Mayo ClinicUnited States

Information Security Engineer

The information security engineer serves as a security researcher and technical representative of the Mayo Clinic Office of Information Security (OIS) team.

Information Security Engineer

Information Security Engineer

Mayo Clinic

United States

Full TimeNegotiable
Posted on 17th Dec 2024

The information security engineer serves as a security researcher and technical representative of the Mayo Clinic Office of Information Security (OIS) team. While some automated tools will be leveraged, the role requires hands-on experience with a variety of tools to emulate attacker tactics, techniques, and procedures (TTPs). A candidate must possess an understanding of information security, preferably with a computer science or engineering background. They must understand applications, networking, and various operating systems along with security assessment tools and frameworks. Candidates must also stay up to date with advancements in technology while also having some knowledge of older systems and applications that may still be in use in the enterprise.

A candidate for this position must be results oriented, multi-disciplined, and comfortable working with senior and principal engineering staff to discover vulnerabilities in existing services, infrastructure, and applications across the enterprise before our adversaries do.

The essential job duties for an information security engineer are:

  • Apply technical expertise in penetration testing, vulnerability research, red teaming, code auditing, and reverse engineering to perform in-depth security assessments of IT infrastructure (on-prem and cloud), medical devices, and various types of software (including web and mobile applications)
  • Identify, understand, and explain the root cause of technical security vulnerabilities and clearly report steps to reproduce a vulnerability
  • Develop and recommend technical strategies to mitigate or remediate identified vulnerabilities to asset owners
  • Regularly research and learn new TTPs in public and closed forums, and work with teammates to assess risk and implement and validate controls as necessary
  • Perform other security-related duties or enhancements as assigned

This vacancy is not eligible for sponsorship/ we will not sponsor or transfer visas for this position. Also, Mayo Clinic DOES NOT participate in the F-1 STEM OPT extension program.

The Information Security Engineer requires the following skills and abilities.

  • Basic security testing skills (vulnerability identification, root cause & impact analysis, technical documentation, risk rating, and presentation)
  • Good understanding of at least two operating systems (Microsoft Windows, GNU/Linux, Android, macOS, or iOS)
  • Familiarity with security tools, including Metasploit Framework, Burp Suite, Frida, Wireshark, and Responder, etc.
  • Basic understanding of cryptographic primitives
  • Basic understanding of system-level concepts
  • Understanding of OWASP, NIST CVSS, and the software development lifecycle (SDLC)
  • Strong problem-solving and analytical skills
  • Have an astute attention to detail
  • Highly organized and efficient
  • Capacity to work remotely, independently, and be willing to seek advice/assistance

Good to have:

  • Experience in at least one programming language (Rust, Go, Java, .NET, C or C++) or one scripting language (Python, PHP, Ruby)
  • Experience in testing cloud infrastructures (AWS, GCP)
  • Experience in mobile application penetration testing (iOS and Android)

Minimum Education and/or Experience Required:

Master’s Degree or a bachelor’s degree in computer science, Information Systems, Engineering or related major and a minimum one (1) year experience in the information security field required, OR Associates degree and two (2) years’ experience in the information security field.

Licensure/Certification Required: Must have one of the following certifications (or equivalent) at time of hire. In lieu of certification at time of hire, candidate must pass the exam within two years and complete the certification process once years of service requirements of the certifying body have been met.

  • OSCP – Preferred certification
  • CISSP
  • GIAC Certification (GPEN preferred)
Why Mayo Clinic
Mayo Clinic is top-ranked in more specialties than any other care provider according to U.S. News & World Report. As we work together to put the needs of the patient first, we are also dedicated to our employees, investing in competitive compensation and comprehensive benefit plans – to take care of you and your family, now and in the future. And with continuing education and advancement opportunities at every turn, you can build a long, successful career with Mayo Clinic. You’ll thrive in an environment that supports innovation, is committed to ending racism and supporting diversity, equity and inclusion, and provides the resources you need to succeed.
Benefits Highlights
  • Medical: Multiple plan options.
  • Dental: Delta Dental or reimbursement account for flexible coverage.
  • Vision: Affordable plan with national network.
  • Pre-Tax Savings: HSA and FSAs for eligible expenses.
  • Retirement: Competitive retirement package to secure your future.

Instructions

  • Provide Accurate Personal Information
  • If the job requires a CV, ensure that you upload an up to date CV
  • The name on your application should match your legal identification.
  • All Fields marked with * are mandatory
Please ensure you regularly check the email address provided during the application process for any updates from Tuhustle or potential employers. Your application status, interview invitations, or job offers will be sent via email. Respond promptly to any messages to maintain your candidacy.

Job Application Form