Senior Cybersecurity Penetration Tester
About The Position
Join a world-class academic healthcare system, UChicago Medicine , as a Senior Cybersecurity Penetration Tester in our Information Security department. This is a remote, work from home opportunity, and you may be based outside of the greater Chicagoland area. In this role, as a Senior Cybersecurity Penetration Tester , you will be responsible for developing, implementing, and maintaining an adversarial testing program to help secure the network, assets, software, cloud, web based, mobile, and other technologies that are used throughout the entirety of the health system. This position will work with the Security Program to identify potential weaknesses and enhance the cybersecurity risk posture for IT leaders and other stakeholders.
Requirements
- Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related field
- 5 years plus of significant, recent relevant experience in IT security penetration testing or red teaming with deep knowledge of scanning tools and vulnerability enumeration
- Good understanding of the HIPAA Security, NIST and other relevant healthcare regulations and standards
- Experience building and growing a penetration testing program combined with a willingness to build and lead our team over time
- Must have hands-on experience with muti-function penetration testing tools such as: Kali Linux, Metasploit, and Wireshark
- Hands-on experience identifying , rating, and triaging web application security vulnerabilities (such as the OWASP Top Ten)
- Hands-on experience developing adversary courses of action using MITRE ATT&CK or similar frameworks
- Hands-on experience executing penetration testing tactics, techniques, and procedures used to identify vulnerabilities in web applications, servers, cloud infrastructure, and on-premises network infrastructure
- Will need to remain up to date on threat intelligence to learn new exploits, attack patterns, and vulnerabilities
- Strong programming and scripting skills with knowledge of diverse programming languages
- Data-driven decision making and teamwork skills
- Experience delivering findings to IT leadership and other stakeholders to get vulnerabilities addressed
- Effective analytic, oral and written communication skills and interpersonal skills
Nice To Haves
- Certifications relevant to adversarial security testing such as CEH, Pentest+, GPEN, and OSCP
- Experience in clinical, research, and education in healthcare
- Academic medical center and/or healthcare consulting experience
- Master’s degree
Responsibilities
- Research, plan, and execute complete penetration testing and red team operations to identify software/network/cloud potential exploits, vulnerabilities, and other weaknesses in security controls.
- Develop and plan methodologies, playbooks, and procedures to implement an adversarial-based IT security program.
- Assess network architecture reviews (manual/automated) and advise on best practices.
- Assist with the development of remediation recommendations for all identified findings.
- Conduct meetings and communicate risks to stakeholders and IT leaders and engineers while advocating for mitigation.
- Other duties as assigned.
Benefits
- UChicago Medicine is committed to transparency in compensation and benefits.
- Review the full complement of benefit options for eligible roles at Benefits - UChicago Medicine
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
