Security Analyst-Level II/III-Full Time-DHTS-Durham

Company: Duke University Health System
Location: Durham
Posted on: May 14, 2022

Job Description:

DHTS: Duke Health Technology Solutions is a robust, specialized division of Duke University Health System dedicated to the development and management of enterprise IT systems. A 2018 'Most Wired' health system, Duke is nationally recognized for IT and information management as the first healthcare system to achieve the Davies Award - highest honor by the Healthcare Information and Management Systems Society (HIMSS) - for inpatient, ambulatory and analytics health information technology capabilities. Our employees are among the top-skilled IT experts in the Triangle and partner with leading scholars, clinicians, and researchers across Duke University and Duke Health to develop innovative technologies that support our mission of delivering tomorrow's healthcare today. Security Analyst The Penetration Testing and Vulnerability Management team at Duke Health is seeking an Information Security Analyst - Penetration Tester to support web application and mobile application security. This team is an important part of the overall Information Security Office, whose mission is to test and measure the security posture of all in-scope assets, applications, and services ensuring that all vulnerabilities are responded to and addressed. The team is small but made up of talented career penetration testers and vulnerability analysts, always available for support and assistance. If you are a passionate and driven penetration tester, who is looking for a challenging career opportunity, then please apply and help drive the Duke Health penetration testing program. In this role, you will work with Information Security Office (ISO) team members as well as application owners to identify and mitigate security vulnerabilities in applications identified through testing. Communication with business owners, application owners, security teams, and development partners is critical in this role. You will also act as an application security SME for the development and security communities across Duke. Information Security Analyst - Penetration Tester Responsibilities

• Perform Web application and mobile application penetration testing
• Deliver some network, service, or host-based security posture testing
• Manual penetration testing of applications to identify vulnerabilities across different categories like input and data validation, authentication, authorization, data access, session management, error handling, logging, encryption, and confidentiality
• Conduct Dynamic and Static Application Security Testing (SAST & DAST)
• Enhance and improve testing tools, scripts and methodologies as needed
• Assist in all scoping, scheduling, and logistics for each penetration test and security assessment
• Communicate and coordinate daily project activities within the project team and assure that priorities are developed and known
• Build penetration test and vulnerability assessment reports detailing exposures that were identified, rate the severity of the findings, and provide recommendations to mitigate any exposures or known vulnerabilities
• Train development teams on vulnerabilities, ease of exploitation, impact, security requirements and remedies for individual issues
• Remain up to date on emerging vulnerabilities and exploit techniques to ensure no such vulnerabilities exist across the Duke Health application inventory
• Design, maintain, and enhance testing scripts, tools, and processes
• Continually improve application security assessment processes to keep up with the industry standard methodologies
• Provide penetration testing service offering leadership
• Maintain an overall inventory of applications, owners, and testing results Preferred Qualifications
  • Bachelor's degree in a related technical field, or five years of equivalent technical experience required.
  • 3+ years of information security experience
  • 2+ years of Application Security Testing experience
  • 2+ years of information security penetration tools experience Desired Skills and Qualifications
    • Industry certification like CREST, Offensive Security, SANS Institute
    • Thorough understanding of OWASP, SANS, PTES frameworks and common vulnerabilities and attack vectors
    • Port, protocol, and service enumeration: e.g. Wireshark, Rumble, NMap, and Masscan
    • Vulnerability scanning: e.g. Tenable Nessus, Nexpose, Acunetix WVS, NetSparker
    • Web and Mobile Application testing: e.g. Burp Suite, SoapUI, ZAP, Nikto, MobSF, Veracode, Dirbuster, SQLMap, SQLNinja, Frida, Objection
    • Penetration testing Linux distros: e.g. Backbox, Kali, Matrix
    • Ability to manage complex issues and develop potential solutions
    • Excellent verbal and written communication skills
    • Experience working in a large enterprise environment
    • Ability to manage multiple and competing priorities
    • Ability to take on a high level of responsibility, initiative, and accountability
    • Ability to work with limited supervision
    • Good attention to detail and accuracy skills
    • Knowledge and understanding of information security industry standards and government regulations
    • Strong analytical skills with high attention to detail and accuracy
    • Strong collaboration and partnering skills Duke is an Affirmative Action/Equal Opportunity Employer committed to providing employment opportunity without regard to an individual's age, color, disability, gender, gender expression, gender identity, genetic information, national origin, race, religion, sex, sexual orientation, or veteran status. Duke aspires to create a community built on collaboration, innovation, creativity, and belonging. Our collective success depends on the robust exchange of ideas-an exchange that is best when the rich diversity of our perspectives, backgrounds, and experiences flourishes. To achieve this exchange, it is essential that all members of the community feel secure and welcome, that the contributions of all individuals are respected, and that all voices are heard. All members of our community have a responsibility to uphold these values. Essential Physical Job Functions: Certain jobs at Duke University and Duke University Health System may include essentialjob functions that require specific physical and/or mental abilities. Additional information and provision for requests for reasonable accommodation will be provided by each hiring department.

Keywords: Duke University Health System, Durham , Security Analyst-Level II/III-Full Time-DHTS-Durham, Professions , Durham, North Carolina