At UPMC, we are committed to keeping our communities safe and healthy as the COVID-19 pandemic unfolds.

Our recruiters will continue to fill positions throughout this time, but interviews and other processes may be modified to protect the safety of our candidates and employees. Thank you for your patience.

For more information about UPMC's response to COVID-19, please visit upmc.com/coronavirus.

Search Our Jobs

   Current UPMC employees must apply in HR Direct

Information Security Analyst (Vulnerability Management) - Intermediate

  • Job ID: 131882133
  • Status: Full-Time
  • Regular/Temporary: Regular
  • Hours:
  • Shift: Day Job
  • Facility: Corporate Information Services
  • Department: System Security IT
  • Location: 2000 Mary St, Pittsburgh PA 15203
  • Union Position: No
  • Salary Range: $33.54 to $51.05 / hour

Description

UPMC is actively hiring for an Intermediate Information Security Analyst role within the Vulnerability Management team. The Vulnerability Management team is responsible for identifying and communicating security vulnerabilities on-premise and in the cloud for UPMC digital assets and applications. Also responsible for security policies, adherence to IT Security frameworks like HITRUST, and for assessing the security posture of third-party applications
This role will work under the direction of the management team and senior staff, the Information Security Analyst supports the Information Security Group's efforts to develop secure systems and networks through the use of automated tools, execution of security processes and procedures, and reporting.
If you are someone who has a passion for information security and is excited to work within a close-knit team of highly knowledgeable individuals, then we encourage you to apply today! 

Responsibilities:
  • Perform comprehensive vulnerability assessments and continuous monitoring across the organization.
  • Develop and maintain security incident handling processes.
  • Review and revise security policies as identified through technology and risk analysis reviews.
  • Manage the entire lifecycle of vulnerabilities from discovery, triage, advising, remediation, and validation.
  • Problem Resolution Resolves most common and many moderately complex to complex problems/issues/ opportunities. Responds to unfamiliar, undefined, unexpected or unstable situations with the professionally prescribed standard response.
  • Disaster Recovery - Follow defined standard designs, and develop backup/restore, server and network technologies and protocols within accepted standards. Communicates and trains security and disaster recovery procedures to the IT staff Develops recovery procedure models. Tests contingency capabilities; responsible for recovery exercise preparation.
  • Develop and deliver Security Awareness Training Programs to all affiliated entities.
  • Assist Application and System Support representatives in the development and accreditation of Security Plans to ensure policy and best practice compliance of controls in place.
  • Resolve security issues in complex multi-disciplined environments.
  • Provide on-call support at designated times in accordance with the policies and procedures of the Health System.
  • Ability to establish priorities and delegate tasks to the appropriate personnel or work independently as necessary.
  • Project Management Works with project manager to define tasks and create team work plans with moderate supervision. Delegates work to others and monitors progress. Identifies issues affecting work progress and recommends solutions. Communicates schedule variances and potential scope changes in status reports. Controls project costs, communicating any project-related expenses and recommends ways to control costs.
  • Business Partnership Interfaces with business partners to help identify issues and resolve problems. Analyzes business requests for feasibility review, including initial cost/benefit analysis; prioritizes requests and conducts capacity planning.
  • Develop automated routines for account administration and security measure deployment efficiencies.
  • Develop and implement security policy enforcement technologies.
  • Perform high risk and sensitive security strength testing and analysis.
  • In the course of professional activities, conducts themselves in accordance with the highest standards of moral, ethical and legal behavior
  • Develop and maintain service levels with the various user departments and Heath System business units, and creates reports on the attainment of those levels.

Qualifications

  • Typically has a 4-year academic degree and 2+ years of information security or equivalent practical work experience.
  • Demonstrates and applies thorough understanding of information technology tools, best practices, and concepts.
  • Completes ongoing training on-the-job, through courses, self-study, certifications and/or advanced degrees to maintain and enhance technical and business capabilities.
  • Maintains current knowledge of security techniques and technologies and applies that knowledge to mitigate risk.
  • Participates in an On-Call Team rotation.
Preferred Qualifications: 
  • Experience with vulnerability scanners (e.g. Tenable, Rapid7, Qualys, OpenVAS, etc.).
  • Experience with web application scanners (e.g. WebInspect, AppScan, Accunetix, Burp, etc.).
  • Ability to prioritize impactful vulnerabilities and reduce noise often associated with vulnerability tools.
  • Experience working with Windows, Linux and/or other Unix-like variants.
  • Understanding of TCP, UDP, HTTP, IP and other network protocols.
  • Understanding of how to triage vulnerabilities and validate tool findings before reporting them or taking action.
  • Experience working with Windows, Linux and/or other Unix-like variants.
  • Understanding of how to triage vulnerabilities and validate tool findings before reporting them or taking action.
  • Ability to automate and script tasks (e.g. Python, PowerShell, BASH).
  • Ability to utilize and write scripts against common web APIs (REST, SOAP).
  • Experience working in a cloud environment (AWS or Azure).
This is a remote opportunity with office space available when needed in Pittsburgh, PA

Licensure, Certifications, and Clearances:
  • Technical security certifications (OSCP, CEH, etc.) or academic background a plus.
UPMC is an Equal Opportunity Employer/Disability/Veteran
UPMC has a Center for Engagement and Inclusion that is charged with executing leading-edge and next-generation diversity strategies to advance the organization’s diversity management capability and its national presence as a diversity leader. This includes having Employee Resource Groups, such as Women in Information Technology (WIT), Female Leadership Innovation and Growth in Health Care & Technology (FLIGHT), or PRIDE Health, that support the implementation of our diversity strategy.

Total Rewards

More than just competitive pay and benefits, UPMC’s Total Rewards package cares for you in all areas of life — because we believe that you’re at your best when receiving the support you need: professional, personal, financial, and more.

Our Values

At UPMC, we’re driven by shared values that guide our work and keep us accountable to one another. Our Values of Quality & Safety, Dignity & Respect, Caring & Listening, Responsibility & Integrity, Excellence & Innovation play a vital role in creating a cohesive, positive experience for our employees, patients, health plan members, and community. Ready to join us? Apply today.

   Current UPMC employees must apply in HR Direct