BJC Careers

Penetration Tester

Saint Louis, MO
Information Services


Job Description

Job ID: 1176997
Employment Status: Full-Time
Regular/Temporary: Regular

Your Career. Made Better.

BJC HealthCare is one of the largest nonprofit health care organizations in the United States, delivering services to residents primarily in the greater St. Louis, southern Illinois and mid-Missouri regions. BJC serves patients and their families in urban, suburban and rural communities through its 15 hospitals and multiple community health locations. Services include inpatient and outpatient care, primary care, community health and wellness, workplace health, home health, community mental health, rehabilitation, long-term care and hospice.

IS Security Services serves as an independent, objective catalyst for implementing effective and efficient controls to protect BJC HealthCare (BJC) information resources through collaboration with customers. We provide value to our customers and the organization by: Ensuring compliance with internal policies and external regulations; evaluating information system and application controls; educating BJC employees and other strategic partners on information systems security practices and concepts; acting as a resource on security controls for new and existing information systems and applications; recovering mission critical applications and data vital to the organization and strategic partners; investigating practices not in compliance with established BJC Information Services security policies and standards.


Join Us!


Role Purpose

Performs penetration assessment services for BJC.  Serves as a subject matter expert in cybersecurity, threat intelligence, and specifically, penetration testing for BJC systems and applications. This Red Team operative in security operations will lead efforts in performing vulnerability, penetration test, web application, and social engineering assessments.


Responsibilities

  • Assist with threat hunting, threat intelligence, and other indicators of threats (IOCs). Perform vulnerability, web application, social engineering, and penetration testing assessments. Utilize cybersecurity measures to include: Intrusion Prevention and Detection, Access Control and Authorization, Policy Enforcement, Application Security, Protocol Analysis, Firewall Management, Incident Response, Web filtering, Threat Protection, Vulnerability Assessment, Penetration Testing, Application Assessment, Assessment, Social Engineering, Physical Assessment, Source Intelligence, Threat Modeling, Patch Management.
  • Research emerging threats, system vulnerabilities, hacker methodologies, and key indicators of eattacks and exploits. Research, analyze, interpret, evaluate, and integrate complex data from multiple intelligence sources. Identify and maintain proficiency in tools, techniques, countermeasures and trends in the areas of threat and vulnerabilities, data hiding, network security and encryptions.
  • "Think like a hacker" and provide creative solutions aligned with strategic clinical and business workflow. Provide actionable intelligence for enterprise risk reduction.
  • Ensure compliance with system and application security in accordance with defined service levels, security practices/guidelines, and relevant technology standards. Conduct monthly meetings, and engage IT and vendors with remediation guidance. Deliver monthly vulnerability metrics and goals that reduce threat and vulnerability exposure.
  • Proactively research emerging threats, system vulnerabilities, hacker methodologies, and key indicators of attacks and exploits. Understand business expectations, success factors (e.g. KPIs) and performance characteristics for products and services (e.g. IT minimum security requirements maintaining system and applications).

  • Minimum Requirements

     

    Degree

  • Associate's Degree
  •  

    Experience

  • 5-10 years

  •  

    Preferred Requirements and Additional Job Information

     

    Degree

  • Bachelor's Degree
  •  

    Experience

  • 10+ years
  •  

    Supervisor Experience

  • < 2 years
  • No Experience
  •  

    Licenses & Certifications

  • Certified Coding Associate
  • Cisco Certified Network Assoc
  • CEH
  • Computer Hack Forensic Invest
  • CISSP
  • Certified Netware Admin
  • Certified Novell Admin
  • Certified Penetration Tester
  • Comptia CSA+ - Cybersecurity
  • CompTia A+
  • Global Infor Assurance Cert
  • Healthcare Information Sec
  • Microsoft Certified Prof
  • Microsoft Cert Systems Eng
  • Offensive Security Cert Prof
  • Offensive Security Web Expert
  • CompTIA Security +
  • Systems Security Cert Pract

  • Benefits Statement

    Note: not all benefits apply to all openings

    -  Comprehensive medical, dental, life insurance, and disability plan options
    -  Pension Plan*/403(b) Plan
    -  401(k) plan
    -  Tuition Assistance
    -  Health Care and Dependent Care Reimbursement Accounts
    -  On-Site Fitness Center (depending on location)
    -  Paid Time Off Program for vacation, holiday and sick time

    *Pension does not apply to Memorial Hospital, Memorial Hospital East, Memorial Medical Group, Alton Memorial or Parkland Health Center


    Legal Statement

    The above information on this description has been designed to indicate the general nature and level of work performed by employees in this position. It is not designed to contain or be interpreted as an exhaustive list of all responsibilities, duties and qualifications required of employees assigned to this job.

     

    Equal Opportunity Employer