Lead Vulnerability Management Analyst

Posted:
10/21/2024, 5:00:00 PM

Location(s):
North Carolina, United States ⋅ Emilia-Romagna, Italy ⋅ Florida, United States

Experience Level(s):
Senior

Field(s):
IT & Security

Workplace Type:
Hybrid

You could be the one who changes everything for our 28 million members by using technology to improve health outcomes around the world.  As a diversified, national organization, Centene's technology professionals have access to competitive benefits including a fresh perspective on workplace flexibility.
 

Position Purpose: Leads the organization's vulnerability management infrastructure and processes. Works with key stakeholders to create strategies and actionable reporting for the prioritization and timely remediation of vulnerabilities. Identifies systemic security issues based on the analysis of vulnerability and configuration data. Performs impact and risk assessments based on vulnerability data.
  • Assesses vulnerabilities across applications, endpoints, databases, networking, mobile and cloud assets
  • Conducts continuous discovery and vulnerability assessment of enterprise-wide assets
  • Reviews reports, assets and vulnerability state; recommend remediation and validation approaches
  • Partners with various IT and application teams in remediation efforts to ensure vulnerabilities have been appropriately remediated or managed in a timely manner
  • Stay abreast of vulnerability results to technical and non-technical business units based on risk tolerance and threat to the business. Gain stakeholder support through influential messaging
  • Leverages vulnerability database sources to understand systems weaknesses, its probability and remediation options, including vendor-supplied fixes and workarounds
  • Directs the research of new technologies and works with key stakeholders to assess risk and implement and/or validate controls as necessary
  • Reviews vulnerabilities data from multiple sources (i.e., external / internal penetration testing, internal / external vulnerability scanning, etc.) across multiple technologies and environment including infrastructure and applications to determine risk rating of vulnerabilities to business assets
  • Works with Technology teams in static (SAST) and dynamic (DAST) scanning analysis to understand application threats and vulnerabilities
  • Performs other duties as assigned
  • Complies with all policies and standards

Education/Experience: A Bachelor's degree in a quantitative or business field (e.g., statistics, mathematics, engineering, computer science).
Requires 5 – 7 years of related experience.

Or equivalent experience acquired through accomplishments of applicable knowledge, duties, scope and skill reflective of the level of this position.

Technical Skills:

  • One or more of the following skills are desired.
  • Other: OWASP framework and the software development lifecycle
  • Other: Familiar with the laws, regulations, industry standards and guidance pertaining to data protection and information security in the healthcare industry
  • Other: Experience in vulnerability scanning, security information and event management (SIEM), penetration testing, and/or advanced malware protection
  • Other: Experience with SAST and DAST tools and technologies
  • Other: Knowledge of Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS), Service Organization Controls (SOC) 2, Sarbanes–Oxley Act (SOX), etc.


Soft Skills:

  • Intermediate - Seeks to acquire knowledge in area of specialty
  • Intermediate - Ability to identify basic problems and procedural irregularities, collect data, establish facts, and draw valid conclusions
  • Intermediate - Ability to work independently
  • Intermediate - Demonstrated analytical skills
  • Intermediate - Demonstrated project management skills
  • Intermediate - Demonstrates a high level of accuracy, even under pressure
  • Intermediate - Demonstrates excellent judgment and decision making skills
  • Intermediate - Ability to communicate and make recommendations to upper management
  • Intermediate - Ability to drive multiple projects to successful completion
  • Intermediate - Possesses technical aptitude


License/Certification:

  • CISSP Certified Information Systems Security Professional preferred
  • Certified Information Security Manager (CISM) preferred
  • GIAC Enterprise Vulnerability Assessor (GEVA) preferred

Pay Range: $98,900.00 - $183,100.00 per year

Centene offers a comprehensive benefits package including: competitive pay, health insurance, 401K and stock purchase plans, tuition reimbursement, paid time off plus holidays, and a flexible approach to work with remote, hybrid, field or office work schedules.  Actual pay will be adjusted based on an individual's skills, experience, education, and other job-related factors permitted by law.  Total compensation may also include additional forms of incentives.

Centene is an equal opportunity employer that is committed to diversity, and values the ways in which we are different. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or other characteristic protected by applicable law.


Qualified applicants with arrest or conviction records will be considered in accordance with the LA County Ordinance and the California Fair Chance Act