Security Engineer II

Thank you for considering a career at Bon Secours Mercy Health!

Job Description:

The role of the Cybersecurity Red Team Engineer II is responsible for supporting the enterprise vulnerability management and pen-testing program, which includes but is not limited to evaluating the security of the organization's IT infrastructure by continuously assessing and exploiting vulnerabilities to find out where hacking threats may lie by simulating attacks on networks, firewalls, operating systems and web applications to identify vulnerabilities, and report the findings.

Essential Job Functions /Core Responsibilities:

• Perform network and credentialed vulnerability assessments.
• Evaluate present and proposed computer systems environments and convey information concerning security exposures with level or risk and impact to appropriate management.
• Perform penetration tests.
• Participate in rotating on-call schedule.
• Support security architecture review.
• Support joint "Purple Team" cybersecurity exercises
• Work effectively with others in the Information & Technology organization, operations in support of security policies and standards.
• Evaluate system vulnerabilities for Windows, Linux, Unix operating systems, network topologies, databases, and ensure risk remediation before and after vulnerability scans
• Support Payment Card Industry Compliance Data Security Standard approved scanning vendor penetration tests, and external vulnerability scans
• Support physical security pen-tests
• Support Payment Card Industry Compliance Data Security Standard approved scanning vendor penetration tests, and external vulnerability scans
• Evaluate system vulnerabilities for Windows, Linux, Unix operating systems, network topologies, databases, and ensure risk remediation before and after vulnerability scans

Qualifications Include:

• Associates or Bachelor's degree in Electrical Engineering, Information Security, Information Assurance, Cybersecurity, Computer Science, Information Technology, Information System, Business Management preferred.
• 3+ years professional work experience in information technology preferred
• Certifications such as ISC2 (CISSP, SSCP), CompTIA (Security+, Network+, Server+, CySA+, Linux+), SANS (GSE, GWAPT, GPEN), Microsoft 365 Certified Security Administrator Associate, CEH, CHFI, CND, Cisco CCNA Security VMware Certified (VCP, VCPA, VCDX), Tenable, Qualys Guard, Core Impact (CICP), OSCP, CWSP, preferred.
• Experience with cyber threat hunting for indicators of compromise, malware forensic analysis, Tactics, Threat Procedures (TTP) preferred.
• Experience with sniffer protocol analyzer and analyzing and interpreting TCP packets data flows.
• Experience sub netting IPv4, IPv6.
• Experience creating Visio network, and data flow diagrams.
• Knowledgeable of routing protocols OSPF, BGP, IBGP, VRRP, EIGRP.
• Experience completing penetration tests, network and credentialed vulnerability scans with Tenable and Qualys Guard.
• Knowledgeable network firewall and intrusion prevention appliance order of operations.
• Excellent communication skills to effectively annotate findings in both written and oral form
• Ability to communicate clearly and present security findings with technical staff as well as non-technical colleagues.
• Sensitivity to accuracy, timeliness, and professionalism in all areas of support activity is imperative.
• Strong analytical and problem solving skills.
• Experienced performing malware analysis and incident response.

#BSMHIT

Bon Secours Mercy Health is an equal opportunity employer.

Many of our opportunities reward* your hard work with:

• Comprehensive, affordable medical, dental and vision plans
• Prescription drug coverage
• Flexible spending accounts
• Life insurance w/AD&D
• Employer contributions to retirement savings plan when eligible
• Paid time off
• Educational Assistance
• And much more

*Benefits offerings vary according to employment status

Scheduled Weekly Hours:

40

Work Shift:

Days/Nights (United States of America)

Department:

SS I&T - Info Security

All applicants will receive consideration for employment without regard to race, color, national origin, religion, sex, sexual orientation, gender identity, age, genetic information, or protected veteran status, and will not be discriminated against on the basis of disability. If you'd like to view a copy of the affirmative action plan or policy statement for Mercy Health - Youngstown, Ohio or Bon Secours - Franklin, Virginia; Petersburg, Virginia; and Emporia, Virginia, which are Affirmative Action and Equal Opportunity Employers, please email [email protected]. If you are an individual with a disability and would like to request a reasonable accommodation as part of the employment selection process, please contact The Talent Acquisition Team at [email protected].