CityRochester
StateMN
RemoteYES
DepartmentInformation Security
Why Mayo Clinic
Mayo Clinic is top-ranked in more specialties than any other care provider according to U.S. News & World Report. As we work together to put the needs of the patient first, we are also dedicated to our employees, investing in competitive compensation and
comprehensive benefit plans – to take care of you and your family, now and in the future. And with continuing education and advancement opportunities at every turn, you can build a long, successful career with Mayo Clinic. You’ll thrive in an environment that supports innovation, is committed to ending racism and supporting diversity, equity and inclusion, and provides the resources you need to succeed.
Benefits Highlights- Medical: Multiple plan options.
- Dental: Delta Dental or reimbursement account for flexible coverage.
- Vision: Affordable plan with national network.
- Pre-Tax Savings: HSA and FSAs for eligible expenses.
- Retirement: Competitive retirement package to secure your future.
ResponsibilitiesThe information security engineer serves as a security researcher and technical representative of the Mayo Clinic Office of Information Security (OIS) team. While some automated tools will be leveraged, the role requires hands-on experience with a variety of tools to emulate attacker tactics, techniques, and procedures (TTPs). A candidate must possess an understanding of information security, preferably with a computer science or engineering background. They must understand applications, networking, and various operating systems along with security assessment tools and frameworks. Candidates must also stay up to date with advancements in technology while also having some knowledge of older systems and applications that may still be in use in the enterprise.
A candidate for this position must be results oriented, multi-disciplined, and comfortable working with senior and principal engineering staff to discover vulnerabilities in existing services, infrastructure, and applications across the enterprise before our adversaries do.
The essential job duties for an information security engineer are:
- Apply technical expertise in penetration testing, vulnerability research, red teaming, code auditing, and reverse engineering to perform in-depth security assessments of IT infrastructure (on-prem and cloud), medical devices, and various types of software (including web and mobile applications)
- Identify, understand, and explain the root cause of technical security vulnerabilities and clearly report steps to reproduce a vulnerability
- Develop and recommend technical strategies to mitigate or remediate identified vulnerabilities to asset owners
- Regularly research and learn new TTPs in public and closed forums, and work with teammates to assess risk and implement and validate controls as necessary
- Perform other security-related duties or enhancements as assigned
This vacancy is not eligible for sponsorship/ we will not sponsor or transfer visas for this position. Also, Mayo Clinic DOES NOT participate in the F-1 STEM OPT extension program.
QualificationsThe Information Security Engineer requires the following skills and abilities.
- Basic security testing skills (vulnerability identification, root cause & impact analysis, technical documentation, risk rating, and presentation)
- Good understanding of at least two operating systems (Microsoft Windows, GNU/Linux, Android, macOS, or iOS)
- Familiarity with security tools, including Metasploit Framework, Burp Suite, Frida, Wireshark, and Responder, etc.
- Basic understanding of cryptographic primitives
- Basic understanding of system-level concepts
- Understanding of OWASP, NIST CVSS, and the software development lifecycle (SDLC)
- Strong problem-solving and analytical skills
- Have an astute attention to detail
- Highly organized and efficient
- Capacity to work remotely, independently, and be willing to seek advice/assistance
Good to have:
- Experience in at least one programming language (Rust, Go, Java, .NET, C or C++) or one scripting language (Python, PHP, Ruby)
- Experience in testing cloud infrastructures (AWS, GCP)
- Experience in mobile application penetration testing (iOS and Android)
Minimum Education and/or Experience Required:
Master’s Degree or a bachelor’s degree in computer science, Information Systems, Engineering or related major and a minimum one (1) year experience in the information security field required, OR Associates degree and two (2) years’ experience in the information security field.
Licensure/Certification Required: Must have one of the following certifications (or equivalent) at time of hire. In lieu of certification at time of hire, candidate must pass the exam within two years and complete the certification process once years of service requirements of the certifying body have been met.
- OSCP – Preferred certification
- CISSP
- GIAC Certification (GPEN preferred)
Exemption StatusExempt
Compensation Detail$97,884.80 - $137,030.40 / year.
Benefits EligibleYes
ScheduleFull Time
Hours/Pay Period80
Schedule DetailsCore hours are Monday through Friday 8am to 4pm candidates local time with occasional time outside required outside core hours as needed.
Weekend ScheduleNot normal, but may be required if a test or schedule needs it. Again, this is not normal.
International AssignmentNo
Site Description
Just as our reputation has spread beyond our Minnesota roots, so have our locations. Today, our employees are located at our three major campuses in Phoenix/Scottsdale, Arizona, Jacksonville, Florida, Rochester, Minnesota, and at Mayo Clinic Health System campuses throughout Midwestern communities, and at our international locations. Each Mayo Clinic location is a special place where our employees thrive in both their work and personal lives.
Learn more about what each unique Mayo Clinic campus has to offer, and where your best fit is.Affirmative Action and Equal Opportunity Employer
As an Affirmative Action and Equal Opportunity Employer Mayo Clinic is committed to creating an inclusive environment that values the diversity of its employees and does not discriminate against any employee or candidate. Women, minorities, veterans, people from the LGBTQ communities and people with disabilities are strongly encouraged to apply to join our teams. Reasonable accommodations to access job openings or to apply for a job are available.
RecruiterJoy Kundrata