USA Jobs

Job Information

Sutter Health Senior Cyber Security Analyst - Penetration Testing in Roseville, California

Position Overview:

The Senior Cyber Security Analyst (SCSA) is responsible for providing data security support and guidance to Sutter Health regions and affiliates. The SCSA will represent the Information Security Department on project teams and other Privacy Investigation (PI) and Information Security (IS) initiatives and will work with other IS operations support departments to identify and recommend solutions on security-related issues. Provide hands-on security administration of a broad range of security duties and requires a high level of technical experience. Duties and responsibilities include, but are not limited to, oversight of design, engineering, analysis, research, testing and monitoring. The SCSA will also serve as a senior advisor to the Chief Information Security Officer, Cyber Security Manager and Sutter Health affiliates. This is a technical position on the Information Security Team.

The Vulnerability Management & Threat Intelligence (VMTI) group is responsible for the program of vulnerability management, threat intelligence, penetration testing, and red/blue teaming services to support the Cyber Security Operations Center (CSOC). Positions in this group represent the Privacy and Information Security department under the office of general counsel, and will work with their leadership, technical operations and other groups to proactively identify, quantify, and report vulnerabilities and threats throughout the organization.

Below are the specific concentrations and responsibilities for positions in the VMTI group:

Vulnerability Management:

• Performing and reporting vulnerability scanning operations

• Working with key stakeholders to remediate vulnerabilities

• Carrying out threat hunting campaigns and missions

• Supporting penetration testing services with internal and external stakeholders

• Coordinating and executing of purple teaming exercises with IR Team resources

• Facilitating of Cyber Threat Simulation Exercise

Threat Intelligence:

• Conducting cyber threat intelligence researches and assessments

• Tracking threat actors and campaigns

• Maturing the intelligence development process, procedures, and techniques

• Engaging internal and external entities to gather cyber threat intelligence

• Supporting in penetration testing services with internal and external stakeholders

• Facilitating Cyber Threat Simulation Exercises

Penetration Testing:

• Coordinating penetration testing services with internal and external stakeholders

• Delivering pen-test engagements via out hands-on keyboard

• Coordinating and executing purple teaming exercises with IR Team resources

• Coordinating and executing red team projects

• Supporting vulnerability scanning operations

• Facilitating Cyber Threat Simulation Exercises

Desired Penetration Testing specific experience: performing red team assessments (physical, social engineering, and network exploitation); conducting penetration testing on applications, network, web, databases; performing controlled vulnerability exploitation; conducting network reconnaissance, OSINT, and physical security reviews; evaluating technology risks; familiar with OWASP Top 10;



Bachelor's degree in Business, Cyber Security, Risk Management, Information Technology, Computer Science or related field or the equivalent education/experience required.

Preferred Licensures and Certifications

• Certified Information Systems Security Professional - CISSP is preferred


• Previous experience as an IT Security Analyst or related field as typically acquired with 3-5 years in a similar position is required

• Healthcare information technology industry experience is strongly preferred

• 3-5 years of previous experience providing cyber security support by planning, coordinating, integrating and synchronizing cyber defense and prevention activities is required

• 3-5 years of proven experience ensuring compliance with all applicable state and federal cyber laws and regulations is required

• 3-5 years of significant experience creating comprehensive and accurate reports that are used to communicate Sutter Health’s risk profile impact to peers and management is required

Skills and Knowledge

• Thorough knowledge of information systems security concepts and current information security trends and practices including security processes and methods

• General knowledge of Federal and State IS security and privacy-related regulatory requirements and laws

• In-depth knowledge regarding NIST, HIPAA, FIPS, and other recognized industry security standards and best practices

• Detailed understanding of DLP and DLP technologies

• Detailed understanding of data movement in a large healthcare system and typical healthcare business processes

• In depth knowledge of cyber security solutions, policies and technologies

• Understanding of the lifecycle of a network threat and network vulnerability exploitation in a healthcare environment

• Working understanding of the anatomy of an attack

• Advanced level of skill using Microsoft windows workstation and server, Unix/Linux and network OS’s

• Proven ability to use Internet Technologies including DNS, routing, SMTP, HTTP, DHCP, and FTP etc.

• Strong technical skills in planning, administration, and management of information systems, operational and technical security controls, and security risk analysis and management

• Excellent written/verbal interpersonal communication skills with the ability to interact effectively with a broad and diverse group of peers, users, and executives

• Proven ability to prioritize work while multi-tasking on assigned work.

• Demonstrated ability to acquire images, either remote or local, to a workstation or server

• Proven ability to conduct forensics activities in the context of an active attack

• Strong ability to perform and conduct incident Response and participate in security incident and post incident response process

• Proven ability to break down highly complex technical topics into language and diagrams understandable to a wide audience

Organization: Sutter Health System Office

Employee Status: Regular

Benefits: Yes

Position Status: Exempt

Union: No

Job Shift: Day

Shift Hours: 8 Hour Shift

Days of the Week Scheduled: Monday-Friday

Weekend Requirements: Other

Schedule: Full Time

Hrs Per 2wk Pay Period: 80

All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, marital status, sexual orientation, registered domestic partner status, sex, gender, gender identity or expression, ancestry, national origin (including possession of a driver's license issued to individuals who did not present proof of authorized presence in the U.S.), age, medical condition, physical or mental disability, military or protected veteran status, political affiliation, pregnancy or perceived pregnancy, childbirth, breastfeeding or related medical condition, genetic information or any other characteristic made unlawful by local, state, or federal law, ordinance or regulation. External hires must pass a background check/drug screening. Qualified applicants with arrest and/or conviction records will be considered for employment in a manner consistent with Federal, state, and local laws, including but not limited to the San Francisco Fair Chance Ordinance.