Penetration Testing Engineer, Cybersecurity

Thank you for considering a career at Ensemble Health Partners!

Ensemble Health Partners is a leading provider of technology-enabled revenue cycle management solutions for health systems, including hospitals and affiliated physician groups. They offer end-to-end revenue cycle solutions as well as a comprehensive suite of point solutions to clients across the country.

Ensemble keeps communities healthy by keeping hospitals healthy. We recognize that healthcare requires a human touch, and we believe that every touch should be meaningful. This is why our people are the most important part of who we are. By empowering them to challenge the status quo, we know they will be the difference

The Opportunity:

The Penetration Testing Engineer, Cybersecurity will work as a member of the Cybersecurity Technical Assessments team. As a member of the team, you will be responsible for conducting penetration tests, vulnerability assessments, and reporting findings to detect both legacy and cutting-edge security vulnerabilities in enterprise environments. A strong understanding of networking, system administration and web application security is essential.  We highly value the ability to think outside the box and go beyond conventional attack paths and exploits.

As a Penetration Testing Engineer, you will be responsible for supporting projects and operational teams by assessing, evaluating and verifying vulnerabilities identified in Ensemble’s environment.  You will measure the risk and collaborate with appropriate stakeholders to efficiently remediate and mitigate these risks. Additionally, you will work with product, engineering, development, and security champions to integrate and automate security requirements, testing and verification into all aspects of the system development lifecycle.  Duties may include:

• Scoping and performing penetration testing and vulnerability research of complex proprietary software and hardware for client services.
• Identifying and assessing vulnerabilities in systems and applications using both manual and automated testing methods to find and exploit code flaws, misconfigurations, and insecure software.
• Lending expertise in assisting with validation of Dynamic Application Security Testing (DAST) related findings.
• Keeping cybersecurity training and knowledge current by monitoring the latest security threats and vulnerabilities.
• Writing clear and concise penetration testing reports detailing findings and recommendations.
• Provide recommendations for remediation of identified vulnerabilities.
• Occasionally joining senior leaders or stakeholders on client kick-off and discovery sessions to answer questions from prospects and clients.

Job competencies:

• Strong knowledge of various operating systems and networks, especially experience with Linux, Windows, and Active Directory.
• Proficiency in a programming language such as Python, JavaScript, or .NET.
• Experience with penetration testing tools and frameworks such as Metasploit, Nmap, and Nessus.
• Knowledge of web application security, including experience with web application scanners and manual testing techniques.
• Experience with a variety of security tools and techniques and the ability to write scripts to automate tasks.
• Strong communication and report-writing skills.
• A degree or one recognized certification such as the CPTS penetration testing certification, CompTIA PenTest+, or OSCP is ideal but not necessary.
• Experience with cloud and container technologies like AWS, Azure, and Kubernetes is a plus.

Essential Job Functions:

• Leverage vulnerability management data to ensure the safety and integrity of the systems in which Ensemble applications are hosted.
• Conduct comprehensive penetration testing on networks, wireless systems, web applications, and other critical infrastructure.
• Generate reports and deliver presentations that explain the findings of research and vulnerability assessments.
• Participate in the creation of threat models for Ensemble developed systems.
• Coordinate purple team exercises to enhance detection and response capabilities, as well as test the functionality of security systems.
• Leverage tools commonly used to perform security testing (e.g., Nmap, Burp Suite, evilginx, hashcat, Metasploit, Nessus, impacket, C2 frameworks, nuclei, gophish, Dradis, Ghostwriter, etc.)
• Assist in optimizing scan profiles in DAST and pentest frameworks to ensure comprehensive coverage of testing; review and validate findings these tools.
• Stay in touch with and provide recommendations to development resources on security threats and potential remediation and control adjustments to address the current threat landscape.
• Conduct social engineering activities (e.g., phishing, USB drops) to assess organizational security posture.
• Provide tracking and remediation oversight for resolving security issues during all stages of the development process.
• Contribute to the development and refinement of security policies, procedures, and documentation.
• Participate in security training and awareness initiatives.
• Collect security-related metrics and increase security visibility across the organization

Requirements:

• Certifications: OSCP, OSWE, GPEN, GWEB, CISSP
• 7-10 years of relatable professional experience
• Bachelors Degree or equivalent experience
• A minimum of 5+ years of experience in Information Technology
• A minimum of 3 years of experience in performing penetration tests
• Proven experience with common penetration toolsets (i.e. Metasploit, Burp Suite, Kali Linux, etc.)
• Experience with Vulnerability Management platforms (i.e. Wiz, Qualys, Nessus, etc.)
• Strong understanding of OWASP Top10 and the OWASP Web Security Testing Guide
• Strong understanding of network and application protocols (e.g., TCP, UDP, SMB, HTTP, FTP)
• Knowledge of how software works and interacts at various layers
• Experience in conducting security assessments, source code reviews, and vulnerability analysis against web applications, thick clients, and network infrastructure.
• Ability to read and understand stack traces and source code call trees to verify issues reported by tooling is legitimate.
• Excellent problem solving and analysis skills, including the ability to logically create structure and order from unstructured inputs
• Strong familiarity with Linux and Windows operating systems, cloud provider ecosystems like Azure and Amazon AWS, and containerization technologies like Docker and Kubernetes.
• Ability to create scripts (Python/PowerShell/bash)
• Adherence to change management process
• Great Communication Skills – you will be a Security ambassador to other teams, partnering to add security to their delivery pipelines.
• Experience in creating and delivering technical documentation and presentations to a variety of audiences, including technical teams and executive management.
• Ability to own and resolve problems.

#LI-MT1

#LI-Remote

Join an award-winning company

Three-time winner of “Best in KLAS” 2020-2022

2022 Top Workplaces Healthcare Industry Award

2022 Top Workplaces USA Award

2022 Top Workplaces Culture Excellence Awards

• Innovation

• Work-Life Flexibility

• Leadership

• Purpose + Values

Bottom line, we believe in empowering people and giving them the tools and resources needed to thrive. A few of those include:

• Associate Benefits –  We offer a comprehensive benefits package designed to support the physical, emotional, and financial health of you and your family, including healthcare, time off, retirement, and well-being programs. 
• Our Culture – Ensemble is a place where associates can do their best work and be their best selves. We put people first, last and always. Our culture is rooted in collaboration, growth, and innovation.  
• Growth – We invest in your professional development. Each associate will earn a professional certification relevant to their field and can obtain tuition reimbursement. 
• Recognition – We offer quarterly and annual incentive programs for all employees who go beyond and keep raising the bar for themselves and the company. 

Ensemble Health Partners is an equal employment opportunity employer. It is our policy not to discriminate against any applicant or employee based on race, color, sex, sexual orientation, gender, gender identity, religion, national origin, age, disability, military or veteran status, genetic information or any other basis protected by applicable federal, state, or local laws.  Ensemble Health Partners also prohibits harassment of applicants or employees based on any of these protected categories.

Ensemble Health Partners provides reasonable accommodations to qualified individuals with disabilities in accordance with the Americans with Disabilities Act and applicable state and local law. If you require accommodation in the application process, please contact TA@ensemblehp.com.

This posting addresses state specific requirements to provide pay transparency.  Compensation decisions consider many job-related factors, including but not limited to geographic location; knowledge; skills; relevant experience; education; licensure; internal equity; time in position.  A candidate entry rate of pay does not typically fall at the minimum or maximum of the role’s range.

EEOC – Know Your Rights
FMLA Rights - English

La FMLA Español