Additional Information About the Role

BJC is hiring for a Threat and Vulnerability II Analyst. We are looking for applicants with broad IT experience. This is a remote position.

Overview

BJC HealthCare is one of the largest nonprofit health care organizations in the United States, delivering services to residents primarily in the greater St. Louis, southern Illinois and southeast Missouri regions. With net revenues of $6.3 billion and more than 30,000 employees, BJC serves patients and their families in urban, suburban and rural communities through its 14 hospitals and multiple community health locations. Services include inpatient and outpatient care, primary care, community health and wellness, workplace health, home health, community mental health, rehabilitation, long-term care and hospice.

BJC is the largest provider of charity care, unreimbursed care and community benefits in the state of Missouri. BJC and its hospitals and health service organizations provide $785.9 million annually in community benefit. That includes $410.6 million in charity care and other financial assistance to patients to ensure medical care regardless of their ability to pay. In addition, BJC provides additional community benefits through commitments to research, emergency preparedness, regional health care safety net services, health literacy, community outreach and community health programs and regional economic development.

BJC’s patients have access to the latest advances in medical science and technology through a formal affiliation between Barnes-Jewish Hospital and St. Louis Children’s Hospital with the renowned Washington University School of Medicine, which consistently ranks among the top medical schools in the country.

IS Security Services serves as an independent, objective catalyst for implementing effective and efficient controls to protect BJC HealthCare (BJC) information resources through collaboration with customers. We provide value to our customers and the organization by: Ensuring compliance with internal policies and external regulations; evaluating information system and application controls; educating BJC employees and other strategic partners on information systems security practices and concepts; acting as a resource on security controls for new and existing information systems and applications; recovering mission critical applications and data vital to the organization and strategic partners; investigating practices not in compliance with established BJC Information Services security policies and standards.

Preferred Qualifications

Role Purpose

The Threat & Vulnerability Analyst II is responsible for the overall management lifecycle of the Threat & Vulnerability Management program. The role is technical, and candidates must possess a solid understanding of information security and preferably have held positions in cybersecurity and systems administration. They must understand applications, operating systems, networking, cloud infrastructure and advanced attacker tactics, techniques and procedures (TTPs). Additionally, analysts are expected to maintain a high level of rigor to stay up-to-date with advancements in technology, while also retaining knowledge of older systems and applications in use.The position must collaborate with others on the team for remediation and additional validation, as well as contribute to other collaborative approaches driven by the security team strategy. Epic or applicable certifications will be required within 6 months of hire.

Responsibilities

Participates in threat hunting and penetration testing operations; detects and mitigates threats utilizing cybersecurity measures, including: Intrusion prevention and Detection, Access Control and Authorization, Policy Enforcement Security, Protocol Analysis, Firewall Management, Incident Response, Encryption, Web filtering, Advanced Threat Protection, Vulnerability Assessment, Penetration Testing, Web Application Assessment, Wireless Assessment, Social Engineering, Physical Assessment, Open Source Intelligence, Threat Modeling, Patch Management.

Collaborates with security groups such as red teams, threat intelligence and risk management to form a holistic team dedicated to thwarting attackers and reducing attack surface.Works closely with infrastructure teams to advise and support remediation efforts to close vulnerability exposure to new threats in the wild and verify the organization’s security posture against them.Regularly researches and learns new TTPs in public and closed forums, and work with colleagues to assess risk and implement/validate controls as necessary.Maintains an active database comprising third-party assets, their vulnerability state, remediation recommendations, overall security posture and potential threat to the business.

Plans and leads the organization's approach to vulnerability research.Identifies new and emerging threats and vulnerabilities. Maintains a strong external network. Takes a leading part in external-facing professional activities to facilitate information gathering and set the scope of research work.Engages with, and influences, relevant stakeholders to communicate results of research and the required response.Develops organizational policies and guidelines for monitoring emerging threats and vulnerabilities.

Plans and manages vulnerability research activities.Maintains a strong external network in the area of vulnerability research. Gathers information on new and emerging threats and vulnerabilities.Assesses and documents the impacts and threats to the organization. Creates reports and shares knowledge and insights with stakeholders.Providing expert advice and guidance to support the adoption of tools and techniques for vulnerability research. Contributes to the development of organizational policies, standards, and guidelines for vulnerability research and assessment.

Designs and executes complex vulnerability research activities.Specifies requirements for environment, data, resources and tools to perform assessments.Reviews test results and modifies tests if necessary. Creates reports to communicate methodology, findings and conclusions. Advises on deception methods by exploiting identified patterns.Makes an active contribution to research communities.

