Cardinal Health
What Cyber Security contributes to Cardinal Health
Information Security is responsible for managing information security operations. We exist to ensure availability, integrity, and confidentiality of healthcare infrastructure that safeguards the patient. We promote a culture that protects information assets, manages risk, and embeds security in people, process, and technology.
Job Description
The Sr. Engineer -Threat Operations is responsible for discovering, assessing, and mitigating risks across Cardinal Health's infrastructure, and digital footprint. This role leads tactical efforts and supports strategic initiatives to improve remediation SLA's and reduce the organization's attack surface. Responsibilities include asset discovery, vulnerability analysis, risk mitigation, tool management, collaboration across teams, and reporting on overall vulnerability management posture.
What is expected of you and others at this level
High-performing team member related to planning, development, and execution of VM & ASM program initiatives
Execution in alignment with fiscal year goals for Cyber Security, IT, and the business
Applies comprehensive knowledge and a thorough understanding of concepts, principles, and technical capabilities related to attack surface management, vulnerability lifecycle, and digital asset protection
Develops and implements innovative solutions to a wide range of difficult problems
Provides diverse thought and promotes an inclusive environment
Completes work independently; receives general guidance on new projects
May act as a mentor to less experienced colleagues
Accountabilities in this role
Continuously discover and maintain an accurate, real-time inventory of all digital assets, including internet-facing systems, cloud environments, and IoT devices
Analyze identified assets for vulnerabilities, misconfigurations, and risks
Collaborate with IT, IoT, platform engineering, and business teams to integrate security into operations and workflows
Recommend and implement standards to reduce the attack surface and prioritize remediation efforts
Utilize and manage VM & ASM tools for asset discovery, vulnerability scanning, and monitoring
Prepare reports and dashboards on VM posture, KPIs, and remediation initiatives
Educate and train IT and network teams on VM and proactive security practices
Drive automation and control improvements to enhance security posture
Required Qualifications:
Experience in Engineering/IT Operations, Security Operations, Vulnerability Management, and/or Attack Surface Management in large enterprise environments
Proficiency with security tools and technologies including vulnerability scanners and network monitoring tools
Solid understanding of security protocols, standards, and attack vectors
Knowledge of cloud-native security practices (e.g., AWS, Azure, GCP) and system/application hardening
Strong analytical and problem-solving skills
Excellent communication and collaboration skills
Understanding of common web vulnerabilities (e.g., XSS, SQL Injection) and familiarity with web applications and APIs
Preferred Qualifications:
Bachelor's degree in information security, Computer Science, or related field
Familiarity with achieving remediation SLAs, and NIST Control Frameworks
Experience working with Open-Source tools
Experience with SIEM, SOAR, Vulnerability Management, Attack Surface Management tools
Relevant certifications such as CISSP, CCSP, CCSK, GIAC (GCIH, GPEN), Security
Anticipated salary range:
$123,400 - $185,115
Bonus eligible:
Yes
Benefits:
Cardinal Health offers a wide variety of benefits and programs to support health and well-being.
Medical, dental and vision coverage
Paid time off plan
Health savings account (HSA)
401k savings plan
Access to wages before pay day with myFlexPay
Flexible spending accounts (FSAs)
Short- and long-term disability coverage
Work-Life resources
Paid parental leave
Healthy lifestyle programs
Application window anticipated to close:
10/15/2025 *if interested in opportunity, please submit application as soon as possible.
The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate's geographical location, relevant education, experience and skills and an evaluation of internal pay equity.
Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply.
Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal
Opportunity/Affirmative
Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law.
To read and review this privacy notice click
here (https://www.cardinalhealth.com/content/dam/corp/email/documents/corp/cardinal-health-online-application-privacy-policy.pdf)
Information Security is responsible for managing information security operations. We exist to ensure availability, integrity, and confidentiality of healthcare infrastructure that safeguards the patient. We promote a culture that protects information assets, manages risk, and embeds security in people, process, and technology.
Job Description
The Sr. Engineer -Threat Operations is responsible for discovering, assessing, and mitigating risks across Cardinal Health's infrastructure, and digital footprint. This role leads tactical efforts and supports strategic initiatives to improve remediation SLA's and reduce the organization's attack surface. Responsibilities include asset discovery, vulnerability analysis, risk mitigation, tool management, collaboration across teams, and reporting on overall vulnerability management posture.
What is expected of you and others at this level
High-performing team member related to planning, development, and execution of VM & ASM program initiatives
Execution in alignment with fiscal year goals for Cyber Security, IT, and the business
Applies comprehensive knowledge and a thorough understanding of concepts, principles, and technical capabilities related to attack surface management, vulnerability lifecycle, and digital asset protection
Develops and implements innovative solutions to a wide range of difficult problems
Provides diverse thought and promotes an inclusive environment
Completes work independently; receives general guidance on new projects
May act as a mentor to less experienced colleagues
Accountabilities in this role
Continuously discover and maintain an accurate, real-time inventory of all digital assets, including internet-facing systems, cloud environments, and IoT devices
Analyze identified assets for vulnerabilities, misconfigurations, and risks
Collaborate with IT, IoT, platform engineering, and business teams to integrate security into operations and workflows
Recommend and implement standards to reduce the attack surface and prioritize remediation efforts
Utilize and manage VM & ASM tools for asset discovery, vulnerability scanning, and monitoring
Prepare reports and dashboards on VM posture, KPIs, and remediation initiatives
Educate and train IT and network teams on VM and proactive security practices
Drive automation and control improvements to enhance security posture
Required Qualifications:
Experience in Engineering/IT Operations, Security Operations, Vulnerability Management, and/or Attack Surface Management in large enterprise environments
Proficiency with security tools and technologies including vulnerability scanners and network monitoring tools
Solid understanding of security protocols, standards, and attack vectors
Knowledge of cloud-native security practices (e.g., AWS, Azure, GCP) and system/application hardening
Strong analytical and problem-solving skills
Excellent communication and collaboration skills
Understanding of common web vulnerabilities (e.g., XSS, SQL Injection) and familiarity with web applications and APIs
Preferred Qualifications:
Bachelor's degree in information security, Computer Science, or related field
Familiarity with achieving remediation SLAs, and NIST Control Frameworks
Experience working with Open-Source tools
Experience with SIEM, SOAR, Vulnerability Management, Attack Surface Management tools
Relevant certifications such as CISSP, CCSP, CCSK, GIAC (GCIH, GPEN), Security
Anticipated salary range:
$123,400 - $185,115
Bonus eligible:
Yes
Benefits:
Cardinal Health offers a wide variety of benefits and programs to support health and well-being.
Medical, dental and vision coverage
Paid time off plan
Health savings account (HSA)
401k savings plan
Access to wages before pay day with myFlexPay
Flexible spending accounts (FSAs)
Short- and long-term disability coverage
Work-Life resources
Paid parental leave
Healthy lifestyle programs
Application window anticipated to close:
10/15/2025 *if interested in opportunity, please submit application as soon as possible.
The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate's geographical location, relevant education, experience and skills and an evaluation of internal pay equity.
Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply.
Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal
Opportunity/Affirmative
Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law.
To read and review this privacy notice click
here (https://www.cardinalhealth.com/content/dam/corp/email/documents/corp/cardinal-health-online-application-privacy-policy.pdf)