development of organizational policies, standards, and guidelines for vulnerability research and assessment.
• Designs and executes complex vulnerability research activities. Specifies requirements for environment, data, resources, and tools to perform assessments.
• Reviews test results and modifies tests if necessary. Creates reports to communicate methodology, findings, and conclusions.
• Advises on deception methods by exploiting identified patterns. Makes an active contribution to research communities.
• May be part of an after-hours on-call rotation.

Qualifications

• Bachelor's Degree and/or Equivalent Experience
• 2-5 years of experience

Requirements

• 10+ years of experience preferred
• No supervisor experience required
• Cert Info Systems Manager
• CISSP
• Certified Ethical Hacker (CEH)
• Healthcare Information Security

Benefits

• Comprehensive medical, dental, vision, life insurance, and legal services available first day of the month after hire date
• Disability insurance paid for by BJC
• Annual 4% BJC Automatic Retirement Contribution
• 401(k) plan with BJC match
• Tuition Assistance available on first day
• BJC Institute for Learning and Development
• Health Care and Dependent Care Flexible Spending Accounts
• Paid Time Off benefit combines vacation, sick days, holidays, and personal time
• Adoption assistance