Practice made perfect

Join Our Talent Network

Cyber Security & Vulnerability Management Engineer in Knoxville, Tennessee, US at TeamHealth

Date Posted: 11/12/2019

Job Snapshot

Job Description

JOB DESCRIPTION OVERVIEW:

The Cyber Security Engineer position is assigned to the Information Security department.  The primary purpose of this position is to report, remediate, and assist in prevention of cyber security vulnerabilities and incidents.  This position involves critical duties and responsibilities to protect the companies’ information assets.  As a bare minimum, to achieve the required outcomes you will need a strong foundation in vulnerability management and security operations as it relates to information security and IT. Must be a self-starter and be willing to contribute and lead from the role to support the cyber security and vulnerability management program. Must be willing to maintain and build security knowledge and obtain relevant security certifications. While this role is focused on vulnerability and threat management it is also broad in scope and involves interacting with multiple IT and information security disciplines.

ESSENTIAL DUTIES AND RESPONSIBILITIES:

  • Responsible for configuring and managing vulnerability assessment tools, managing and performing scans, and offering input into improving the vulnerability management program.
  • Researches, analyzes, and risk ranks vulnerabilities to identify relevant threats, corrective actions, summarizing and reporting results
  • Assists in managing the emergency vulnerability management process
  • Analyze penetration testing results and engage with technology and business partners to resolve identified issues with SLAs
  • Identify and resolve false positive findings and assessment results. Identify ways to improve the scanning and assessment fidelity
  • Identify and create approaches for assessing vulnerabilities to include system patching, deployment of specialized controls, code and infrastructure changes, and changes in development and SDLC cycles
  • Provide threat and vulnerability analysis as well as security advisory services
  • Analyze and respond to previously undisclosed software and hardware vulnerabilities
  • Produce metrics and reporting on the state of system security, threat, vulnerability, and patch management. Provide IT governance and metrics reporting
  • Analyze data sources and recommend optimization for relevant reporting
  • Oversee and guide remediation activities
  • Manage tracking and remediation of vulnerabilities by leveraging action plans and timelines with appropriately responsible teams.
  • Recommend appropriate policy, standards, processes and procedure updates as part of program improvements and remediation solutions
  • Validate remediation by reviewing application and system updates or deployed mitigations to verify results
  • May assist with security investigations as they relate to Tier 2-3 security operations
  • Provide analysis of information security related events and incidents
  • Provide Incident Response (IR) support when analysis confirms actionable incident
  • Investigate, document and report on information security issues and emerging trends
  • On-call after hours support of roughly one week per month

 

Job Requirements

QUALIFICATIONS / EXPERIENCE:

  • Bachelor's degree in a related field or equivalent demonstrated experience and knowledge
  • 1-4 years' experience as a Security/Network Engineer and at least 2-3 years’ in the vulnerability management discipline
  • Desired Certifications in GPEN, OSCP, CEH, GCIA, GCIH, or equivalent
  • Strong understanding of security controls such as access control, auditing, authentication, encryption, application security and physical security controls
  • Must have strong skills in operating systems such as Windows, Linux/Unix, Mac OS, IOS, and Android.
  • Must have experience with multi-system environments and protocols to include but not limited to Active Directory, LDAP, VPN, DNS, TCP/IP, authentication and authorization, and other systems/protocols within an enterprise environment
  • Must have experience with vulnerability scanners, vulnerability management systems, patch management, and host-based security systems
  • Experience with penetration testing, WAF, application testing and security a strong plus
  • Ability to communicate well verbally and in writing
  • Customer driven with a willingness to contribute and take ownership of issues and problems
  • Ability to multi-task, prioritize, and manage time effectively
  • Strong attention to detail
  • Excellent interpersonal skills and professional demeanor
  • Experience with Incident, Problem and Change management processes in enterprise environments.
  • Ability to work in a fast paced environment, interact with staff, peers and customers on a technical & professional level.
  • Demonstrated ability to work under pressure and deliver to meet SLA’s.
  • Proactive and independent mindset as well as a willingness to share knowledge.
  • Proficient in Microsoft Office Applications

PHYSICAL / ENVIRONMENTAL DEMANDS:

  • Job performed in a well-lighted, modern office setting;
  • Occasional lifting/carrying (10 pounds or less);
  • Occasional standing/bending/stooping/reaching;
  • Moderate stress;
  • Prolonged sitting; and
  • Prolonged work at a computer/PC.

DISCLAIMER:

Cooperative, positive, courteous and professional behavior and conduct is an essential function of every position. All employees must be able to work with others beyond giving and receiving instructions. This includes getting along with co-workers, peers and management without exhibiting behavior extremes. Job functions may require personal leadership skills such as conflict resolution, negotiating, instructing, persuading, speaking with others as well as responding appropriately to job performance feedback from the supervisor. Additionally, the information contained in this job description has been designated to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this position.

 

#ZR