InfoSec Senior Advisor - Vulnerability Management

Full Time

  • Work from home

Skills

  • Vulnerability Management
  • Qualys
  • Cloud
  • Prisma
  • CSP's
  • Compliance Standards
  • Data Analytics
  • Splunk
  • ELK
  • Tableau

Job Description



Candidates must be authorized to work in the US without current or future sponsorship requirements.


Develops, recommends, and implements enterprise information security policies, technical standards, guidelines, procedures, and other elements of an infrastructure necessary to support information security in compliance with established company policies, regulatory requirements, and generally accepted information security controls.


This role will act as lead strategist and senior technical subject matter expert within the Cloud Vulnerability Management and Secure Configuration Assessment program to include Cloud Security Posture Management (CSPM). A successful candidate will be able to support Information Technology, Information Security and the business in the evaluation and understanding of complex technical issues impacting the prevention, detection and / or remediation of vulnerabilities and misconfigurations. This role will also include supporting the design and implementation of a new secure configuration assessment program and aligning processes within vulnerability management with other groups within the Security Technology Services function.


How you will make an impact:



  • Leads system and network architecture support for information and network security technologies; technical expert supporting vulnerability management and stakeholders for areas including system administration, network infrastructure, IT operations and data administration.

  • Provide Subject Matter Expertise on vulnerability risk, remediation, and mitigating actions.

  • Subject Matter expert for Vulnerability Management integrations with tools like, but not limited to ServiceNow Vulnerability Response, Splunk, xSOAR and other API integrations.

  • Promote process improvement through the identification of areas of inefficiency and ineffectiveness throughout the Vulnerability Management and Secure Configuration Program.

  • Support strategic development of secure configuration assessment capability including process design, requirements definition and organizational change management.

  • Prepare audit reports that identify technical and procedural findings and provide recommended remediation strategies/solutions.

  • Work cross-functionally to provide actionable reports throughout the vulnerability management domain; act as primary point of contact for troubleshooting any issues related to data ingestion and data quality.

  • Sets vendor strategy and direction.

  • May be assigned to project teams for technical consultation to business partners and developers.

  • Designs & engineers comprehensive access management and network security technical solutions based on business requirements and defined technology standards; works with architecture to update technology direction & strategy.

  • Develops reports supporting strategy and direction for management; build out metrics that are reported to the board of directors.

  • Support the strategic development of subsidiary vulnerability management program to include the integration of vulnerability assessment capabilities and processes with organizational program and functions.

  • Build and maintain effective relationships with business and technology partners to drive improvement and promote strategic objectives of vulnerability management program.

  • Provide mentorship, professional development and coaching for associates at all levels of the vulnerability management program.


Must be capable of providing top-tier support for 5 or more of the information security technology common body of knowledge skill sets:



  • Access Control

  • Application Security

  • Business Continuity and Disaster Recovery Planning

  • Cryptography

  • Information Security and Risk Management

  • Legal, Regulations

  • Compliance and Investigations

  • Operations Security

  • Physical (Environmental) Security

  • Security Architecture and Design

  • Telecommunications and Network Security


Qualifications:



  • Requires BS/BA in information Technology or related field of study.

  • Minimum of 8 years' experience in systems administration and security aspects of information systems, access management and network security technologies, network communications, computer networking, telecommunications, systems development and management, hardware, software, data, and people.

  • Experience with multiple technical and business disciplines required.

  • Requires broad-based experience to plan and design highly complex systems.

  • Or any combination of education and experience, which would provide an equivalent background.


Preferred Skills, Capabilities, & Experiences:



  • Experience working with vulnerability management and configuration assessment tools such as Qualys, Tanium and Splunk to identify, prioritize, and remediate vulnerabilities.

  • Experience working with Prisma Cloud Compute or equivalent technology in the Cloud Vulnerability Management domain.

  • Experience working with multiple Cloud Service Providers (CSPs)

  • Knowledge of secure configuration assessment principles and best practices to identify and remediate configuration issues across a variety of technologies.

  • Knowledge of relevant compliance standards such as PCI DSS, HIPAA, and NIST, and experience applying these standards to secure cloud infrastructure and applications.

  • Knowledge of data analytics and visualization tools such as Splunk, ELK, or Tableau to identify trends and anomalies in vulnerability data and present results to stakeholders.

  • Knowledge of software development practices, including software development lifecycle (SDLC) models, DevOps methodologies, and containerization technologies (e.g., Docker, Kubernetes, OpenShift).

  • Security Certifications: CISSP and other advanced technical security certifications (e.g. Information Systems Security Architecture Professional, Information Security Engineering Professional, Certification and Accreditation Professional, or equivalent certifications) strongly preferred.

  • Deep understanding of security benchmarks and best practices (e.g., CIS (Center for Internet Security))



Be part of an Extraordinary Team


Elevance Health is a health company dedicated to improving lives and communities - and making healthcare simpler. A Fortune 20 company with a longstanding history in the healthcare industry, we are looking for leaders at all levels of the organization who are passionate about making an impact on our members and the communities we serve. You will thrive in a complex and collaborative environment where you take action and ownership to solve problems and lead change. Do you want to be part of a larger purpose and an evolving, high-performance culture that empowers you to make an impact?


We offer a range of market-competitive total rewards that include merit increases, paid holidays, Paid Time Off, and incentive bonus programs (unless covered by a collective bargaining agreement), medical, dental, vision, short and long term disability benefits, 401(k) +match, stock purchase plan, life insurance, wellness programs and financial education resources, to name a few.


The health of our associates and communities is a top priority for Elevance Health. We require all new candidates in certain patient/member-facing roles to become vaccinated against COVID-19. If you are not vaccinated, your offer will be rescinded unless you provide - and Elevance Health approves - a valid religious or medical explanation as to why you are not able to get vaccinated that Elevance Health is able to reasonably accommodate. Elevance Health will also follow all relevant federal, state and local laws.


Elevance Health has been named as a Fortune Great Place To Work in 2022, has been ranked for five years running as one of the 2023 World's Most Admired Companies by Fortune magazine, and is a growing Top 20 Fortune 500 Company. To learn more about our company and apply, please visit us at careers.ElevanceHealth.com. Elevance Health is an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to age, citizenship status, color, creed, disability, ethnicity, genetic information, gender (including gender identity and gender expression), marital status, national origin, race, religion, sex, sexual orientation, veteran status or any other status or condition protected by applicable federal, state, or local laws. Applicants who require accommodation to participate in the job application process may contact for assistance.