Senior Cybersecurity Penetration Tester at The University of Chicago Medicine

Chicago, Illinois, United States -

Full Time

Start Date

Immediate

Expiry Date

16 May, 26

Salary

0.0

Posted On

15 Feb, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Penetration Testing, Red Teaming, Adversarial Testing, Vulnerability Enumeration, HIPAA Security, NIST, Kali Linux, Metasploit, Wireshark, Web Application Security, OWASP Top Ten, MITRE ATT&CK, Cloud Infrastructure, Scripting, Threat Intelligence, Risk Communication

Industry

Hospitals and Health Care

Description

Job Description Join a world-class academic healthcare system, UChicago Medicine, as a Senior Cybersecurity Penetration Tester in our Information Security department. This is a remote, work from home opportunity, and you may be based outside of the greater Chicagoland area. In this role, as a Senior Cybersecurity Penetration Tester, you will be responsible for developing, implementing, and maintaining an adversarial testing program to help secure the network, assets, software, cloud, web based, mobile, and other technologies that are used throughout the entirety of the health system. This position will work with the Security Program to identify potential weaknesses and enhance the cybersecurity risk posture for IT leaders and other stakeholders. Essential Job Functions Research, plan, and execute complete penetration testing and red team operations to identify software/network/cloud potential exploits, vulnerabilities, and other weaknesses in security controls. Develop and plan methodologies, playbooks, and procedures to implement an adversarial-based IT security program. Assess network architecture reviews (manual/automated) and advise on best practices. Assist with the development of remediation recommendations for all identified findings. Conduct meetings and communicate risks to stakeholders and IT leaders and engineers while advocating for mitigation. Other duties as assigned. Required Qualifications Bachelor’s degree required in Information Security, Computer Science, Information Technology, or a related field 5 years plus of significant, recent relevant experience in IT security penetration testing or red teaming with deep knowledge of scanning tools and vulnerability enumeration Good understanding of the HIPAA Security, NIST and other relevant healthcare regulations and standards Experience building and growing a penetration testing program combined with a willingness to build and lead our team over time Must have hands-on experience with muti-function penetration testing tools such as: Kali Linux, Metasploit, and Wireshark Hands-on experience identifying, rating, and triaging web application security vulnerabilities (such as the OWASP Top Ten) Hands-on experience developing adversary courses of action using MITRE ATT&CK or similar frameworks Hands-on experience executing penetration testing tactics, techniques, and procedures used to identify vulnerabilities in web applications, servers, cloud infrastructure, and on-premises network infrastructure Will need to remain up to date on threat intelligence to learn new exploits, attack patterns, and vulnerabilities Strong programming and scripting skills with knowledge of diverse programming languages Data-driven decision making and teamwork skills Experience delivering findings to IT leadership and other stakeholders to get vulnerabilities addressed Effective analytic, oral and written communication skills and interpersonal skills Preferred Qualifications Certifications relevant to adversarial security testing such as CEH, Pentest+, GPEN, and OSCP Experience in clinical, research, and education in healthcare Academic medical center and/or healthcare consulting experience Master’s degree Position Details Job Type/FTE: Full Time (1.0 FTE) Shift: Days Location: Remote Unit/Department: Information Security Office CBA Code: Non-Union Why Join Us We’ve been at the forefront of medicine since 1899. We provide superior healthcare with compassion, always mindful that each patient is a person, an individual. To accomplish this, we need employees with passion, talent and commitment… with patients and with each other. We’re in this together: working to advance medical innovation, serve the health needs of the community, and move our collective knowledge forward. If you’d like to add enriching human life to your profile, UChicago Medicine is for you. Here at the forefront, we’re doing work that really matters. Join us. Bring your passion. UChicago Medicine is growing; discover how you can be a part of this pursuit of excellence at: UChicago Medicine Career Opportunities UChicago Medicine is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, ethnicity, ancestry, sex, sexual orientation, gender identity, marital status, civil union status, parental status, religion, national origin, age, disability, veteran status and other legally protected characteristics. As a condition of employment, all employees are required to complete a pre-employment physical, background check, drug screening, and comply with the flu vaccination requirements prior to hire. Medical and religious exemptions will be considered for flu vaccination consistent with applicable law. Compensation & Benefits Overview UChicago Medicine is committed to transparency in compensation and benefits. The pay range provided reflects the anticipated wage or salary reasonably expected to be offered for the position. The pay range is based on a full-time equivalent (1.0 FTE) and is reflective of current market data, reviewed on an annual basis. Compensation offered at the time of hire will vary based on candidate qualifications and experience and organizational considerations, such as internal equity. Pay ranges for employees subject to Collective Bargaining Agreements are negotiated by the medical center and their respective union. Review the full complement of benefit options for eligible roles at Benefits - UChicago Medicine.

Responsibilities

The Senior Cybersecurity Penetration Tester will be responsible for developing, implementing, and maintaining an adversarial testing program across the health system's network, software, and cloud technologies. This involves researching, planning, and executing penetration tests and red team operations to identify security weaknesses and advising on remediation.