What are the responsibilities and job description for the Cyber Security Vulnerability Engineer II (30762) position at GI Alliance?
Position purpose
We are seeking a highly skilled Senior Cybersecurity Vulnerability Engineer with deep expertise in healthcare environments to join our Information Security Team. This role is responsible for identifying, assessing, prioritizing, and driving remediation of vulnerabilities across clinical and enterprise systems. The ideal candidate understands the unique challenges of securing healthcare infrastructure, including medical devices, EHR systems, and regulatory requirements.
Responsibilities/Duties/Functions/Tasks
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Education:
Work Environment: This job operates in professional office environments.
Physical Requirements: While performing the duties of this job, the employee is occasionally required to stand; walk; sit; use hands to finger, handle, or feel objects, tools or controls; reach with hands and arms; climb stairs; balance; stoop, kneel, crouch or crawl; talk or hear; and taste or smell. The employee must occasionally lift or move up to 25 pounds. Specific vision abilities required by the job include close vision, distance vision, color vision, peripheral vision, depth perception and the ability to adjust focus.
We are seeking a highly skilled Senior Cybersecurity Vulnerability Engineer with deep expertise in healthcare environments to join our Information Security Team. This role is responsible for identifying, assessing, prioritizing, and driving remediation of vulnerabilities across clinical and enterprise systems. The ideal candidate understands the unique challenges of securing healthcare infrastructure, including medical devices, EHR systems, and regulatory requirements.
Responsibilities/Duties/Functions/Tasks
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Lead enterprise-wide vulnerability management programs, including scanning, assessment, prioritization, and remediation tracking
- Perform advanced vulnerability assessments on networks, applications, cloud environments, and medical devices
- Collaborate with IT, DevOps, clinical engineering, and application teams to remediate[JS1] security vulnerabilities
- Analyze vulnerability scan results and threat intelligence to identify risk exposure and recommend mitigation strategies
- Develop and maintain vulnerability management policies, standards, and procedures aligned with healthcare regulations
- Conduct risk-based prioritization using frameworks such as CVSS, threat context, and asset criticality
- Support penetration testing activities and red team exercises
- Monitor and report on vulnerability metrics, trends, and KPIs to leadership
- Ensure compliance with healthcare regulations and standards (e.g., HIPAA, HITRUST, NIST, SO 27001, SOC 2, PCI-DSS)
- Provide guidance on secure configuration and patch management for clinical systems and medical devices
- Stay current on emerging threats, vulnerabilities, and healthcare-specific attack vectors
- Support the development and maintenance of risk registers and risk treatment plans
- Assist in the development, review, and enforcement of information security policies, standards, and procedures as is relates to patch management and vulnerability remediation
- Support internal and external audits, including evidence gathering and remediation tracking
- Maintain awareness of emerging threats, regulatory changes, and industry best practices
Education:
- Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, STEM or related field
- 5–8 years of experience in vulnerability management, security engineering, or related[JS2] cybersecurity roles
- Strong experience with vulnerability scanning tools (e.g., Tenable, Qualys, Rapid7)
- Deep understanding of operating systems, networks, and cloud environments
- Experience working in healthcare or highly regulated environments
- Knowledge of healthcare systems such as EHR/EMR platforms and medical device security
- Familiarity with regulatory frameworks such as HIPAA, HITRUST, NIST CSF, and ISO 27001, SOC II, SOX
- Strong analytical, problem-solving, and communication skills
- Ability to manage multiple priorities and work cross-functionally
- Professional certifications such as CISSP, CEH, OSCP, or GIAC
- Knowledge of cloud security and compliance (AWS, Azure, GCP)
- Experience with third-party risk management programs (Archer, Drata)
- Experience with container and cloud security (AWS, Azure, GCP)
- Knowledge of DevSecOps and CI/CD pipeline security
- Experience with scripting or automation (Python, PowerShell, Bash)
- Familiarity with threat modeling and risk assessment methodologies
- Experience securing IoT/medical devices in clinical environments
- Problem analysis and problem resolution at both an operational and tactical level.
- Experience in developing and deploying security specific solutions including the automation of repeatable security tasks and controls.
- Experience with security vulnerability and penetration tools, remediation, and processes.
- Attention to detail and documentation rigor
- Integrity and accountability
- Risk-based decision making
- Cross-functional collaboration
- Attention to detail and accuracy
- Ability to communicate complex security issues to non-technical stakeholders
- Proactive and continuous improvement mindset
Work Environment: This job operates in professional office environments.
Physical Requirements: While performing the duties of this job, the employee is occasionally required to stand; walk; sit; use hands to finger, handle, or feel objects, tools or controls; reach with hands and arms; climb stairs; balance; stoop, kneel, crouch or crawl; talk or hear; and taste or smell. The employee must occasionally lift or move up to 25 pounds. Specific vision abilities required by the job include close vision, distance vision, color vision, peripheral vision, depth perception and the ability to adjust focus.