Logo
Jobs via Dice

INFORMATION SECURITY ENGINEER ATTACK SURFACE MANAGEMENT

Jobs via Dice, City of Yonkers

Save Job

INFORMATION SECURITY ENGINEER ATTACK SURFACE MANAGEMENT

INFORMATION SECURITY ENGINEER ATTACK SURFACE MANAGEMENT

2 days ago Be among the first 25 applicants

Get AI-powered advice on this job and more exclusive features.

Dice is the leading career destination for tech experts at every stage of their careers. Our client, Montefiore Health System Inc, is seeking the following. Apply via Dice today!
City/State:
Yonkers, New York
Grant Funded:
No
Department:
MIT - Information Security
Work Shift:
Day
Work Days:
MON-FRI
Scheduled Hours:
8:30 AM-5 PM
Scheduled Daily Hours:
7.5 HOURS
Pay Range:
$116,000.00-$145,000.00
An Attack Surface Management (ASM) Engineer performs the security efforts aimed at identifying, managing, and mitigating risks associated with Montefiore Einstein's entire attack surface. This role is crucial in safeguarding patient data, medical devices, and healthcare systems against cyber threats. The Engineer is responsible for executing processes related to device discovery, vulnerability management, and penetration testing services. They will also contribute to the tracking and communication of security metrics, helping the organization make informed decisions regarding it's security posture.
Key Responsibilities:

  • Perform continuous device and asset discovery across the system, including IoT devices, medical equipment, and IT infrastructure.
  • Collaborate with clinical engineering and IT teams to ensure comprehensive visibility into all connected devices.
  • Leverage new and existing tools and processes to maintain an accurate inventory of devices and ensure real-time updates.
  • Contribute to an enterprise-wide vulnerability management program to identify and remediate vulnerabilities in medical devices, networks, applications, and systems.
  • Communicate with Product Owners and technology teams across the system to prioritize patching efforts based on risk to ensure critical assets are protected.
  • Coordinate regular third-party penetration testing and assessment efforts, to identify vulnerabilities and weaknesses in medical devices, networks, applications, and systems.
  • Manage penetration test schedules and remediation plans, to ensure vulnerabilities are effectively mitigated.
  • Create reports for executive leadership detailing the outcomes of penetration tests and remediation strategies.
  • Remain aware of vulnerability trends and emerging threats in the healthcare sector to proactively adjust defensive measures.
  • Coordinate with SOC (Security Operations Center) teams in response to incidents based on identified vulnerabilities.
  • Develop and refine standard operating procedures (SOPs) for device discovery, vulnerability management, and third-party penetration testing.
  • Document clear and efficient workflows for responding to vulnerabilities.
  • Work with architecture and engineering personnel to implement automation and orchestration solutions where appropriate to improve efficiency and reduce manual effort.
  • Define and track key performance indicators (KPIs) and metrics for attack surface management, such as time to patch, vulnerability aging, and device risk scoring.
  • Prepare summarized reports and dashboards for leadership, outlining the organization's attack surface management risk posture and provide recommendations to prioritize remediation initiatives.
  • Collaborate with IT, clinical teams, and other departments to ensure cybersecurity measures are integrated into everyday operations without disrupting patient care.
  • Manage vendor relationships related to security solutions, testing services, and consulting engagements.
  • Maintain security tools and services ensuring continued uptime and efficient execution of scanning activities.
  • Work with DevOps, cloud, and IT infrastructure teams to incorporate secure development practices and vulnerability remediation into their workflows.
Common Technologies & Products:
The Attack Surface Management Engineer is expected to have familiarity with leading commercial and open-source tools commonly used across the security industry.
Education & Experience:
Required:
  • Bachelor's degree or equivalent experience in Information Security, Computer Science, or related field, or equivalent work experience required.
  • Minimum of 7 years of experience in cybersecurity, with a focus on vulnerability management, penetration testing, or threat hunting/intelligence.
Preferred:
  • Master's degree in Cybersecurity, Information Technology, or Business Administration.
  • Prior experience working in the healthcare industry or other highly regulated environments.
Certifications
Preferred:
  • CISSP (Certified Information Systems Security Professional)
  • CEH (Certified Ethical Hacker) or OSCP (Offensive Security Certified Professional)
  • GIAC Penetration Tester (GPEN)
  • GIAC Certified Incident Handler (GCIH)
  • Certified Healthcare Information Security and Privacy Practitioner (HCISPP)
Requirements Include:
  • Strong understanding of healthcare cybersecurity regulations and compliance (e.g., HIPAA, HITECH, NYSDOH 405.46).
  • Strong understanding of information security control frameworks (e.g., NIST 800-53, HICP, HITRUST).
  • Experience working with risk detection and prioritization solutions in a cloud enterprise.
  • Experience working with network and platform vulnerability best practices, and tools such as Wiz and Tenable or similar.
  • Strongly prefer exposure to IoMT (Internet of Medical Things).
  • Ability to balance security controls with the needs of business, clinical and IT operations.
  • Excellent verbal and written communication skills, including the ability to present complex technical information to non-technical stakeholders.
  • Strong analytical and problem-solving skills, with the ability to prioritize and manage multiple initiatives simultaneously.
#SF-DICE-MIT #SC-LI
Montefiore Medical Center is an equal employment opportunity employer. Montefiore Medical Center will recruit, hire, train, transfer, promote, layoff and discharge associates in all job classifications without regard to their race, color, religion, creed, national origin, alienage or citizenship status, age, gender, actual or presumed disability, history of disability, sexual orientation, gender identity, gender expression, genetic predisposition or carrier status, pregnancy, military status, marital status, or partnership status, or any other characteristic protected by law.

