Senior Cybersecurity Penetration Tester

Job Description

Join a world-class academic healthcare system, UChicago Medicine, as a Senior Cybersecurity Penetration Testerin our Information Security department. This is a remote, work from home opportunity and you may be based outside of the greater Chicagoland area.

In this role, as a Senior Cybersecurity Penetration Tester, youwill be responsible for developing, implementing, and maintaining an adversarial testing program to help secure the network, assets, software, cloud, web based, mobile, and other technologies that are used throughout the entirety of the health system. This position will work with the Security Program to identify potential weaknesses and enhance the cybersecurity risk posture for IT leaders and other stakeholders.

Essential Job Functions

• Research, plan, and execute complete penetration testing and red team operations to identify software/network/cloud potential exploits, vulnerabilities, and other weaknesses in security controls.

• Develop and plan methodologies, playbooks, and procedures to implement an adversarial-based IT security program.

• Assess network architecture reviews (manual/automated) and advise on best practices.

• Assist with the development of remediation recommendations for all identified findings.

• Conduct meetings and communicate risks to stakeholders and IT leaders and engineers while advocating for mitigation.

• Other duties as assigned.

Required Qualifications

• Bachelor’s degree required in Information Security, Computer Science, Information Technology, or a related field

• 5 years plus of significant, recent relevant experience in IT security penetration testing or red teaming with deep knowledge of scanning tools and vulnerability enumeration

• Good understanding of the HIPAA Security, NIST and other relevant healthcare regulations and standards

• Experience building and growing a penetration testing program combined with a willingness to build and lead our team over time

• Must have hands on experience with muti-function penetration testing tools such as: Kali Linux, Metasploit, and Wireshark

• Hands-on experience identifying, rating, and triaging web application security vulnerabilities (such as the OWASP Top Ten)

• Hands-on experience developing adversary courses of action using MITRE ATT&CK or similar frameworks

• Hands-on experience executing penetration testing tactics, techniques, and procedures used to identify vulnerabilities in web applications, servers, cloud infrastructure, and on-premises network infrastructure

• Will need to remain up to date on threat intelligence to learn new exploits, attack patterns, and vulnerabilities

• Strong programming and scripting skills with knowledge of diverse programming languages

• Data-driven decision making and teamwork skills

• Experience delivering findings to IT leadership and other stakeholders to get vulnerabilities addressed

• Effective analytic, oral and written communication skills and interpersonal skills

Preferred Qualifications

• Certifications relevant to adversarial security testing such as CEH, Pentest+, GPEN, and OSCP

• Experience in clinical, research, and education in healthcare

• Academic medical center and/or healthcare consulting experience

• Master’s degree

Position Details

• Job Type/FTE:Full Time (1.0 FTE)

• Shift: Days

• Location: Remote

• Unit/Department: Information Security Office

• CBA Code: Non-Union

We’ve been at the forefront of medicine since 1899. We provide superior healthcare with compassion, always mindful that each patient is a person, an individual. To accomplish this, we need employees with passion, talent and commitment… with patients and with each other. We’re in this together: working to advance medical innovation, serve the health needs of the community, and move our collective knowledge forward. If you’d like to add enriching human life to your profile, UChicago Medicine is for you. Here at the forefront, we’re doing work that really matters. Join us. Bring your passion.

UChicago Medicine is growing; discover how you can be a part of this pursuit of excellence at:UChicago Medicine Career Opportunities.

UChicago Medicine is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, ethnicity, ancestry, sex, sexual orientation, gender identity, marital status, civil union status, parental status, religion, national origin, age, disability, veteran status and other legally protected characteristics.

Must comply with UChicago Medicine’s COVID-19 Vaccination requirement as a condition of employment. If you have already received the vaccination, you must provide proof as part of the pre-employment process. This is in addition to your compliance with the Flu Vaccination requirement as well. Medical and religious exemptions will be considered consistent with applicable law. Lastly, a pre-employment physical, drug screening, and background check are also required for all employees prior to hire.

Compensation & Benefits Overview

UChicago Medicine is committed to transparency in compensation and benefits. The pay range provided reflects the anticipated wage or salary reasonably expected to be offered for the position.

The pay range is based on a full-time equivalent (1.0 FTE) and is reflective of current market data, reviewed on an annual basis. Compensation offered at the time of hire will vary based on candidate qualifications and experience and organizational considerations, such as internal equity. Pay ranges for employees subject to Collective Bargaining Agreements are negotiated by the medical center and their respective union.

Review the full complement of benefit options for eligible roles at Benefits - UChicago Medicine.