We are so glad you are interested in joining Sutter Health!
Organization:
SHSO-Sutter Health System Office-ValleyPosition Overview:
This role will develop and build security controls, administer security technology solutions to reduce risk and/or ensure rapid delivery of least-privilege access to users. As a level 3 engineer, you will create technical plans and implementation strategies within security to address risk and improve user experience. Applies extensive knowledge of security, risk, and technology to lead the resolution of complex problems. This role will lead cross collaboration across business and technology teams to find solutions to complex challenges, applying advanced knowledge of the security ecosystem. Proficient at leading all phases of projects, programs and initiatives of diverse scope and complexity. Works and collaborates with others in a lead role based on business need. Duties include, but are not limited to, engineering, analysis, research, testing, and monitoring.Vulnerability Management
• Own and engineer the enterprise Vulnerability Management platform, including configuration, optimization, coverage strategy, and continuous improvement of asset discovery and authenticated scanning capabilities
• Design and maintain end-to-end vulnerability data pipelines, ensuring accuracy, completeness, and normalization of vulnerability findings across infrastructure, endpoints, applications, and cloud assets
• Lead integration of vulnerability data into ITIL-aligned enterprise vulnerability reporting and remediation workflows, including automation of ticket creation, routing logic, SLA enforcement, and escalation paths
• Develop and operationalize risk-based prioritization models, correlating vulnerability severity, exploitability, threat intelligence, and asset criticality to drive enterprise remediation focus
• Define and deliver executive-level metrics, dashboards, and reporting, including remediation trends, exposure reduction, and program effectiveness, enabling data-driven risk decisions
• Act as a senior technical authority for vulnerability lifecycle management, including scan validation, false-positive reduction, coverage gap analysis, and continuous tuning to improve detection fidelity and reduce noise
• Serve as a senior technical advisor to application and engineering teams by translating vulnerability findings into clear, actionable guidance, explaining detection logic, validation methods, and risk context to enable effective and accurate remediation
Job Description:
EDUCATION:
Bachelor's: Business, Cybersecurity, Computer Science, Information Technology/Security, Risk Management, or related field or equivalent education/experience
TYPICAL EXPERIENCE:
9 years recent relevant experience
PREFERRED EXPERIENCE:
Advanced knowledge of enterprise vulnerability management programs, including vulnerability lifecycle management, remediation governance, exception processes, and industry best practices.
Expertise administering enterprise vulnerability management platforms, including configuration, optimization, authenticated scanning, asset discovery, exposure management, and continuous improvement of security coverage.
Advanced experience with Tenable One, including vulnerability assessment, exposure management, attack surface management, asset inventory management, vulnerability prioritization, reporting, and platform administration.
Experience integrating vulnerability management platforms with ServiceNow Vulnerability Response, including vulnerability ingestion, asset correlation, CMDB reconciliation, workflow automation, remediation tracking, and operational reporting.
Advanced understanding of vulnerability frameworks and standards, including CVE, CVSS, CWE, CPE, threat intelligence, exploitability analysis, and threat-informed risk assessment methodologies.
Experience leveraging security automation, workflow orchestration, REST APIs, and scripting languages such as PowerShell and Python to improve operational efficiency and scalability.
Strong analytical skills with demonstrated experience interpreting large-scale vulnerability data, performing risk quantification, and assessing cybersecurity risks to support effective decision-making.
Advanced experience developing cybersecurity metrics, KPIs, KRIs, dashboards, and executive-level reporting, with the ability to communicate complex technical findings and business risk insights to technical and non-technical stakeholders.
Experience supporting vulnerability data integration and synchronization between vulnerability management platforms, CMDB systems, and IT service management workflows to improve asset visibility, remediation effectiveness, and enterprise risk reduction.
SKILLS AND KNOWLEDGE:
An understanding of the impact of emerging business and end-user technologies have on information security requirements and architecture.
An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business.
Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
Good interpersonal skills, with an emphasis on the ability to effectively influence others.
A team-focused mentality with the demonstrable ability to work effectively with diverse team members.
Ability to communicate sophisticated and technical issues to diverse audiences up to company executives, orally and in writing, in an easily-understood, authoritative, and actionable manner.
Able to work with a changing schedule that includes standard or non-standard business hours of work.
Thorough knowledge of information systems security concepts and current information security trends and practices including security processes and methods.
