Vulnerability Management Engineer | Full Time
GENERAL SUMMARY:
The Vulnerability Management (VM) Engineer plans, executes, and assesses vulnerability scanning activities. The VM engineer manages the output from these activities to provide comprehensive reporting to document the details of the vulnerabilities, their potential impact, and suggested remediations as needed. These services are provided by the VM Engineer to manage risk and ensure that the company's overall security posture is sound. The VM Engineer works independently across functional groups within Information Security as well as working in collaboration with all functional areas relative to information technology systems, networks, applications, voice and data communications, and computing services within HFHS. The VM Engineer is knowledgeable of information security best practices, regulatory, and compliance requirements that impact privacy or security for the enterprise. The VM Engineer reports to the Vulnerability Management Services Manager. In conjunction the VM Engineer works in a collaborative effort with IT to assure vulnerability management and policy compliance security programs and technical controls are compliant with policies, applicable laws, and regulations.
PRINCIPLE DUTIES AND RESPONSIBILITIES:
- Maintain technical and operational knowledge of information security, audit, and risk best practices, as well as legal and regulatory compliance requirements that impact privacy or security.
- Support HFHS as well as its subsidiaries.
- Work with minimal supervision, maintain and report against a work plan and as work progresses give appropriate updates.
- Schedule, execute, and validate OS and application focused vulnerability scans using deployed vulnerability management tools.
- Maintain an understanding of the threat landscape and communicate them with a focus on the most relevant, highest-risk threats.
- Conduct vulnerability assessments for deployed on-premises, cloud, and mobile technologies in use.
- Drive the end-to-end vulnerability lifecycle from discovery to closure. Identifying internal and external threats that could result in unauthorized disclosure, misuse, alteration, or destruction of the company's information assets.
- Ensure the execution of regular and complete vulnerability scans and assessments of information systems and networks.
- Identify potential weaknesses and vulnerabilities on company assets (i.e., end points applications, etc.).
- Understand, review, and interpret assessment and scanning results and provide in-depth analysis of vulnerabilities and impacts to leadership.
- Tune vulnerability scanner technologies to reduce false positive findings.
- Act as a subject matter expert in vulnerability conversations.
- Identify and prioritize all vulnerabilities in client environments and provide timely vulnerability assessment reports to key stakeholders.
- Monitor and coordinate resolution of failed scan jobs (i.e., missing credentials, asset list updates, firewall issues, and policy and plugin misconfigurations.).
- Develop and present enterprise-level metrics for vulnerabilities and the associated remediation progress.
- Mange multiple customer requests and meet customer expectations within established service levels.
EDUCATION AND EXPERIENCE:
- Bachelor's Degree in Technology, Business Administration, Finance, Engineering, and Information Systems, Information Assurance or closely related field, required. Degree in other areas with appropriate level of experience and expertise is acceptable.
- 3-5 years experience required. CISSP, CISM, or CISA is preferred.
- Experience providing working knowledge and skills in the following: Security laws, mandates, standards, and best practices (i.e., HIPAA, ISO, ACA, DFIS, NACHA, Payor customer group security requirements, PCI, HITECH, GLB, etc.).
- Demonstratable relevant work experience within the areas of operational / technology auditing experience, and operational or IT risk experience.
- Experience or knowledge of technical and operational, business and healthcare and/or payor environment preferably.
- Familiarity with national security standards, business continuity, disaster recover, auditing, risk management, vulnerability assessments, regulatory compliance, and incident management.
- Solid understanding of project management and information technology background.
- Good analytical, organizational, verbal, and written communication skills.
- Ability to solve problems in a dynamic team environment and handle multiple assignments in a timely manner.
- Ability to effectively interface with various levels of management internally and as well as contacts outside the organization.
- Must be able to travel to other HFHS and Subsidiary facilities and vendor sites to meet with operating or audit personnel.
- A service focused team player who can lead and mentor team members.
- Excellent customer service and interpersonal skills demonstrated both over the phone and face-to-face to communicate technical information in non-technical terms.
- Consensus building and collaborative interpersonal skills.
- Good presentation skills.
- Ability to work under pressure, establish priorities and respond with urgency.
- Self-motivated with excellent verbal and written skills.
Additional Details
This posting represents the major duties, responsibilities, and authorities of this job, and is not intended to be a complete list of all tasks and functions. It should be understood, therefore, that incumbents may be asked to perform job-related duties beyond those explicitly described above.
Overview
Henry Ford Health partners with millions of people on their health journey, across Michigan and around the world. We offer a full continuum of services – from primary and preventative care to complex and specialty care, health insurance, a full suite of home health offerings, virtual care, pharmacy, eye care and other health care retail. With former Ascension southeast Michigan and Flint region locations now part of our team, Henry Ford’s care is available in 13 hospitals and hundreds of ambulatory care locations. Based in Detroit, Henry Ford is one of the nation’s most respected academic medical centers and is leading the Future of Health: Detroit, a $3 billion investment anchored by a reimagined Henry Ford academic healthcare campus. Learn more at henryford.com/careers.
Benefits
The health and overall well-being of our team members is our priority. That’s why we offer support in the various components of our team’s well-being: physical, emotional, social, financial and spiritual. Our Total Rewards program includes competitive health plan options, with three consumer-driven health plans (CDHPs), a PPO plan and an HMO plan. Our team members enjoy a number of additional benefits, ranging from dental and eye care coverage to tuition assistance, family forming benefits, discounts to dozens of businesses and more. Employees classified as contingent status are not eligible for benefits.
Equal Employment Opportunity/Affirmative Action Employer
Equal Employment Opportunity / Affirmative Action Employer Henry Ford Health is
committed to the hiring, advancement and fair treatment of all individuals without regard to
race, color, creed, religion, age, sex, national origin, disability, veteran status, size, height,
weight, marital status, family status, gender identity, sexual orientation, and genetic information,
or any other protected status in accordance with applicable federal and state laws.