Cybersecurity Principal Engineer Vulnerability Management

Overview

Inspired by faith. Driven by innovation. Powered by humankindness. CommonSpirit Health is building a healthier future for all through its integrated health services. As one of the nation's largest nonprofit Catholic healthcare organizations CommonSpirit Health delivers more than 20 million patient encounters annually through more than 2300 clinics care sites and 137 hospital-based locations in addition to its home-based services and virtual care offerings. CommonSpirit has more than 157000 employees 45000 nurses and 25000 physicians and advanced practice providers across 24 states and contributes more than $4.2 billion annually in charity care community benefits and unreimbursed government programs. Together with our patients physicians partners and communities we are creating a more just equitable and innovative healthcare delivery system.

Responsibilities

This is a remote position.
Job Summary

The Principal Engineer is the lead technical authority for all cybersecurity protections supporting the vulnerability management program at CommonSpirit Health. Monitors threat landscape and changing business requirements to Identify functional, technological and/or control solutions. Integrates all cybersecurity solutions in an optimal manner to best protect the organization from cyber threats and exposures. Technological solution owner responsible for technology selection based on business requirements and emerging threats. Oversees the design, development, configuration, and implementation of solutions and optimizes solutions to resolve highly complex technical and business issues related to cybersecurity and identity management. Designs, develops, and implements solutions to successfully integrate new information security and identity management systems with the existing architecture. May drive one or more projects as part of a Security or Security Risk Management team. Acts as a subject matter expert (SME) for one or more security, IDM, or risk management areas. May act as team-lead for other security or risk management personnel. Mentors other engineers as a leader in the organization.

The Cybersecurity Principal Engineer will report to the Manager, Vulnerability Management as part of the overall Cyber Vigilance and Defense team focused on identifying, protecting, responding and containing threats and vulnerabilities to the overall CommonSpirit organization.
Job Responsibilities

• Provides leadership on the establishment and maintenance of vulnerability assessment platforms and engines, scan template creation and management, scan cycle management, account management, periodic systems or applications checks, data integration with other platforms, troubleshooting issues and configuration of sites and scans.
• Designs, develops, and implements new solutions to integrate into existing or newly defined architecture.
• Provide leadership on team related engagement with Security Engineering, Identity Management Engineering, Security Architecture, CSOC, Network Engineering, Clinical Engineering, Systems Engineering, Application Development, and/or other IT Operations and business function owners.
• Design and Implement new vulnerability scanning sites and services as needed.
• Act as a security advocate for IT Operations team's adherence to CommonSpirit Health policies, security standards and requirements, and industry best practices.
• Participate in the collection and documentation of knowledge artifacts, participant in the development and population of knowledge management and collaboration systems for the IT Security team.
• Assists Management in identifying knowledge, process, and technology gaps.
• Provide service line support for vulnerability and configuration remediation, engagement, and escalation. Process Information Security vulnerability and configuration issues and tickets of moderate to difficult complexity
• Perform reviews and analysis of system and applications vulnerabilities and configurations, and support Security technical Risk Management processes.
• Proactively identify, engage on, and escalate vulnerability and configuration issues, either system/application specific or systemic. Lead specific engagement and remediation efforts.
• Assist with technical vulnerability assessment services.
• Designs, develops, configures, and implements solutions to resolve complex technical and business issues related to information security.
• Reviews and consults on security of technology solutions to resolve highly technical and business issues.
• Provides support and works on multiple functions of high complexity.
• Serves as SME for one or more technical solutions

Qualifications

• Bachelor's Degree in Computer Science, Information Security, Information Systems, or related field, or equivalent professional experience required.
• Two or more relevant technical/professional security certifications (such as: COMP-TIA Network+ , Security+, SANS GIAC, CISSP, CRISC, CISA, or vendor-specific) preferred.
• 7+ years of related experience required with at least 5 years in vulnerability management
• Expert level knowledge in the operation and interoperability of Windows, UNIX/Linux OS required.
• Functional understanding of regulatory and compliance mandates and frameworks, including but not limited to: HIPAA, HITECH, PCI, Sarbanes-Oxley, Center for Internet Security (CIS), or NIST preferred.
• Experience conducting Vulnerability Testing (Network, Application, Database, and/or System Security), Analysis, Prioritization, and Documentation, and the management of communication with leadership and affected stakeholders preferred.
• Knowledge of healthcare environments preferred.
• Previous project management or project coordination experience preferred.
• Previous Information Security experience in the healthcare/medical environment strongly preferred.
• Experience in offensive security, cyber threat intelligence or forensics desired.

#LI-Remote

#LI-CSH