You could be the one who changes everything for our 28 million members by using technology to improve health outcomes around the world. As a diversified, national organization, Centene's technology professionals have access to competitive benefits including a fresh perspective on workplace flexibility.
Position Purpose:Leads the organization's vulnerability management infrastructure and processes. Works with key stakeholders to create strategies and actionable reporting for the prioritization and timely remediation of vulnerabilities. Identifies systemic security issues based on the analysis of vulnerability and configuration data. Performs impact and risk assessments based on vulnerability data.
Assesses vulnerabilities across applications, endpoints, databases, networking, mobile and cloud assetsConducts continuous discovery and vulnerability assessment of enterprise-wide assetsReviews reports, assets and vulnerability state; recommend remediation and validation approachesPartners with various IT and application teams in remediation efforts to ensure vulnerabilities have been appropriately remediated or managed in a timely mannerStay abreast of vulnerability results to technical and non-technical business units based on risk tolerance and threat to the business. Gain stakeholder support through influential messagingLeverages vulnerability database sources to understand systems weaknesses, its probability and remediation options, including vendor-supplied fixes and workaroundsDirects the research of new technologies and works with key stakeholders to assess risk and implement and/or validate controls as necessaryReviews vulnerabilities data from multiple sources (i.e., external / internal penetration testing, internal / external vulnerability scanning, etc.) across multiple technologies and environment including infrastructure and applications to determine risk rating of vulnerabilities to business assetsWorks with Technology teams in static (SAST) and dynamic (DAST) scanning analysis to understand application threats and vulnerabilitiesPerforms other duties as assignedComplies with all policies and standardsEducation/Experience:A Bachelor's degree in a quantitative or business field (e.g., statistics, mathematics, engineering, computer science). Requires 5 – 7 years of related experience or equivalent experience acquired through accomplishments of applicable knowledge, duties, scope and skill reflective of the level of this position.
Technical Skills:One or more of the following skills are desired:OWASP framework and the software development lifecycleFamiliar with the laws, regulations, industry standards and guidance pertaining to data protection and information security in the healthcare industryExperience in vulnerability scanning, security information and event management (SIEM), penetration testing, and/or advanced malware protectionExperience with SAST and DAST tools and technologiesKnowledge of Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS), Service Organization Controls (SOC) 2, Sarbanes–Oxley Act (SOX), etc.Soft Skills:Intermediate - Seeks to acquire knowledge in area of specialtyIntermediate - Ability to identify basic problems and procedural irregularities, collect data, establish facts, and draw valid conclusionsIntermediate - Ability to work independentlyIntermediate - Demonstrated analytical skillsIntermediate - Demonstrated project management skillsIntermediate - Demonstrates a high level of accuracy, even under pressureIntermediate - Demonstrates excellent judgment and decision making skillsIntermediate - Ability to communicate and make recommendations to upper managementIntermediate - Ability to drive multiple projects to successful completionIntermediate - Possesses technical aptitudeLicense/Certification:CISSP Certified Information Systems Security Professional preferredCertified Information Security Manager (CISM) preferredGIAC Enterprise Vulnerability Assessor (GEVA) preferredPay Range: $98,900.00 - $183,100.00 per year
Centene offers a comprehensive benefits package including: competitive pay, health insurance, 401K and stock purchase plans, tuition reimbursement, paid time off plus holidays, and a flexible approach to work with remote, hybrid, field or office work schedules. Actual pay will be adjusted based on an individual's skills, experience, education, and other job-related factors permitted by law. Total compensation may also include additional forms of incentives.
Centene is an equal opportunity employer that is committed to diversity, and values the ways in which we are different. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or other characteristic protected by applicable law.
Qualified applicants with arrest or conviction records will be considered in accordance with the LA County Ordinance and the California Fair Chance Act.
#J-18808-Ljbffr