May be part of an after-hours on-call rotation.

Minimum Requirements

Education

Bach Deg and/or Equivalent Exp

Experience

2-5 years

Preferred Requirements

Education

Bachelor's Degree

Experience

10 years

Supervisor Experience

No Experience

Licenses & Certifications

Cert Info Systems Manager

CISSP

Certified Ethical Hacker (CEH)

Healthcare Information Sec

Benefits and Legal Statement

BJC Total Rewards

At BJC we’re committed to providing you and your family with benefits and resources to help you manage your physical, emotional, social and financial well-being.

• Comprehensive medical, dental, vison, life insurance, and legal services available first day of the month after hire date
• Disability insurance - paid for by BJC
• Annual 4% BJC Automatic Retirement Contribution
• 401(k) plan with BJC match
• Tuition Assistance available on first day
• BJC Institute for Learning and Development
• Health Care and Dependent Care Flexible Spending Accounts
• Paid Time Off benefit combines vacation, sick days, holidays and personal time
• Adoption assistance

To learn more, go to our Benefits Summary.

- Not all benefits apply to all jobs

The above information on this description has been designed to indicate the general nature and level of work performed by employees in this position. It is not designed to contain or be interpreted as an exhaustive list of all responsibilities, duties and qualifications required of employees assigned to this job. Equal Opportunity Employer

The Threat & Vulnerability Analyst II is responsible for the overall management lifecycle of the Threat & Vulnerability Management program. The role is technical, and candidates must possess a solid understanding of information security and preferably have held positions in cybersecurity and systems administration. They must understand applications, operating systems, networking, cloud infrastructure and advanced attacker tactics, techniques and procedures (TT - Ps). Additionally, analysts are expected to maintain a high level of rigor to stay up-to-date with advancements in technology, while also retaining knowledge of older systems and applications in use. The position must collaborate with others on the team for remediation and additional validation, as well as contribute to other collaborative approaches driven by the security team strategy. Epic or applicable certifications will be required within 6 months of hire. Responsibilities. Participates in threat hunting and penetration testing operations; detects and mitigates threats utilizing cybersecurity measures, including: Intrusion prevention and Detection, Access Control and Authorization, Policy Enforcement Security, Protocol Analysis, Firewall Management, Incident Response, Encryption, Web filtering, Advanced Threat Protection, Vulnerability Assessment, Penetration Testing, Web Application Assessment, Wireless Assessment, Social Engineering, Physical Assessment, Open Source Intelligence, Threat Modeling, Patch Management. Collaborates with security groups such as red teams, threat intelligence and risk management to form a holistic team dedicated to thwarting attackers and reducing attack surface. Works closely with infrastructure teams to advise and support remediation efforts to close vulnerability exposure to new threats in the wild and verify the organization’s security posture against them. Regularly researches and learns new TT - Ps in public and closed forums, and work with colleagues to assess risk and implement/validate controls as necessary. Maintains an active database comprising third-party assets, their vulnerability state, remediation recommendations, overall security posture and potential threat to the business. Plans and leads the organization's approach to vulnerability research. Identifies new and emerging threats and vulnerabilities. Maintains a strong external network. Takes a leading part in external-facing professional activities to facilitate information gathering and set the scope of research work. Engages with, and influences, relevant stakeholders to communicate results of research and the required response. Develops organizational policies and guidelines for monitoring emerging threats and vulnerabilities. Plans and manages vulnerability research activities. Maintains a strong external network in the area of vulnerability research. Gathers information on new and emerging threats and vulnerabilities. Assesses and documents the impacts and threats to the organization. Creates reports and shares knowledge and insights with stakeholders. Providing expert advice and guidance to support the adoption of tools and techniques for vulnerability research. Contributes to the development of organizational policies, standards, and guidelines for vulnerability research and assessment. Designs and executes complex vulnerability research activities. Specifies requirements for environment, data, resources and tools to perform assessments. Reviews test results and modifies tests if necessary. Creates reports to communicate methodology, findings and conclusions. Advises on deception methods by exploiting identified patterns. Makes an active contribution to research communities. May be part of an after-hours on-call rotation. Minimum Requirements. Education. Bach Deg and/or Equivalent Exp. Experience 2-5 years. Preferred Requirements. Education. Bachelor's Degree. Experience 10 years. Supervisor Experience. No Experience. Licenses & Certifications. Cert Info Systems Manager. CISSP - Certified Ethical Hacker (CEH)Healthcare Information Sec Benefits and

search terms: Vulnerability+Analyst