Community Health Systems
Cyber Security Specialist, Attack Surface Management
Community Health Systems, Franklin, Tennessee, us, 37068
Overview
Cyber Security Specialist, Attack Surface Management role at Community Health Systems. As a member of the Exposure Management Team, the Cyber Security Specialist for External Attack Surface Management owns complex analysis across internet-facing assets—cloud, hybrid, SaaS, domains, applications, APIs, certificates, and shadow IT—to identify, validate, and prioritize vulnerabilities, misconfigurations, leaked data, and other exposures that create a material business risk. The Specialist operates within the exposure management team as a subject matter expert in vulnerability management, ensuring sound practices while designing, growing, and maintaining the external attack surface management program. This role contributes to vulnerability identification and remediation methodologies, supports penetration testing practices, report generation, and more. The Specialist reports findings and classifications of new vulnerabilities and partners with Threat Intelligence to incorporate current threat activity into risk prioritization. The Specialist works with other security and information technology team members to develop plans for reporting and remediation of vulnerabilities across all operating systems, applications, and other internet-facing assets in the enterprise.
Essential Functions
Designs, configures, and implements advanced cyber security technologies, ensuring compliance with NIST and other industry frameworks.
Leads the identification, assessment, and resolution of complex security risks across infrastructure, applications, and data environments.
Provides strategic input on the development and execution of security controls, policies, and standards.
Partners with IT, business leaders, and audit stakeholders to align security strategies with enterprise initiatives.
Develops and maintains comprehensive documentation for security systems, processes, and incident response procedures.
Leads root cause analysis and resolution of high-impact security incidents and provides 24/7 expert-level support as needed.
Mentors technical staff, influencing organizational security decisions and driving continuous improvement initiatives.
Monitors security platforms and develops proactive threat detection and response strategies to reduce risk exposure.
Performs other duties as assigned.
Complies with all policies and standards.
Qualifications
H.S. Diploma or GED required
Associate Degree or Bachelor’s Degree in Cyber Security, Computer Science, Information Systems, or related field preferred
7-9 years of Cyber Security or related IT experience required
8-10 years of enterprise-level security experience preferred
Knowledge, Skills And Abilities
Deep technical expertise in enterprise security domains including endpoint, network, and cloud security.
Proven ability to troubleshoot, analyze, and resolve highly complex security issues.
Strong understanding of security frameworks (e.g., NIST 800-53) and regulatory compliance requirements.
Effective communicator with the ability to convey complex technical concepts to both technical and non-technical audiences.
Demonstrated leadership in mentoring, team collaboration, and cross-functional stakeholder engagement.
Ability to manage multiple initiatives in a fast-paced, high-risk environment.
Licenses and Certifications
Industry certifications such as CISSP, CISM, GIAC, OSCP, Security+, SSCP, GSEC, or ITIL preferred
Seniority level
Mid-Senior level
Employment type
Full-time
Job function
Engineering and Information Technology
Industries
Hospitals and Health Care
#J-18808-Ljbffr
Essential Functions
Designs, configures, and implements advanced cyber security technologies, ensuring compliance with NIST and other industry frameworks.
Leads the identification, assessment, and resolution of complex security risks across infrastructure, applications, and data environments.
Provides strategic input on the development and execution of security controls, policies, and standards.
Partners with IT, business leaders, and audit stakeholders to align security strategies with enterprise initiatives.
Develops and maintains comprehensive documentation for security systems, processes, and incident response procedures.
Leads root cause analysis and resolution of high-impact security incidents and provides 24/7 expert-level support as needed.
Mentors technical staff, influencing organizational security decisions and driving continuous improvement initiatives.
Monitors security platforms and develops proactive threat detection and response strategies to reduce risk exposure.
Performs other duties as assigned.
Complies with all policies and standards.
Qualifications
H.S. Diploma or GED required
Associate Degree or Bachelor’s Degree in Cyber Security, Computer Science, Information Systems, or related field preferred
7-9 years of Cyber Security or related IT experience required
8-10 years of enterprise-level security experience preferred
Knowledge, Skills And Abilities
Deep technical expertise in enterprise security domains including endpoint, network, and cloud security.
Proven ability to troubleshoot, analyze, and resolve highly complex security issues.
Strong understanding of security frameworks (e.g., NIST 800-53) and regulatory compliance requirements.
Effective communicator with the ability to convey complex technical concepts to both technical and non-technical audiences.
Demonstrated leadership in mentoring, team collaboration, and cross-functional stakeholder engagement.
Ability to manage multiple initiatives in a fast-paced, high-risk environment.
Licenses and Certifications
Industry certifications such as CISSP, CISM, GIAC, OSCP, Security+, SSCP, GSEC, or ITIL preferred
Seniority level
Mid-Senior level
Employment type
Full-time
Job function
Engineering and Information Technology
Industries
Hospitals and Health Care
#J-18808-Ljbffr