Job Information
Centene Corporation Lead Vulnerability Management Analyst in Raleigh, North Carolina
You could be the one who changes everything for our 28 million members by using technology to improve health outcomes around the world. As a diversified, national organization, Centene's technology professionals have access to competitive benefits including a fresh perspective on workplace flexibility.
Position Purpose: Leads the organization's vulnerability management infrastructure and processes. Works with key stakeholders to create strategies and actionable reporting for the prioritization and timely remediation of vulnerabilities. Identifies systemic security issues based on the analysis of vulnerability and configuration data. Performs impact and risk assessments based on vulnerability data.
Assesses vulnerabilities across applications, endpoints, databases, networking, mobile and cloud assets
Conducts continuous discovery and vulnerability assessment of enterprise-wide assets
Reviews reports, assets and vulnerability state; recommend remediation and validation approaches
Partners with various IT and application teams in remediation efforts to ensure vulnerabilities have been appropriately remediated or managed in a timely manner
Stay abreast of vulnerability results to technical and non-technical business units based on risk tolerance and threat to the business. Gain stakeholder support through influential messaging
Leverages vulnerability database sources to understand systems weaknesses, its probability and remediation options, including vendor-supplied fixes and workarounds
Directs the research of new technologies and works with key stakeholders to assess risk and implement and/or validate controls as necessary
Reviews vulnerabilities data from multiple sources (i.e., external / internal penetration testing, internal / external vulnerability scanning, etc.) across multiple technologies and environment including infrastructure and applications to determine risk rating of vulnerabilities to business assets
Works with Technology teams in static (SAST) and dynamic (DAST) scanning analysis to understand application threats and vulnerabilities
Performs other duties as assigned
Complies with all policies and standards
Education/Experience: A Bachelor's degree in a quantitative or business field (e.g., statistics, mathematics, engineering, computer science).
Requires 5 – 7 years of related experience.
Or equivalent experience acquired through accomplishments of applicable knowledge, duties, scope and skill reflective of the level of this position.
Technical Skills:
One or more of the following skills are desired.
Other: OWASP framework and the software development lifecycle
Other: Familiar with the laws, regulations, industry standards and guidance pertaining to data protection and information security in the healthcare industry
Other: Experience in vulnerability scanning, security information and event management (SIEM), penetration testing, and/or advanced malware protection
Other: Experience with SAST and DAST tools and technologies
Other: Knowledge of Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS), Service Organization Controls (SOC) 2, Sarbanes–Oxley Act (SOX), etc.
Soft Skills:
Intermediate - Seeks to acquire knowledge in area of specialty
Intermediate - Ability to identify basic problems and procedural irregularities, collect data, establish facts, and draw valid conclusions
Intermediate - Ability to work independently
Intermediate - Demonstrated analytical skills
Intermediate - Demonstrated project management skills
Intermediate - Demonstrates a high level of accuracy, even under pressure
Intermediate - Demonstrates excellent judgment and decision making skills
Intermediate - Ability to communicate and make recommendations to upper management
Intermediate - Ability to drive multiple projects to successful completion
Intermediate - Possesses technical aptitude
License/Certification:
CISSP Certified Information Systems Security Professional preferred
Certified Information Security Manager (CISM) preferred
GIAC Enterprise Vulnerability Assessor (GEVA) preferred
Pay Range: $98,900.00 - $183,100.00 per year
Centene offers a comprehensive benefits package including: competitive pay, health insurance, 401K and stock purchase plans, tuition reimbursement, paid time off plus holidays, and a flexible approach to work with remote, hybrid, field or office work schedules. Actual pay will be adjusted based on an individual's skills, experience, education, and other job-related factors permitted by law. Total compensation may also include additional forms of incentives.
Centene is an equal opportunity employer that is committed to diversity, and values the ways in which we are different. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or other characteristic protected by applicable law.
Qualified applicants with arrest or conviction records will be considered in accordance with the LA County Ordinance and the California Fair Chance Act
Centene Corporation
- Centene Corporation Jobs