Cyber Security Vulnerability Engineer II (30762) at GI Alliance – Southlake, Texas

Cyber Security Vulnerability Engineer II (30762)
Job DetailsJob Location: GIA Southlake Admin - Southlake, TX 76092
Position Type: Full Time
Job Shift: Day
Description

CyberSec Vulnerability Eng. II

Position purpose
We are seeking a highly skilled Senior Cybersecurity Vulnerability Engineer with deep expertise in healthcare environments to join our Information Security Team. This role is responsible for identifying, assessing, prioritizing, and driving remediation of vulnerabilities across clinical and enterprise systems. The ideal candidate understands the unique challenges of securing healthcare infrastructure, including medical devices, EHR systems, and regulatory requirements.
Responsibilities/Duties/Functions/Tasks:
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Lead enterprise-wide vulnerability management programs, including scanning, assessment, prioritization, and remediation tracking

Perform advanced vulnerability assessments on networks, applications, cloud environments, and medical devices

Collaborate with IT, DevOps, clinical engineering, and application teams to remediate[JS1] security vulnerabilities

Analyze vulnerability scan results and threat intelligence to identify risk exposure and recommend mitigation strategies

Develop and maintain vulnerability management policies, standards, and procedures aligned with healthcare regulations

Conduct risk-based prioritization using frameworks such as CVSS, threat context, and asset criticality

Support penetration testing activities and red team exercises

Monitor and report on vulnerability metrics, trends, and KPIs to leadership

Ensure compliance with healthcare regulations and standards (e.g., HIPAA, HITRUST, NIST, SO 27001, SOC 2, PCI-DSS)

Provide guidance on secure configuration and patch management for clinical systems and medical devices

Stay current on emerging threats, vulnerabilities, and healthcare-specific attack vectors

Support the development and maintenance of risk registers and risk treatment plans

Assist in the development, review, and enforcement of information security policies, standards, and procedures as is relates to patch management and vulnerability remediation

Support internal and external audits, including evidence gathering and remediation tracking

Maintain awareness of emerging threats, regulatory changes, and industry best practices

Qualifications
Education:

Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, STEM or related field

Experience:

5–8+ years of experience in vulnerability management, security engineering, or related[JS2] cybersecurity roles

Strong experience with vulnerability scanning tools (e.g., Tenable, Qualys, Rapid7)

Deep understanding of operating systems, networks, and cloud environments

Experience working in healthcare or highly regulated environments

Knowledge of healthcare systems such as EHR/EMR platforms and medical device security

Familiarity with regulatory frameworks such as HIPAA, HITRUST, NIST CSF, and ISO 27001, SOC II, SOX

Strong analytical, problem-solving, and communication skills

Ability to manage multiple priorities and work cross-functionally

Professional certifications such as CISSP, CEH, OSCP, or GIAC

Knowledge of cloud security and compliance (AWS, Azure, GCP)

Experience with third-party risk management programs (Archer, Drata)

Essential Skills and Experience:

Experience with container and cloud security (AWS, Azure, GCP)

Knowledge of DevSecOps and CI/CD pipeline security

Experience with scripting or automation (Python, PowerShell, Bash)

Familiarity with threat modeling and risk assessment methodologies

Experience securing IoT/medical devices in clinical environments

Problem analysis and problem resolution at both an operational and tactical level.

Experience in developing and deploying security specific solutions including the automation of repeatable security tasks and controls.

Experience with security vulnerability and penetration tools, remediation, and processes.

Performance Requirements:

Attention to detail and documentation rigor

Integrity and accountability

Risk-based decision making

Cross-functional collaboration

Attention to detail and accuracy

Ability to communicate complex security issues to non-technical stakeholders

Proactive and continuous improvement mindset

Equipment Operated: This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines.
Work Environment: This job operates in professional office environments.
Physical Requirements: While performing the duties of this job, the employee is occasionally required to stand; walk; sit; use hands to finger, handle, or feel objects, tools or controls; reach with hands and arms; climb stairs; balance; stoop, kneel, crouch or crawl; talk or hear; and taste or smell. The employee must occasionally lift or move up to 25 pounds. Specific vision abilities required by the job include close vision, distance vision, color vision, peripheral vision, depth perception and the ability to adjust focus.