Senior Cyber Security Engineer, Secure Configuration

Community Health Systems is one of the nation’s leading healthcare providers. Developing and operating healthcare delivery systems in 39 distinct markets across 15 states, CHS is committed to helping people get well and live healthier. CHS operates 70 acute-care hospitals and more than 1,000 other sites of care, including physician practices, urgent care centers, freestanding emergency departments, occupational medicine clinics, imaging centers, cancer centers and ambulatory surgery centers.

Summary:

As a member of the Information Security team, the Cyber Security Senior Engineer for Secure Configuration Management will be responsible for partnering with technology owners to develop secure hardening standards for CHS platforms and software, ensure application of those settings, and monitor systems to ensure long-term compliance. The Senior Engineer will operate within the Threat and Vulnerability Management team as an expert in vulnerability management, ensuring sound practices while designing, growing, and maintaining the program. The Senior Engineer will be responsible for seeking out and reporting on system security weaknesses and will work directly with other security and information technology team members to develop plans for reporting and remediation across all operating systems and applications in the enterprise.

Essential Duties and Responsibilities:

• Develop secure hardening standards for common CHS platforms and applications, in collaboration with Information Technology teams.
• Expand and maintain a governance program for configuration compliance in order to identify and remediate drift.
• Apply industry best practices and standards to hardening standard design and report generation.
• In the case of Windows-based systems, craft and deploy Group Policy to reinforce hardening standards.
• Collaborate with security and IT team members to develop and operate processes for reviewing system images for policy compliance.
• Partner with system owners to troubleshoot and resolve issues related to security settings, including management of the implementation of setting exclusions when needed
• Work closely with IT partners to coordinate and track the progress of remediation efforts, ensuring timely resolution of identified findings.
• Contribute to the development and maintenance of secure configuration management policies, procedures, and documentation.
• Provide guidance and support to junior team members, fostering knowledge sharing and professional growth within the vulnerability management team.
• Leverage knowledge of Active Directory, operating systems, certificates, networking protocols, and powershell to design, scale, and deliver security hardening.
• Business and Soft Skill expectations:
  • Communicate and interact effectively and professionally with co-workers, management, customers, etc.
  • Maintain complete confidentiality of company business.
  • Communicate with management regarding development within areas of assigned responsibilities and perform special projects as required or requested.

 
Qualifications

• Required Education: High School diploma
• Preferred Education: Bachelor’s or Master’s Degree in Cyber Security, Computer Science, Information Systems (or other related field), or equivalent work experience.
• Required Experience:
  • Duration:
    • 3+ years of IT or information security, and
    • 2+ years of vulnerability management
  • Activities:
    • Practical experience with designing and implementing technologies related to vulnerability management including vulnerability scanning, penetration testing, and configuration management
    • Served as expert thought leader for vulnerability management technologies and influenced the strategy for remediation
    • Worked in process-driven structured environments and participated in process optimization activities.
  • Competencies:
    • In-depth knowledge of vulnerability management tools, techniques, and best practices.
    • Familiarity with industry frameworks and standards such as NIST, CIS, and CVSS.
    • Strong understanding of operating systems, network protocols, and web applications.
    • Experience with vulnerability scanning and assessment tools (e.g., Nessus, Qualys, OpenVAS).
    • Excellent analytical and problem-solving skills, with the ability to prioritize and address vulnerabilities based on risk.
    • Strong communication and collaboration skills to work effectively with cross-functional teams.
    • Relevant certifications such as CISSP, CISA, or GIAC certifications are a plus.
    • Commitment to continuous learning and staying updated on the latest trends and threats in the field of vulnerability management.
    • Strong understand of lifecycle management principles and their application to the remediation of cybersecurity vulnerabilities
    • Effective communication of technical concepts to a non-technical audience
    • Excellent written and verbal communication skills
• Preferred Experience: 3+ years of vulnerability management
• Required License/Registration/Certification: None
• Preferred License/Registration/Certification:
  • SANS Certifications
  • GIAC Certifications
  • EC Council CEH
• Computer Skills Required:
  • Productivity suite software required
  • Python, Powershell, Microsoft SQL, industry standard vulnerability scanning software, and various other cybersecurity tools preferred

Physical Demands:
In order to successfully perform this job, with or without a reasonable accommodation, the following are outlined below:

• The Employee is required to read, review, prepare and analyze written data and figures, using a PC or similar, and should possess visual acuity.
• The Employee may be required to occasionally climb, push, stand, walk, reach, grasp, kneel, stoop, and/or perform repetitive motions.
• The Employee is not substantially exposed to adverse environmental conditions and; therefore, job functions are typically performed under conditions such as those found within general office or administrative work.