CityRochester
StateMN
RemoteYES
DepartmentInformation Security
Why Mayo ClinicMayo Clinic is top-ranked in more specialties than any other care provider according to U.S. News & World Report. As we work together to put the needs of the patient first, we are also dedicated to our employees, investing in competitive compensation and comprehensive benefit plans – to take care of you and your family, now and in the future. And with continuing education and advancement opportunities at every turn, you can build a long, successful career with Mayo Clinic. You’ll thrive in an environment that supports innovation, is committed to ending racism and supporting diversity, equity and inclusion, and provides the resources you need to succeed.
Benefits Highlights
Medical: Multiple plan options.Dental: Delta Dental or reimbursement account for flexible coverage.Vision: Affordable plan with national network.Pre-Tax Savings: HSA and FSAs for eligible expenses.Retirement: Competitive retirement package to secure your future.
Responsibilities
The senior information security engineer serves in a security researcher role and is a hands-on representative of the Mayo Clinic Office of Information Security (OIS) team. While some automated tools will be leveraged, the role requires hands-on experience with a variety of tools to emulate attacker tactics, techniques, and procedures (TTPs). A candidate must possess a solid understanding of information security, preferably with a strong computer science or engineering background and professional experience. They must understand applications, networking, and various operating systems along with tools and frameworks. Candidates must also maintain a high level of rigor to stay up to date with advancements in technology while also retaining knowledge of older systems and applications that may still be in use in the enterprise.
A candidate for this position must be results oriented, multi-disciplined, and comfortable working with engineering staff, architecture staff, and management to discover vulnerabilities in existing services, infrastructure, and applications across the enterprise before our adversaries do. They also act as an information security liaison to various business units and the information technology department to recommend ways to address security concerns present in moderately complex Mayo Clinic services and systems.
The essential job duties for a senior information security engineer are:
Work with business partners within the department to achieve organizational and OIS goalsApply technical expertise in penetration testing, vulnerability research, red teaming, code auditing, and reverse engineering to perform in-depth security assessments of IT infrastructure (on-prem and cloud), medical devices, and various types of software (including web and mobile applications)Identify, understand, and explain the root cause of technical security vulnerabilities and clearly report steps to reproduce a vulnerabilityDevelop and recommend technical strategies to mitigate or remediate identified vulnerabilities to asset ownersRegularly research and learn new TTPs in public and closed forums, and work with teammates to assess risk and implement and validate controls as necessaryDevelop and maintain tools and scripts used in penetration-testing and red team processesSupport purple team exercises designed to build strength across the cybersecurity operations center, threat hunting, and red teamTrain offensive and defensive colleagues on new TTPs and mentor junior teammatesOccasionally attend and participate in risk assessment or policy discussion meetingsUndertake complex projects requiring specialized technical knowledgePerform other security-related duties or enhancements as assignedEstablish timelines and delivery of requirements.This vacancy is not eligible for sponsorship/ we will not sponsor or transfer visas for this position. Also, Mayo Clinic DOES NOT participate in the F-1 STEM OPT extension program.
Qualifications
The Senior Information Security Engineer requires the following skills and abilities:
Strong written and verbal skillsProfessional, focused, penetration testing experienceGood understanding of at least three operating systems (Microsoft Windows, GNU/Linux, Android, macOS, or iOS)Advanced experience with security tools, including Metasploit Framework, Burp Suite, Frida, Wireshark, and ResponderProvide security recommendations about cryptographic implementationsUnderstands system-level conceptsUnderstands OWASP, NIST CVSS, and the software development lifecycle (SDLC).Experience in at least one programming language (Rust, Go, Java, .NET, C or C++) or one scripting language (Python, PHP, Ruby)Experience in testing at least one of the following:cloud infrastructures (AWS, GCP)mobile applications (iOS and Android)Have an astute attention to detailHighly organized and efficientDemonstrates a deep and broad knowledge of standard operating procedures, workflows and supporting technology across numerous critical user areas and an in-depth knowledge of multiple computing technologies either being actively used or of significant interest to Mayo; understands how systems fit into larger picture of technology at MayoCapacity to work remotely, independently, and be willing to seek advice/assistanceGood to have:
Experience in secure systems architecture designsExperience in reverse engineering (x86, x64, ARM32, ARM64 architectures), and familiarity with relevant tools (IDA Pro or Ghidra)Experience with hardware security testingMinimum Education and/or Experience Required:
Master’s degree with one (3) years of experience or bachelor’s degree in computer science, Information Systems, Engineering or related major and a minimum two (5) years’ experience in the information security field required.
Licensure/Certification Required: Must have one of the following certifications (or equivalent) at time of hire. In lieu of certification at time of hire, candidate must pass the exam within two years and complete the certification process once years of service requirements of the certifying body have been met.
OSCP – Preferred certificationCISSPGIAC Certification (GPEN preferred)Exemption Status
Exempt
Compensation Detail
$128,502.40 - $186,164.00 / year.
Benefits Eligible
Yes
Schedule
Full Time
Hours/Pay Period
80
Schedule Details
Core hours are Monday through Friday 8am to 4pm candidates local time with occasional time outside required outside core hours as needed.
Weekend Schedule
Not normal, but may be required if a test or schedule needs it. Again, this is not normal.
International Assignment
No
Site Description
Just as our reputation has spread beyond our Minnesota roots, so have our locations. Today, our employees are located at our three major campuses in Phoenix/Scottsdale, Arizona, Jacksonville, Florida, Rochester, Minnesota, and at Mayo Clinic Health System campuses throughout Midwestern communities, and at our international locations. Each Mayo Clinic location is a special place where our employees thrive in both their work and personal lives. Learn more about what each unique Mayo Clinic campus has to offer, and where your best fit is.
Affirmative Action and Equal Opportunity Employer
As an Affirmative Action and Equal Opportunity Employer Mayo Clinic is committed to creating an inclusive environment that values the diversity of its employees and does not discriminate against any employee or candidate. Women, minorities, veterans, people from the LGBTQ communities and people with disabilities are strongly encouraged to apply to join our teams. Reasonable accommodations to access job openings or to apply for a job are available.
Recruiter
Joy Kundrata