Senior Cybersecurity Specialist - Red Team - Pentester

Join the Cleveland Clinic team where you will work alongside passionate caregivers and making a lasting, meaningful impact on patient care. Here, you will receive endless support and appreciation while building a rewarding career with one of the most respected healthcare organizations in the world.      

The Senior Cybersecurity Specialist performs all necessary duties to ensure the safety of information technology assets and to protect systems from intentional or inadvertent access. This position will frequently collaborate with Cybersecurity Management and provide guidance and direction for the Cybersecurity program. The Senior Specialist provides the best solutions to identified needs, meeting specific operational and business objectives, technology capabilities, and human resource requirements. This role offers meaningful learning and development opportunities through frequent interactions and collaboration with Cybersecurity leadership on projects and direction for the Cybersecurity procedures and products. 

A caregiver in this position works remotely, Monday-Friday 8:00am-5:00pm EST.   

A caregiver who excels in this role will:  

• Maintain baselines for secure configuration and operations. 

• Track all activity, ensuring timely resolution of problems. 

• Leading the identification of advanced security systems and controls to ensure the monitoring and configuring of security appliances. 

• Lead Cybersecurity projects, including planning, obtaining customer input and projecting resource requirements. 

• Collaborate on IT projects to ensure that security issues are addressed throughout the project life cycle. 

• Analyze and integrate Security Solutions into multiple platforms, including Clinical and Financial Systems. 

• Research and assess new threats and security alerts and recommend remedial action. 

• Review security system requirements with customers and translate requirements into specific functions or deliverables. 

• Analyze flow chart processes and recommend ways to reduce steps and increase efficiency through the use of technology. 

• Coach or provide guidance to lower-level security professionals and support the continuous process of optimizing department resources.   

• Effectively communicates security procedures and policies with caregivers. 

• Weigh business needs against security concerns and articulates issues to management. 

• Provide after-hours support as needed. 

 Minimum qualifications for the ideal future caregiver include:  

• High School Diploma/GED: A minimum of 9 years of Information, Clinical or Financial Systems experience required, including directing, planning and scheduling a major information system project, with at least 5 years of Cyber Security required. 

• Bachelor’s Degree: A minimum of 7 years of Information, Cyber Security, Clinical or Financial Systems experience required, including directing, planning and scheduling a major information system project, with at least 5 years of Cyber Security required.  

• Both Bachelor’s Degree and High School Diploma/GED: Experience in providing specialized technical expertise and support to clients, IT management, and staff in risk assessments, implementation and operational aspects of Cybersecurity procedures and products required 

• For Information Technology Division caregivers, ITIL Foundations certification is required within 6 months of the position start date. 

Preferred qualifications for the ideal future caregiver include:  

• Bachelor’s Degree in Information Technology/Computer Science or related field preferred 

• Certifications from SysAdmin, Audit, Network and Security Institute (SANS), International Information Systems Security Certification Consortium (ISC2) or Computing Technology Industry Association (CompTIA) preferred or other position related certifications. 

• Offensive security certifications preferred, such as SANS GPEN, SANS GXPN, SANS GWAPT, OSCP, OSCE, OSWP, CEH.  

• Manual evaluation of security controls to identify gaps. 

• Recommending security improvements and controls that may include technical, administrative, and physical measures. 

• Use of offensive security tools and frameworks to validate security controls. 

• Working closely with others on cross-functional teams and exposure to diverse security disciplines. 

•  Interacting with other stakeholders (such as information technology departments and business units) to understand the impact of security recommendations and improve security practices. 

• Clear communication of vulnerabilities and associated risks in both written reports and verbal briefings. 

• Ranking and prioritizing vulnerabilities according to risk or potential impact. 

• Utilizing security tools such as Metasploit Framework, Cobalt Strike, BurpSuite and others to audit defensive posture. 

• Assessing security in multiple domains, including network security, cloud environments, application security, wireless security, and physical security. 

• Gathering open-source intelligence (OSINT) to prioritize targeting. 

• Familiarity with the MITRE ATT&CK framework to guide testing and reporting. 

• Conducting realistic social engineering engagements to test user awareness. 

• Secure engineering and administration of cloud architecture. 

• Writing programs or scripts to automate routine tasks and facilitate security testing and reporting. Relevant languages include PowerShell, Python, C#, Golang, Ruby, and others. 

• Maturing cybersecurity programs by identifying and documenting areas for improvement and developing and implementing plans. 

 Our caregivers continue to create the best outcomes for our patients across each of our facilities. Click the link and see how we’re dedicated to providing what matters most to you: https://jobs.clevelandclinic.org/benefits-2/