Seniority level

  • Seniority level

    Mid-Senior level

Employment type

  • Employment type

    Full-time

Job function

  • Job function

    Analyst

  • Industries

    Computer and Network Security

Referrals increase your chances of interviewing at Jobs via Dice by 2x

Sign in to set job alerts for “Information Security Engineer” roles.

New York, NY $63,750.00-$105,000.00 3 days ago

New York, NY $165,000.00-$200,000.00 5 days ago

New York, NY $175,000.00-$225,000.00 1 week ago

Information Security Analyst (Application Security)

Cyber Security Detection Engineer - (Fulltime)100% Remote

New York, NY $115,000.00-$150,000.00 1 month ago

New York, NY $90,000.00-$115,000.00 1 week ago

Information Security and Compliance Analyst

New York, NY $95,000.00-$105,000.00 3 weeks ago

Cyber Security Systems Engineer - Remote

New York, NY $135,000.00-$200,000.00 6 months ago

Information Security Engineer, Internship

New York City Metropolitan Area $120,000.00-$200,000.00 5 months ago

Elizabeth, NJ $92,000.00-$138,000.00 6 days ago

New York, NY $70,000.00-$77,000.00 3 weeks ago

New York City Metropolitan Area $125,000.00-$175,000.00 3 months ago

Information Security Analyst (Threat & Vulnerability)

New York, NY $150,000.00-$155,000.00 3 weeks ago

New York, NY $100,000.00-$130,000.00 5 days ago

New York, NY $166,000.00-$208,000.00 2 weeks ago

New York City Metropolitan Area 2 days ago

Network Security Engineer - Quant Trading - $250,000 - NYC

New York City Metropolitan Area 2 weeks ago

Jersey City, NJ $180,000.00-$200,000.00 3 weeks ago

Cybersecurity Engineer, Network Security

New York, NY $93,080.00-$152,915.00 3 days ago

Information Technology Security Engineer

Purchase, NY $89,000.00-$120,000.00 5 days ago

New York, NY $116,000.00-$152,250.00 5 days ago

Security Engineer Investigator, Insider Trust

New York, NY $147,000.00-$208,000.00 4 days ago

Staff Network Security Engineer, Google Enterprise Network

New York, NY $183,000.00-$271,000.00 4 days ago

New York, NY $170,000.00-$260,000.00 4 days ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr