Montefiore Health System Inc
Montefiore Health System Inc

Attack Surface Management Engineer

• Posted 5 hours ago • Updated 2 hours ago
Full Time
depending on experience
Company Branding Image
Fitment

Dice Job Match Score™

🤯 Applying directly to the forehead...

Job Details

Skills

  • Preventive Maintenance
  • Project Management
  • Performance Management
  • Security Engineering
  • Security Operations
  • Vendor Relationships
  • Testing
  • DevOps
  • IT Infrastructure
  • IoT
  • System On A Chip
  • Incident Management
  • Technical Writing
  • Workflow
  • Dashboard
  • KPI
  • Reporting
  • Emerging Technologies
  • Orchestration
  • Vulnerability Assessment
  • Management
  • Application Service Management
  • Oracle ASM
  • Vulnerability Management
  • Cloud Computing
  • Cyber Security
  • HIPAA
  • HITECH
  • Analytical Skill
  • Attention To Detail
  • Health Care
  • CompTIA
  • Penetration Testing
  • GSEC
  • Nessus
  • Salesforce.com
  • DICE
  • MIT
  • Military
  • Collaboration
  • Partnership
  • Law

Summary

City/State:
Elmsford, New York
Grant Funded:
No
Department:

Work Shift:
Day
Work Days:
MON-FRI
Scheduled Hours:
8:30 AM-5 PM
Scheduled Daily Hours:
7.5 HOURS
Pay Range:
$112,000.00-$140,000.00

Montefiore is ranked among the top hospitals nationally and regionally by U.S. News & World Report. For more than 100 years we have been innovating new treatments, procedures, and approaches to patient care, producing stellar outcomes and raising the bar for academic medical centers in the region and around the world. Our work to improve health outcomes in underserved communities is unparalleled in the United States. Our workforce is among the most diverse in the US: Montefiore associates speak 60+ languages.

As a Cybersecurity Engineer in Montefiore Technology , you directly support patient safety, clinical operations, and the protection of sensitive health information. This role pro vides the opportunity to work deeply with modern security technologies while contributing to our mission-driven organization where cybersecurity is essentia l to care delivery.

The Attack Surface Management (ASM) Engineer is a security engineering role responsible for conducting and supporting attack surface discovery, vulnerability management, and exposure reduction activities across a complex healthcare environment. Building upon foundational ASM analyst experience, this role emphasizes hands-on technical execution, operational discipline, and collaboration with IT, Clinical Engineering, Cloud, and Security Operations teams to reduce cyber risk while supporting patient care.

Responsibilities:
  • Work with architecture and engineering personnel to implement automation and orchestration solutions where appropriate to improve efficiency and reduce manual effort.
  • Collaborate with IT, clinical teams, and other departments to ensure cybersecurity measures are integrated into everyday operations without disrupting patient care.
  • Manage vendor relationships related to security solutions, testing services, and consulting engagements.
  • Maintain security tools and services ensuring continued uptime and efficient execution of scanning activities.
  • Work with DevOps, cloud, and IT infrastructure teams to incorporate secure development practices and vulnerability remediation into their workflows.
  • Perform continuous device and asset discovery across IT, cloud, medical, and IoT/OT environments using approved ASM tooling.
  • Review and validate asset discovery and vulnerability findings to identify unmanaged, unknown, or misclassified assets.
  • Correlate exposure and vulnerability data with CMDBs, internal inventories, and cloud asset repositories to improve accuracy.
  • Support the enterprise vulnerability management lifecycle by tracking findings from identification through remediation.
  • Apply risk-based vulnerability prioritization using exploitability, asset criticality, and business impact.
  • Coordinate with system, application, and device owners to validate their proposed remediation actions and timelines.
  • Review third-party penetration testing results and assist with remediation tracking and validation.
  • Collaborate with SOC and incident response teams to contextualize vulnerabilities during investigations.
  • Develop and maintain technical documentation, SOPs, and workflows related to ASM processes.
  • Contribute to dashboards, KPIs, and reporting that measure attack surface coverage, vulnerability aging, and risk reduction.
  • Monitor vulnerability and threat trends relevant to healthcare and emerging technologies.
  • Assist with automation and orchestration initiatives to improve ASM efficiency under manager guidance.


Requirements:

  • Bachelor's degree or equivalent work experience.


