Principal Cybersecurity Analyst - Threat & Vulnerability Management.
Join to apply for the Principal Cybersecurity Analyst - Threat & Vulnerability Management. role at Fairview Health Services
Principal Cybersecurity Analyst - Threat & Vulnerability Management.
2 days ago Be among the first 25 applicants
Join to apply for the Principal Cybersecurity Analyst - Threat & Vulnerability Management. role at Fairview Health Services
Get AI-powered advice on this job and more exclusive features.
Job Overview
Job Summary:
Principal Cybersecurity Analyst, is responsible to provide technical leadership, collaboration and drive to help elevate Cybersecurity posture for M Health Fairview.
Job Expectations:
- Provide technical leadership to write/review/enhance security policies, standards, methods and/or procedures
- Lead teams to test and govern Cybersecurity controls and their enforcement at M Health Fairview. Make recommendations and lead response teams to deploy necessary controls and address identified gaps
- Lead tactical teams to collect, validate, analyze, diagnose, prioritize Cybersecurity Response based on incidents, Indicators of compromise, indicators of anomalous behavior and/or external threat indicators
- Participate in industry forums and relevant technical briefings to understand advancements in Cybersecurity and Risk Management areas, automation and self-service capabilities
- Apply understanding of various domains of security including authentication, authorization, network security, data, system device and Operating Systems, coding principles, development methodologies, web/mobile applications, use of public and private networks, devices and applications hosted in public/private/hybrid cloud environments
- Analyze risk and prioritization of vulnerability remediation using MITRE ATT&CK within the greater context of assets and the control stack
- Lead collaboration work with vendors, health and business partners to ensure security remediation milestones are being met
- Lead technical and risk management groups to identify and remediate gaps including tool/technology deficiencies
- Lead Red/Blue/Purple teams as needed to test security controls and help improve security posture of M Health Fairview.
- Assist in design, implement, maintain and support current and future complex information security technologies, processes and procedures. Lead the design and development of security controls that ensure the safety of information assets and protect from unauthorized access or intentional destruction.
- Lead complex projects related to Cybersecurity regulatory compliance and the implementation and maintenance of all cybersecurity programs, processes and technologies. Assure the implementation of appropriate security configurations or re-configurations and work with appropriate teams to execute them as required.
- Foster a culture of improvement, efficiency gains and innovative thinking. Coach and mentor team members as needed. Adapt and embrace change and demonstrate flexibility in taking up and fulfilling other duties as assigned.
Additional Job Summary:
The Principal Cybersecurity Analyst, Threat & Vulnerability Management is responsible for helping lead the threat and vulnerability management processes and driving remediation of vulnerabilities to reduce risk to Fairview and our partners. Successful candidate would have experience in Threat and Vulnerability management processes and tools as well as experience with application security and pen testing efforts. Successful candidate will lead technical and business teams to accomplish specific cybersecurity objectives with minimal oversight.
Additional Job Responsibilities:
- Drive the overall threat and vulnerability management process, including defining metrics to measure performance and driving remediation of vulnerabilities in the environment.
- Perform technical and non-technical risk and vulnerability assessments and analyze compliance with policies and regulations. Ensure continued development of vulnerability scanning and remediation solutions.
- Oversee information system cybersecurity vulnerability scanning to discover and analyze vulnerabilities and characterize risks to networks, operating systems, applications, databases, and other information system components
- Expertise with vulnerability scanners such as Tenable, Qualys, or Rapid7
- Enhance enterprise vulnerability management tools, implementing integrations with other systems, custom tooling and automation, and the development of tailored scripts and reports
- Bring visibility of vulnerabilities, prioritization and remediation options to Business Owners and IT Service Owners.
- Prioritize vulnerabilities and remediations using risk quantification methodologies and tools
- Drive remediation efforts for vulnerabilities across IoT and OT environments, leveraging deep understanding of network topology to assess risk exposure, coordinate mitigation strategies, and ensure secure integration with enterprise systems
- Drive the remediation of cloud-based vulnerabilities across IaaS, PaaS, and SaaS environments, including compliance-related risks (e.g., HIPAA, NIST, CIS benchmarks)
- Develop and implement workflows to automate cybersecurity testing and vulnerability detection for the software development lifecycle
- Identify architectural deficiencies and implement vulnerability mitigation strategies to address them
- Facilitate pen testing activities and remediations
- Modify risk management evaluations and strategies based on changes from emerging technologies {. i.e.: Cloud hosting, AI, Automation, etc.)
- Research, evaluate, and recommend new cybersecurity tools, techniques, and technologies and introduce them to the enterprise in alignment with the Cybersecurity and Risk Management strategy
Required Qualifications
Education
- Bachelor’s degree in Computer Science, Computer Engineering, Technology Information Systems, Engineering or related technical discipline or combination of relevant experience/education.
Experience
- 15+ years of cumulative experience in engineering, development and/or support of IT Systems
- 7+ years of experience in customization, deployment and support of Cybersecurity tools and technologies
- Excellent understanding of fundamentals of IT systems, frameworks, development methodologies, network, firewalls, communication layers, devices/end points, computing environment
- Experience leading Threat and Vulnerability Management programs
- Experience in deploying and/or managing tools, methods and processes associated with security patching and vulnerability management.
- Deeper understanding of Threats, Vulnerabilities, Risk, Cybersecurity frameworks, policies and Cybersecurity standards
- Understanding of Web Applications, software security, security frameworks
- Ability to author and edit scripts such as PowerShell, Python and exposure to or knowledge of REST API and JSON batching and workflow automation
- Ability to thrive in a sense-of-urgency environment and leverage best practices
Language & Communication Skills
- Excellent ability to effectively communicate both verbally and written with all levels within the organization
- Ability to visually represent technical, logical and system interaction concepts and adjust messaging based on the audience, including non-technical groups
- Expertise in use of visual representation tools such as MS Visio Pro, PowerPoint
- Ability to influence through outstanding interpersonal skills, collaboration, and negotiation skills
- Ability to work well within a team environment, as well as independently
Experience
Preferred Qualifications
- Bachelor’s degree or higher in Computer Science, Computer Engineering, Digital Forensics, Cybersecurity and/or related technical discipline.
- Prior work experience in Healthcare companies preferred
- Industry certifications such as SANS, GEVA, Security+, GIAC, CISSP, or equivalent cyber security certification
Experience
License/Certification/Registration
- Industry specific certifications - Security+, CISSP, CISM, CASP, CEH, Pentest+ or equivalents,
- CCNA Security, CySA+, GICSP, GSEC, Security+ CE, CND, or SSCP
Benefit Overview
Fairview offers a generous benefit package including but not limited to medical, dental, vision plans, life insurance, short-term and long-term disability insurance, PTO and Sick and Safe Time, tuition reimbursement, retirement, early access to earned wages, and more! Please follow this link for additional information: https://www.fairview.org/careers/benefits/noncontract
Compensation Disclaimer
The posted pay range is for a 40-hour workweek (1.0 FTE). The actual rate of pay offered within this range may depend on several factors, such as FTE, skills, knowledge, relevant education, experience, and market conditions. Additionally, our organization values pay equity and considers the internal equity of our team when making any offer. Hiring at the maximum of the range is not typical. If your role is eligible for a sign-on bonus, the bonus program that is approved and in place at the time of offer, is what will be honored.
EEO Statement
EEO/Vet/Disabled: All qualified applicants will receive consideration without regard to any lawfully protected status
Seniority level
Seniority level
Mid-Senior level
Employment type
Job function
Job function
Information TechnologyIndustries
Hospitals and Health Care
Referrals increase your chances of interviewing at Fairview Health Services by 2x
Get notified about new Cyber Security Analyst jobs in Minneapolis, MN.
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.