Enterprise Application Assessment Cybersecurity Analyst (Remote)

About the position Discover Vanderbilt University Medical Center : Located in Nashville, Tennessee, and operating at a global crossroads of teaching, discovery, and patient care, VUMC is a community of individuals who come to work each day with the simple aim of changing the world. It is a place where your expertise will be valued, your knowledge expanded, and your abilities challenged. Vanderbilt Health is committed to an environment where everyone has the chance to thrive and where your uniqueness is sought and celebrated. It is a place where employees know they are part of something that is bigger than themselves, take exceptional pride in their work and never settle for what was good enough yesterday. Vanderbilt’s mission is to advance health and wellness through preeminent programs in patient care, education, and research. Organization: VEC AVA Job Summary: In this role, the Analyst will be responsible for assisting in assessing applications to identify security best practices are being followed in the development lifecycle. Analysts will work closely with our senior security analysts to analyze, and respond to potential security issues, ensuring the confidentiality, integrity, and availability of VUMC developed applications. . KEY RESPONSIBILITIES Conduct regular assessments to identify weaknesses in VUMC applications. Assist in analyzing security issues to detect and report potential security incidents to the respective support team. Collaborate with cross-functional teams to implement security best practices and mitigate identified weaknesses. Stay informed about the latest security trends, and coding best practices to address emerging security issues. Assist in the development and implementation of security policies, procedures, and controls. TECHNICAL CAPABILITIES Security Researcher (Novice) – Conduct research and analyze emerging cyber threats and vulnerabilities. Has existing knowledge of areas that contain Cybersecurity knowledge or how to search for new areas where information can be found. Able to provide timely intelligence to inform security strategies and Cybersecurity management. This will include oral and written notification to the necessary parties. Conduct Application Assessment (Novice) – Conduct application assessment on various applications. Provide timely reports to any stakeholders of the issues and Cybersecurity management. Will be expected to identify vulnerabilities that need to be remediated and provide guidance on potential mitigations for the vulnerabilities. Has conducted an application assessment in the past on an application. Basic knowledge of the following: APIs, Operating Systems, Software packages, Application Frameworks, Basic Languages, Application Authentication, Application Assessment Tools, Development Lifecycles. Conduct Source Code Reviews (Novice) – Will be expected to conduct and participate in source code reviews. This will include providing a detailed write-up of the review. Will work with various key stakeholders to report existing issues and potential fixes if needed. Basic knowledge of the following: Source code review tools, common programming languages. Escalation/Troubleshooting (Novice) – Will be expected to be a technical resource for any issues that may arise from scanning or assessing applications. They will be expected to report the issue to the necessary parties and follow through until the issue is resolved. Consultation (Novice) – Will provide consulting services to VUMC support personnel as designated by VEC SOS leadership. They will operate in both a per directive and per request basis through approved methods. These include, but not limited to approved short-term and long-term initiatives. Project Resource (Novice) – Will assist in cybersecurity centric projects for the institution. They will be expected to be assigned to multiple initiatives at the same time. They will be expected to operate in both an independent and team environment executing proper time and resource management skills. Regular reporting cadence with their director is expected. About the Department: VUMC Enterprise Cybersecurity (VEC) VUMC Enterprise Cybersecurity focuses on protecting Vanderbilt Health from the numerous cyberthreats that exist in today’s world. They work to identify and mitigate risks, create proactive solutions to manage these risks, and develop a strong culture of safety and security within the organization. Our professional administrative functions include critical supporting roles in information technology and informatics, finance, administration, legal and community affairs, human resources, communications and marketing, development, facilities, and many more. At our growing health system, we support each other and encourage excellence among all who are part of our workforce. High-achieving employees stay at Vanderbilt Health for professional growth, appreciation of benefits, and a sense of community and purpose. Core Accountabilities: Organizatio Apply tot his job Apply To this Job