General knowledge of Federal and State IS security and privacy-related regulatory requirements and laws.
General knowledge regarding National Institute of Standards and Technology (NIST), Health Insurance Portability and Accountability Act (HIPAA), Federal Information Processing Standards (FIPS), and other recognized industry security standards. and best practices.
In depth knowledge of cyber security solutions, policies, and technologies.
Understanding of the lifecycle of a network threat and network vulnerability exploitation in a healthcare environment.
Technical skills in planning, administration, and management of information systems, operational and technical security controls, and security risk analysis and management.
Proven ability to prioritize work while multi-tasking on assigned work.
Ability to participate in security incident and post incident response process.
Support of Change management requirements and processes for all production level changes.
Understanding of Sutter Health policies, standards, and requirements for all recommendations and solutions.
These Principal Accountabilities, Requirements and Qualifications are not exhaustive, but are merely the most descriptive of the current job. Management reserves the right to revise the job description or require that other tasks be performed when the circumstances of the job change (for example, emergencies, staff changes, workload, or technical development).
Job Shift:
DaysSchedule:
Full TimeDays of the Week:
Monday - FridayWeekend Requirements:
As NeededBenefits:
YesUnions:
NoPosition Status:
ExemptWeekly Hours:
40Employee Status:
RegularSutter Health is an equal opportunity employer EOE/M/F/Disability/Veterans.
Pay Range is $146,910.40 to $235,060.80 / annual salaryThe compensation range may vary based on the geographic location where the position is filled. Total compensation considers multiple factors, including, but not limited to a candidate’s experience, education, skills, licensure, certifications, departmental equity, training, and organizational needs. Base pay is only one component of Sutter Health’s comprehensive total rewards program. Eligible positions also include a comprehensive benefits package.
Skills Required
- Bachelor's in Business, Cybersecurity, Computer Science, IT/Security, Risk Management, or related field or equivalent education/experience
- 9 years recent relevant experience
- Advanced knowledge of enterprise vulnerability management programs (lifecycle management, remediation governance, exception processes)
- Expertise administering enterprise vulnerability management platforms including configuration, optimization, authenticated scanning, asset discovery, and exposure management
- Advanced experience with Tenable One platform administration, vulnerability assessment, exposure management, and asset inventory management
- Experience integrating vulnerability management platforms with ServiceNow Vulnerability Response, including asset correlation and CMDB reconciliation
- Advanced understanding of vulnerability frameworks and standards (CVE, CVSS, CWE, CPE) and exploitability/threat-informed risk assessment
- Experience leveraging security automation, workflow orchestration, REST APIs, and scripting languages such as PowerShell and Python
- Experience developing cybersecurity metrics, KPIs, dashboards, and executive-level reporting
- Thorough knowledge of information systems security concepts, current security trends, and relevant standards/regulations (NIST, HIPAA, FIPS)
- Ability to communicate complex technical issues to technical and non-technical stakeholders, including executives
Sutter Health Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Sutter Health and has not been reviewed or approved by Sutter Health.
-
Healthcare Strength — Healthcare coverage is described as comprehensive, with broad networks and strong wellness support. Family coverage is characterized as low-cost or nearly free in some plan options, reinforcing perceived value.
-
Retirement Support — Retirement offerings include employer matching and, in some cases, a pension after a tenure threshold. Supplemental protections like life and disability insurance add to the overall financial security package.
-
Leave & Time Off Breadth — Paid time off is framed as generous, with examples of sizable PTO allotments early in tenure. Additional supports such as flexible scheduling and leave programs contribute to a sense of time-off breadth.
Sutter Health Insights
What We Do
Sutter Health is one of the nation's leading not-for-profit healthcare networks, which includes award-winning physician organizations, acute care hospitals, surgery centers, medical research facilities and specialty services. Our team of 68,000 doctors, employees and volunteers proudly cares for Northern California. Our facilities and care centers are located in large, urban cities and small, rural communities, from the Pacific Coast to the San Joaquin Valley. You’ll find us in San Francisco, Oakland, Sacramento, the snowy mountains of the Sierra Nevada and Lake Tahoe, Napa Valley, Yosemite and the coastal redwoods. We even have an affiliate in Hawaii. Join us and be part of a dedicated group of professionals committed to putting patients’ needs first and achieving the highest levels of quality, access and affordability.







