Senior Threat & Vulnerability Management Engineer

About Us:

As a not-for-profit organization, Mass General Brigham is committed to supporting patient care, research, teaching, and service to the community by leading innovation across our system. Founded by Brigham and Women’s Hospital and Massachusetts General Hospital, Mass General Brigham supports a complete continuum of care including community and specialty hospitals, a managed care organization, a physician network, community health centers, home care and other health-related entities. Several of our hospitals are teaching affiliates of Harvard Medical School, and our system is a national leader in biomedical research.

We’re focused on a people-first culture for our system’s patients and our professional family. That’s why we provide our employees with more ways to achieve their potential. Mass General Brigham is committed to aligning our employees’ personal aspirations with projects that match their capabilities and creating a culture that empowers our managers to become trusted mentors. We support each member of our team to own their personal development—and we recognize success at every step.

Our employees use the Mass General Brigham values to govern decisions, actions and behaviors. These values guide how we get our work done: Patients, Affordability, Accountability & Service Commitment, Decisiveness, Innovation & Thoughtful Risk; and how we treat each other: Diversity & Inclusion, Integrity & Respect, Learning, Continuous Improvement & Personal Growth, Teamwork & Collaboration.

General Summary/ Overview:

At Mass General Brigham (MGB) Digital, we pride ourselves on our ability to create maximum strategic, clinical, and operational value from established and emergent technologies for our patients, care teams, researchers, and employees. Digital health will not only enhance the equity and efficiency of healthcare delivery, but it will also help make medicine more personalized and precise.

We recognize that increasing value and continually improving quality while maintaining an inclusive focus are essential to organizational excellence, and we invite you to join us on this journey. The work we do in Digital is a strategic imperative, and there is a strong and growing understanding of how together we will transform Mass General Brigham in innovative and impactful ways.

Under the direction of the MGB Security Engineering Manager, this role is responsible for the overall day-to-day operation of security tools and services supporting the Threat and Vulnerability Management (TVM) program at MGB.

Principal Duties and Responsibilities:

Lead and conduct vulnerability assessments, penetration tests, and other security audits to identify and prioritize potential threats and vulnerabilities within MGB systems, networks, and applications

Develop, implement, and operate effective vulnerability management processes and procedures

Research, design, and deploy security tools, technologies, and processes to enhance MGB’s threat detection and vulnerability management capabilities

Analyze threat intelligence and emerging security trends, providing recommendations for proactive defense measures. Work closely with Security Monitoring team to implement these measures

Develop and document the services supporting the information security and risk management program safeguarding patients, staff, facilities, and physical information system assets.

Monitor security bulletins and alerts from all MGB’ information system vendors. Evaluate vulnerability impact and formulates and executes risk mitigation plans.

Work with regulatory agencies, as needed, to evaluate and assure regulatory compliance with information security regulations.

Improve and standardize the reporting and alerting functions using industry-leading technologies

Uses the Mass General Brigham values to govern decisions, actions, and behaviors. These values guide how we get our work done: Patients, Affordability, Accountability & Service Commitment, Decisiveness, Innovation & Thoughtful Risk; and how we treat each other: Diversity & Inclusion, Integrity & Respect, Learning, Continuous Improvement & Personal Growth, Teamwork & Collaboration.

Occasional after hours and weekend work to perform tasks that cannot be done during business hours.

When scheduled to do so, carries pager and/or cell phone 24x7.

Working Conditions:

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.

This position requires occasional local travel to MGB sites, vendors, and/or conferences

Hospital work environment working conditions include possible exposure to diseases or infections and may require safety gear (PPE) such as gloves and mask

Normal office working conditions. The noise level in the work environment is quiet to moderate

While performing the duties of this job, the employee is frequently required to sit; talk; or hear; use hands to finger; handle; or feel; reach with hands and arms. The employee is occasionally required to stand; walk; and stoop; kneel; or crouch. The employee must frequently lift and/or move up to 5 pounds and occasionally lift and/or move up to 20 pounds

Specific vision abilities required by this job include close vision, distance vision and depth perception

Experience performing and leading penetration tests and vulnerability scans

Experience providing security operations services across multi-cloud environments

5+ years of experience in an information security role or experience with security and internetworking devices and software, including at least two years’ experience with large mission-critical internetworks.

Any relevant information security, privacy, and process certification(s), e.g., CISSP, SSCP, CISSLP, CISM, CISA, GCIH, CEH, GPEN, GWEB, GWAPT, ITIL, PMP and PCIP.

Bachelor’s degree (B.A./B.S.) or equivalent in CS/MIS/IT or equivalent discipline from an accredited college or university preferred.

Knowledge of HIPAA, Mass ID Theft regulation 201 CMR 17, PCI-DSS, and other appropriate information security regulatory requirements for healthcare entities is preferred.

Skills/Abilities/Competencies:

Excellent analytic and reasoning skills, particularly in solving difficult problems.

Ability to assume high levels of responsibility and to work with a minimum of day-to-day supervision.

Ability to work with people cooperatively and effectively from all organizational levels and build consensus through negotiation and diplomacy.

Ability to function as a member of the information security team, and to work collaboratively with multiple institutions, departments, and technical operations staffs across multiple facilities.

Excellent written and verbal communication

Excellent time management skills and the ability to multitask

Demonstrated ability defining services, and building documentation and training material

Exceptional customer service and relationship management skills.

Excellent organizational skills.

Knowledge of the following Technologies:

Vulnerability scanning and penetration testing tools

Application vulnerability scanning (DAST and SAST)

SIEM platforms

Scripting languages and operating system management tools

Cloud platforms including AWS, Azure, and Google Cloud

Diversity Statement

As a not-for-profit organization, Mass General Brigham is committed to supporting patient care, research, teaching, and service to the community. We place great value on being a diverse, equitable and inclusive organization as we aim to reflect the diversity of the patients we serve. At Mass General Brigham, we believe in equal access to quality care, employment and advancement opportunities encompassing the full spectrum of human diversity: race, gender, sexual orientation, ability, religion, ethnicity, national origin and all the other forms of human presence and expression that make us better able to provide innovative and cutting-edge healthcare and research.

Mass General Brigham is an Equal Opportunity Employer. By embracing diverse skills, perspectives and ideas, we choose to lead. All qualified applicants will receive consideration for employment without regard to race, color, religious creed, national origin, sex, age, gender identity, disability, sexual orientation, military service, genetic information, and/or other status protected under law. We will ensure that all individuals with a disability are provided a reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment.