GENERAL SUMMARY: Senior Vulnerability Analyst – Offensive Lead is a key role in advancing vulnerability management throughout the HFHS enterprise through technical expertise with a focus on threat intelligence, vulnerability management, and offensive security. The Senior Vulnerability Analyst – Offensive Lead Managing Lead, works collaboratively to support the identification, assessment, mitigation, and monitoring of vulnerabilities by utilizing various security tools and other techniques. The Senior Vulnerability Analyst – Offensive Lead independently develops assessment plans, supports, or leads projects, and may also manage the activities of security personnel that are focused on aspects of the Threat and Vulnerability Management program. The Senior Vulnerability Analyst – Offensive Lead reports to the Vulnerability Management Services Manager. In conjunction the Senior Vulnerability Analyst –Offensive Lead works in a collaborative effort with IT to assure vulnerability management and policy compliance security programs and technical controls are compliant with policies, applicable laws, and regulations. PRINCIPLE DUTIES AND RESPONSIBILITIES: • Collaboratively support daily vulnerability management efforts with peers. • Collaboratively create, recommend, and/or implement VMS program improvements to meet established objectives. • Coordinate and communicate with other security and IT employees to discuss solutions, challenges, or other information security concerns. • Maintain an understanding of the threat landscape and communicate them with a focus on the most relevant, highest-risk threats. • Utilize various approaches to improve an understanding of internal and external attack surfaces. • Coordinate with the blue team to increase an understanding of threat actor tools, techniques, and procedures (TTPs). • Conduct ad hoc IOC investigations or threat-hunts. • Collaborate with the blue team to conduct purple team exercises to ensure detection of pertinent TTPs. • Supports incident response or other investigations, as needed. • Manually review and test vulnerabilities for susceptibility or false positives. • Run ad hoc scans or other methods to proactively identify potential high-risk vulnerabilities commensurate with risk. • Maintain a robust understanding of vulnerabilities in an enterprise, including healthcare, beyond the traditional CVSS. • Help drive prioritization of remediation of pertinent vulnerabilities through threat contextualization. • Support the maturing of application security, including conducting web application security scans or tests. • Conduct, lead, and contract with third parties for offensive testing ensuring risk of such testing is appropriately managed. • Manually validate that offensive security observations are remediated. • Help further transform and maintain VMS as a trusted advisor. • Provide support for network penetration testing. • Perform special projects and other duties as assigned. • Effectively relate security-related concepts to a broad range of technical and nontechnical staff. • Lead threat intelligence and counter threat control management. • Early informer of critical vulnerabilities and exposures relevant to safeguarding the company’s information assets. • Provide in-depth analysis of vulnerabilities and impacts to key partners. EDUCATION/EXPERIENCE REQUIRED: • Bachelor's Degree in Business Administration, Engineering, and Information Systems, Information Assurance or closely related field, required. • Minimum seven (7) years of related IT or security experience, which includes five (5) years of direct information security experience, and a minimum of one (1) year experience directly related to offensive testing and/or threat assessment. • Strong working experience and understanding of industry leading vulnerability management tools. • CISSP, CISM, or CISA is recommended. • OSCP, CRTO, or other offensive testing certification is recommended. • Experience providing working knowledge and skills in the following: Security laws, mandates, standards, and best practices (i.e., HIPAA, ISO, ACA, DFIS, NACHA, Payor customer group security requirements, PCI, HITECH, GLB, etc.). • Demonstratable relevant work experience within information security including the areas of operational /technology auditing & risk, offensive testing, threat assessment, and vulnerability management. • Experience or knowledge of technical and operational, business and healthcare environment preferably Payor related healthcare activities. • Familiarity with national security standards, business continuity, disaster recover, auditing, risk management, vulnerability assessments, regulatory compliance, and incident management. • Strong understanding of project management and information technology background. • Good analytical, organizational, verbal, and written communication skills. • Ability to solve problems in a dynamic team environment and handle multiple assignments in a timely manner. • Experience in conflict management skills necessary to resolve issues where corporate areas disagree. • Ability to effectively interface with various levels of management internally and as well as contacts outside the organization. • Must be able to travel to other HFHS and Subsidiary facilities and vendor sites to meet with operating or audit personnel. • A service focused team player who can lead and mentor team members. • Excellent customer service and interpersonal skills demonstrated both over the phone and face-to-face to communicate technical information in non-technical terms. • Consensus building and collaborative interpersonal skills. • Good presentation skills. • Ability to work under pressure, establish priorities and respond with urgency. • Self-motivated with excellent verbal and written skills. CERTIFICATIONS/LICENSURES REQUIRED: Must meet or exceed core customer service responsibilities, standards and behaviors as outlined in the HFHS’ Customer Service Policy and summarized below: - Communication - Ownership - Understanding - Motivation - Sensitivity - Excellence - Teamwork - Respect Must practice the customer skills as provided through on-going training and in-services. Must possess the following personal qualities: - Be self-directed - Be flexible and committed to the team concept - Demonstrate teamwork, initiative and willingness to learn - Be open to new learning experiences - Accepts and respects diversity without judgment - Demonstrates customer service values PHYSICAL DEMANDS/WORKING CONDITIONS: Normal office environment with minimal exposure to noise, dust, or extreme temperatures. Additional Information + Organization: Corporate Services + Department: Ascension Info_Network Scrty + Shift: Day Job + Union Code: Not Applicable Additional Details This posting represents the major duties, responsibilities, and authorities of this job, and is not intended to be a complete list of all tasks and functions. It should be understood, therefore, that incumbents may be asked to perform job-related duties beyond those explicitly described above. Overview Henry Ford Health partners with millions of people on their health journey, across Michigan and around the world. We offer a full continuum of services – from primary and preventative care to complex and specialty care, health insurance, a full suite of home health offerings, virtual care, pharmacy, eye care and other health care retail. With former Ascension southeast Michigan and Flint region locations now part of our team, Henry Ford’s care is available in 13 hospitals and hundreds of ambulatory care locations. Based in Detroit, Henry Ford is one of the nation’s most respected academic medical centers and is leading the Future of Health: Detroit, a $3 billion investment anchored by a reimagined Henry Ford academic healthcare campus. Learn more at henryford.com/careers . Benefits The health and overall well-being of our team members is our priority. That’s why we offer support in the various components of our team’s well-being: physical, emotional, social, financial and spiritual. Our Total Rewards program includes competitive health plan options, with three consumer-driven health plans (CDHPs), a PPO plan and an HMO plan. Our team members enjoy a number of additional benefits, ranging from dental and eye care coverage to tuition assistance, family forming benefits, discounts to dozens of businesses and more. Employees classified as contingent status are not eligible for benefits. Equal Employment Opportunity/Affirmative Action Employer Equal Employment Opportunity / Affirmative Action Employer Henry Ford Health is committed to the hiring, advancement and fair treatment of all individuals without regard to race, color, creed, religion, age, sex, national origin, disability, veteran status, size, height, weight, marital status, family status, gender identity, sexual orientation, and genetic information, or any other protected status in accordance with applicable federal and state laws.