Be an early applicantLess than 25 applicants

Company

Mayo Clinic · 8 hours ago

Senior Information Security Engineer (Remote)

Rochester, MN

Full-time

Remote

Mid, Senior Level

$129K/yr - $186K/yr

3+ years exp

Maximize your interview chances

BiotechnologyHealth Care

No H1B

U.S. Citizen Only

Insider Connection @Mayo Clinic

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Work with business partners within the department to achieve organizational and OIS goals

Apply technical expertise in penetration testing, vulnerability research, red teaming, code auditing, and reverse engineering to perform in-depth security assessments of IT infrastructure (on-prem and cloud), medical devices, and various types of software (including web and mobile applications)

Identify, understand, and explain the root cause of technical security vulnerabilities and clearly report steps to reproduce a vulnerability

Develop and recommend technical strategies to mitigate or remediate identified vulnerabilities to asset owners

Regularly research and learn new TTPs in public and closed forums, and work with teammates to assess risk and implement and validate controls as necessary

Develop and maintain tools and scripts used in penetration-testing and red team processes

Support purple team exercises designed to build strength across the cybersecurity operations center, threat hunting, and red team

Train offensive and defensive colleagues on new TTPs and mentor junior teammates

Occasionally attend and participate in risk assessment or policy discussion meetings

Undertake complex projects requiring specialized technical knowledge

Perform other security-related duties or enhancements as assigned

Establish timelines and delivery of requirements.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Penetration TestingVulnerability ResearchRed TeamingSecurity ToolsOperating SystemsCryptographic ImplementationsOWASPNIST CVSSSoftware Development LifecycleProgramming LanguagesCloud InfrastructuresMobile Applications TestingSecure Systems ArchitectureReverse EngineeringHardware Security TestingOSCP CertificationCISSP CertificationGIAC Certification

Required

Strong written and verbal skills

Professional, focused, penetration testing experience

Good understanding of at least three operating systems (Microsoft Windows, GNU/Linux, Android, macOS, or iOS)

Advanced experience with security tools, including Metasploit Framework, Burp Suite, Frida, Wireshark, and Responder

Provide security recommendations about cryptographic implementations

Understands system-level concepts

Understands OWASP, NIST CVSS, and the software development lifecycle (SDLC)

Experience in at least one programming language (Rust, Go, Java, .NET, C or C++) or one scripting language (Python, PHP, Ruby)

Experience in testing at least one of the following: cloud infrastructures (AWS, GCP) or mobile applications (iOS and Android)

Have an astute attention to detail

Highly organized and efficient

Demonstrates a deep and broad knowledge of standard operating procedures, workflows and supporting technology across numerous critical user areas and an in-depth knowledge of multiple computing technologies either being actively used or of significant interest to Mayo; understands how systems fit into larger picture of technology at Mayo

Capacity to work remotely, independently, and be willing to seek advice/assistance

Master’s degree with one (3) years of experience or bachelor’s degree in computer science, Information Systems, Engineering or related major and a minimum two (5) years’ experience in the information security field required

Must have one of the following certifications (or equivalent) at time of hire: OSCP – Preferred certification, CISSP, GIAC Certification (GPEN preferred)