Spécialiste en gestion des vulnérabilités/ Vulnerability Remediation Specialist

Company Description

With 40 years of expertise, LGI Healthcare Solutions develops technological software for the healthcare network. We specialize in providing solutions for clinical, financial and material management, performance and analysis, and workforce management, which includes payroll management. Innovation is at the heart of our activities and we partner with our customers to solve crucial issues and ensure the well-being of patients and all members of the health sector. Today, our solutions support 320,000 healthcare professionals and over 6 million patients.

At LGI Healthcare Solutions, we value diversity and equal access to employment for all. Should you require specific assistance during the recruitment and integration process, don’t hesitate to let us know. It will be our pleasure to accommodate you while respecting the confidentiality of your personal information.

Job Description

LGI Health Solutions is looking for a Threat and Vulnerability Remediation Specialist with knowledge and experience as a system administrator for Windows and Linux. Reporting directly to the Senior Director, Information Security (CISO) and fully integrated into the IT Infrastructure team, the individual will be responsible for analyzing vulnerabilities identified from scans and some manual testing in both internal and cloud infrastructure environments, and designing/implementing a strategy to mitigate these vulnerabilities based on an understanding of the constraints of each impacted environment.  

As a Vulnerability Remediation Specialist, you will:  

• Provide relevant advice on company policies and technical standards, particularly in relation to vulnerability management and secure configuration profiles. 
• Collaborate effectively with other teams (i.e. CloudOps, IT Infrastructure, R&D, Product Management, etc.) to assess the potential impact of remedial actions specific to the customer's environment and establish appropriate mitigating controls. 
• Identify and propose relevant actions to address and resolve vulnerabilities, with a focus on reducing potential impacts on information assets to an acceptable level according to policies and standards. 
• Cultivate strong partnerships with technical teams to promote best practice in vulnerability management across traditional infrastructure and cloud environments.
• Fully understand business requirements and work with our business partners to implement effective solutions that meet both security requirements and business objectives. 
• Review and/or escalate exception requests using a risk-based approach to analyse vulnerability data against open/closed sources of information, optimising the prioritisation of vulnerability management activities.
• Assist the security team in maintaining documentation that delineates the threat and vulnerability management programme, policies and procedures.  
• Developing and improving key performance indicators (KPIs), metrics and trend analyses for the vulnerability management functions. 

Qualifications

• In-depth knowledge of the vulnerability management process, including identifying vulnerabilities, eliminating false negatives/positives, applying corrective measures, tracking corrected vulnerabilities through subsequent scans and analysis, etc. 
• Experience of industry standards relating to vulnerability management, such as Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS) and Open Web Application Security Project (OWASP). 
• Basic knowledge of manual penetration testing to validate certain vulnerabilities (use of Nmap modules, Burp Suite Pro and the command-line tools of the Kali Linux distribution). 
• Knowledge and experience as a system administrator for Windows and Linux. Knowledge and experience of device management solutions such as Intune and/or SCCM would be an asset. 
• Strong knowledge of technology and security domains, covering operating systems, network security, protocols, application security, infrastructure hardening and security. 
• Familiarity with the security standards/controls described in various IT governance and compliance models such as NIST, SOC2, ISO 27001 and 27002. 
• Previous involvement in large-scale environments with various technologies is essential.
• Strong analytical skills and attention to detail. 
• Strong communication skills.
• Highly motivated and able to work autonomously, whilst being a team player and encouraging collaboration.
• 3 to 5 years' experience in vulnerability management, as a system administrator or in a related field.
• Bachelor's degree in computer science/information systems or a related field and/or sufficient professional experience in a similar position.
• CISSP, CEH, OSCP, CISA, GIAC GEVA or similar certifications an asset.

Additional Information

Here are the many benefits to ensure your personal and professional well-being as well as financial health:  

• Remote, in-office, or hybrid work, with the option of flexible hours to promote balance and performance 
• Group insurance plan and group RRSP with employer participation in effect from day one 
• Minimum of 3 weeks vacation + 5 days personal leave per year 
• Access to a telemedicine service and a complete assistance program for all employees and their family 
• Financial contribution to your training and professional development 
• More than 40 years of expertise in the health IT field opens the door to many career opportunities 
• Projects integrating Agile methodology 
• Employee discount program  
• An organizational culture rooted in the values of courage, determination, excellence, and collaboration around which we come together to develop technology solutions for the healthcare field. 

If you are interested in this position, we would be very happy to tell you more about the role, the team, and life at LGI Healthcare Solutions.  

Apply now!