  • 4 - 6 years Cybersecurity or IT experience with progression from vulnerability analysis, exposure management, or ASM analyst functions.


  • 4 - 6 years p rior experience in highly regulated environments .


  • Strong proficiency with asset discovery and attack surface management technologies across on - prem IT, cloud, and IoMT environments.


  • Strong ability to interpret, validate , and assess findings from attack surface management (ASM) and vulnerability management platforms.


  • Strong understanding of the vulnerability management lifecycle, including remediation processes and governance requirements.


  • Foundational experience correlating data across CMDBs, cloud inventories, and security tools.


  • Ability to communicate technical findings to non-technical stakeholders with guidance.


  • Working knowledge of healthcare cybersecurity frameworks including HIPAA, HITECH, NIST CSF, HITRUST, HICP, and NYSDOH 405.46.


  • Strong analytical skills with attention to detail and data accuracy.


  • Ability to operate effectively within defined processes and escalate appropriately.


Preferred:
  • Prior experience in healthcare
  • One of the following certifications required or obtained within 18 months of hire:
    • CompTIA PenTest+
    • GIAC Security Essentials (GSEC)
    • Tenable Certified Nessus Auditor (TCNA)
    • CREST Registered Vulnerability Specialist (RVS)


#SF-DICE-MIT

#LI-MF1

Montefiore Health System, Inc. is an equal employment opportunity employer. Montefiore Health System, Inc. will recruit, hire, train, transfer, promote, layoff and discharge associates in all job classifications without regard to their race, color, religion, creed, national origin, alienage or citizenship status, age, gender, actual or presumed disability, history of disability, sexual orientation, gender identity, gender expression, genetic predisposition or carrier status, pregnancy, military status, marital status, or partnership status, or any other characteristic protected by law.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
  • Dice Id: 10122138
  • Position Id: JR229558
  • Posted 5 hours ago

Company Info

About Montefiore Health System Inc

Montefiore’s IT professionals use their talents to create and support technologies that save people’s lives, and enhance patient outcomes, and improve enhance quality of life for people in the communities we serve. Yes- we are big – over 30,000 employees - but we are centered in values that start with our communities.

Our IT teams work on the technologies that allow Montefiore’s Children’s Hospital to rank among the nation’s best 15 years in a row. Every facet of Montefiore has reason to be proud. Montefiore’s survival rate for liver transplants is among the best in the country. Cardiology at Montefiore pioneered bloodless heart transplantation and innovative techniques to treat heart illnesses with non-invasive procedures.  US News and World Reports named Montefiore as a leader in orthopedics, urology, pulmonology/lung surgery, and GI surgery, to name a few. Not to mention our school health program that provides integrated health services including behavioral health and dental services to thousands of NY kids who need us.

Why should you care about this?

The network engineers, systems engineers, applications analysts, database developers, project managers, and countless other IT people who are part of Montefiore create an infrastructure that allows our clinicians to perform the lifesaving and life-enhancing work we do every day. Their efforts make it possible for our Albert Einstein College of Medicine to participate in groundbreaking research and share clinical solutions with academic medical centers across the globe. Their skills support strong relationships with government, corporate, and community organizations that help us get paid for the work we do.

By the way- our people work on a diverse platform that includes AWS, Azure, Zscaler, Informatica, Epic, Java, .NET, Oracle, Cisco, Infor, JAMF, VMware, and a nice long list of other tools.

How good would it feel to know that your talents are going to improve things for people in the communities where we live, while working in a respectful, diverse environment? 

Our workplace is routinely recognized at a national level for diversity, including for LGBTQ individuals and people of all ages.

Montefiore's IT employees have access to a generous benefits package. For starters: what would you do with 37 paid days off per year?

Ask a recruiter about our opportunities, career development programs, and our employee benefits – you won’t be disappointed.

About_Company_OneAbout_Company_Two
Go to company profile
Create job alert
Set job alertNever miss an opportunity! Create an alert based on the job you applied for.

Similar Jobs

Cybersecurity Engineer

Elmsford, New York

Today

Full-time

depending on experience

Cybersecurity Engineering Manager

Elmsford, New York

Today

Contract

depending on experience

Data Engineer

Yonkers, New York

Today

Full-time

depending on experience

Search all similar jobs