Security Analyst-Level II/III-Full Time-DHTS-Durham
Company: Duke University Health System
Location: Durham
Posted on: May 14, 2022
Job Description:
DHTS: Duke Health Technology Solutions is a robust, specialized
division of Duke University Health System dedicated to the
development and management of enterprise IT systems. A 2018 'Most
Wired' health system, Duke is nationally recognized for IT and
information management as the first healthcare system to achieve
the Davies Award - highest honor by the Healthcare Information and
Management Systems Society (HIMSS) - for inpatient, ambulatory and
analytics health information technology capabilities. Our employees
are among the top-skilled IT experts in the Triangle and partner
with leading scholars, clinicians, and researchers across Duke
University and Duke Health to develop innovative technologies that
support our mission of delivering tomorrow's healthcare today.
Security Analyst The Penetration Testing and Vulnerability
Management team at Duke Health is seeking an Information Security
Analyst - Penetration Tester to support web application and mobile
application security. This team is an important part of the overall
Information Security Office, whose mission is to test and measure
the security posture of all in-scope assets, applications, and
services ensuring that all vulnerabilities are responded to and
addressed. The team is small but made up of talented career
penetration testers and vulnerability analysts, always available
for support and assistance. If you are a passionate and driven
penetration tester, who is looking for a challenging career
opportunity, then please apply and help drive the Duke Health
penetration testing program. In this role, you will work with
Information Security Office (ISO) team members as well as
application owners to identify and mitigate security
vulnerabilities in applications identified through testing.
Communication with business owners, application owners, security
teams, and development partners is critical in this role. You will
also act as an application security SME for the development and
security communities across Duke. Information Security Analyst -
Penetration Tester Responsibilities
- Perform Web application and mobile application penetration
testing
- Deliver some network, service, or host-based security posture
testing
- Manual penetration testing of applications to identify
vulnerabilities across different categories like input and data
validation, authentication, authorization, data access, session
management, error handling, logging, encryption, and
confidentiality
- Conduct Dynamic and Static Application Security Testing (SAST &
DAST)
- Enhance and improve testing tools, scripts and methodologies as
needed
- Assist in all scoping, scheduling, and logistics for each
penetration test and security assessment
- Communicate and coordinate daily project activities within the
project team and assure that priorities are developed and
known
- Build penetration test and vulnerability assessment reports
detailing exposures that were identified, rate the severity of the
findings, and provide recommendations to mitigate any exposures or
known vulnerabilities
- Train development teams on vulnerabilities, ease of
exploitation, impact, security requirements and remedies for
individual issues
- Remain up to date on emerging vulnerabilities and exploit
techniques to ensure no such vulnerabilities exist across the Duke
Health application inventory
- Design, maintain, and enhance testing scripts, tools, and
processes
- Continually improve application security assessment processes
to keep up with the industry standard methodologies
- Provide penetration testing service offering leadership
- Maintain an overall inventory of applications, owners, and
testing results Preferred Qualifications
- Bachelor's degree in a related technical field, or five years
of equivalent technical experience required.
- 3+ years of information security experience
- 2+ years of Application Security Testing experience
- 2+ years of information security penetration tools experience
Desired Skills and Qualifications
- Industry certification like CREST, Offensive Security, SANS
Institute
- Thorough understanding of OWASP, SANS, PTES frameworks and
common vulnerabilities and attack vectors
- Port, protocol, and service enumeration: e.g. Wireshark,
Rumble, NMap, and Masscan
- Vulnerability scanning: e.g. Tenable Nessus, Nexpose, Acunetix
WVS, NetSparker
- Web and Mobile Application testing: e.g. Burp Suite, SoapUI,
ZAP, Nikto, MobSF, Veracode, Dirbuster, SQLMap, SQLNinja, Frida,
Objection
- Penetration testing Linux distros: e.g. Backbox, Kali,
Matrix
- Ability to manage complex issues and develop potential
solutions
- Excellent verbal and written communication skills
- Experience working in a large enterprise environment
- Ability to manage multiple and competing priorities
- Ability to take on a high level of responsibility, initiative,
and accountability
- Ability to work with limited supervision
- Good attention to detail and accuracy skills
- Knowledge and understanding of information security industry
standards and government regulations
- Strong analytical skills with high attention to detail and
accuracy
- Strong collaboration and partnering skills Duke is an
Affirmative Action/Equal Opportunity Employer committed to
providing employment opportunity without regard to an individual's
age, color, disability, gender, gender expression, gender identity,
genetic information, national origin, race, religion, sex, sexual
orientation, or veteran status. Duke aspires to create a community
built on collaboration, innovation, creativity, and belonging. Our
collective success depends on the robust exchange of ideas-an
exchange that is best when the rich diversity of our perspectives,
backgrounds, and experiences flourishes. To achieve this exchange,
it is essential that all members of the community feel secure and
welcome, that the contributions of all individuals are respected,
and that all voices are heard. All members of our community have a
responsibility to uphold these values. Essential Physical Job
Functions: Certain jobs at Duke University and Duke University
Health System may include essentialjob functions that require
specific physical and/or mental abilities. Additional information
and provision for requests for reasonable accommodation will be
provided by each hiring department.
Keywords: Duke University Health System, Durham , Security Analyst-Level II/III-Full Time-DHTS-Durham, Professions , Durham, North Carolina
Didn't find what you're looking for? Search again!
Loading more jobs...