Information Security Engineer III Penetration Tester (massgeneralbrigham)

Job Description

Site: Mass General Brigham Incorporated

 

At Mass General Brigham, we know it takes a surprising range of talented professionals to advance our mission—from doctors, nurses, business people and tech experts, to dedicated researchers and systems analysts. As a not-for-profit organization, Mass General Brigham is committed to supporting patient care, research, teaching, and service to the community.  We place great value on being a diverse, equitable and inclusive organization as we aim to reflect the diversity of the patients we serve.

At Mass General Brigham, we believe a diverse set of backgrounds and lived experiences makes us stronger by challenging our assumptions with new perspectives that can drive revolutionary discoveries in medical innovations in research and patient care. Therefore, we invite and welcome applicants from traditionally underrepresented groups in healthcare — people of color, people with disabilities, LGBTQ community, and/or gender expansive, first and second-generation immigrants, veterans, and people from different socioeconomic backgrounds – to apply.

 

 

Job Summary

The Mass General Brigham (MGB) Digital Team is hiring!

The MGB Information Security Engineer III Penetration Tester will be responsible for participating in planned penetration tests against the various organizations within the MGB environment. This role will apply an ‘adversarial mindset’ against the infrastructure to assess the security controls deployed. The penetration tester exists as a part of the broader Attack Surface Management Program, and may also participate in attack simulations, threat intelligence gathering, and attack surface analysis efforts. The ideal candidate is a deeply technical minded security professional with prior experience in one or more of the following areas:
JOB IS FROM: italents.netVIEW
• Penetration testing
• Web application security testing
• Breach Attack Simulation
• Application development security
• Security controls validation


Principal Duties and Responsibilities:
• Penetration Testing: Assist in the scoping and execution of penetration tests on MGB networks, systems, and applications. The engineer will be responsible for being able to use automated and hands on techniques to suitably the environment and identify security gaps. Ensure that a clear and concise findings report can be delivered to stakeholders.
• Attack Simulation: Participate in planning and execution of simulated attacks against MGB testing infrastructure to appropriately mimic the kinds of threat actors that target the healthcare sector.
• Attack Surface Analysis: Conduct comprehensive assessments to identify risks within the organization's network, applications, and systems. This includes both internal and external assets.
• Cross-functional Collaboration: Work closely with IT, network, and application teams to ensure a cohesive approach to security. Facilitate communication and collaboration across departments to ensure alignment with security goals.
• Incident Response Support: Support the incident response team by providing insights into potential attack vectors and vulnerabilities that may be exploited during a cyber incident.
• Written Documentation: Create, review, and update documentation related to the information security and information privacy controls.
• Communication: Clear and concise written and verbal communication including long-form documentation, enterprise broadcast communications, and executive presentations; special attention required to translate technical detail into language the intended audience can understand.
• Industry Knowledge: Maintain awareness of new technologies and related opportunities for impact on system or application security.
• MGB Values: Uses the Mass General Brigham values to govern decisions, actions and behaviors. These values guide how we get our work done: Patients, Affordability, Accountability & Service Commitment, Decisiveness, Innovation & Thoughtful Risk; and how we treat each other: Diversity & Inclusion, Integrity & Respect, Learning, Continuous Improvement & Personal Growth, Teamwork & Collaboration.
• Other duties as assigned.

 

• Bachelor’s degree (B.A. / B.S.) in Information Security, Computer Science, Computer Engineering or equivalent from an accredited college or university required or related experience
• 5+ years of experience in Information Technology or Information Security required.
• ​​Broad understanding of where to find and assess tools for penetration testing
• Broad understanding of networking security and architecture concepts  
• ​Basic knowledge of tools used in day-to-day processes with ability to learn new tools and skills. 
• ​Ability to apply defined processes and playbooks to resolve a wide variety of issues. 
• ​Critical thinking and problem-solving skills sufficient to identify and communicate key issues or understand when escalation support is required. 
• ​An understanding of business needs and commitment to delivering high-quality, prompt and efficient service to the business. 
• ​Ability to collaborate effectively with team members, providing assistance and support as needed.​ 
• Knowledge of NIST Cybersecurity Framework (CSF), NIST 800-53, ISO 27K, is desirable.
• Preferred certifications include: Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), GIAC Penetration Tester Certification (GPEN), GIAC Experienced Penetration Tester (GX-PT), GIAC Certified Red Team Professional (GRTP), GIAC Security Operati
• Exceptional interpersonal skills to effectively communicate with cross functional teams.
• Strong time management and organizational skills required, project management skills are desired.
• An ability to work under the required guidelines and deliver on business/project requirements.
• Strong vocabulary, written and verbal communication and effective interpersonal skills is critical.
• Comfortable working in a dynamic environment with multiple work streams, goals, and objectives.
• Must know how to use common M365 Office Suite of products.
• Ability to work independently with appropriate supervision.
• Ability to successfully negotiate and collaborate with others of different skill sets, backgrounds an levels within and external to the organization.
• Experience in one or more of the following technologies preferred: endpoint detection and response (EDR), static and dynamic source-code analysis, SIEM, privileged access management (PAM), network technologies, cloud hosting platforms, IoT search engines, OSINT tools, etc.
• Strong problem solving and critical thinking skills.
• ons Certified (GSOC), GIAC Security Expert (GSE), etc.

Skills for Success

 

• M-F Eastern Business Hours required
• Hybrid onsite Flexible working model required weekly includes onsite in office (number of days weekly can vary, must be flexible for business needs)
• 1-3 onsite days per week
• Remote working days require stable, secure, quiet, compliant working station

Physical Requirements

• Standing Occasionally (3-33%)
• Walking Occasionally (3-33%)
• Sitting Constantly (67-100%)
• Lifting Occasionally (3-33%) 20lbs - 35lbs
• Vision - Far Constantly (67-100%)
• Vision - Near Constantly (67-100%)
• Talking Constantly (67-100%)
• Hearing Constantly (67-100%)

 

Hybrid

 

399 Revolution Drive

 

40

 

Regular

 

Day (United States of America)

 

Mass General Brigham Incorporated is an Equal Opportunity Employer. By embracing diverse skills, perspectives and ideas, we choose to lead. All qualified applicants will receive consideration for employment without regard to race, color, religious creed, national origin, sex, age, gender identity, disability, sexual orientation, military service, genetic information, and/or other status protected under law. We will ensure that all individuals with a disability are provided a reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment.

 

Mass General Brigham Competency Framework