Seeking a Cyber Security Engineer to join our Secure Design and Evaluation team. This is a very exciting time at MSK, as we move forward on our journey through the digital transformation process. As the analyst supporting the Information Security Office, you will be a key member of a team of dedicated information security professionals who are on the front lines in defending MSK from active cyber threats.
Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments.
Perform penetration testing on a wide range of applications, devices, physical and logical digital technologies (e.g., wireless, SCADA, telecom) to identify and remediate vulnerabilities.
Analyze organization's cyber defense policies and configurations and evaluate compliance with regulations and organizational directives.
Collaborate with engineers and developers to ensure secure design principles are met.
Prepare assessment reports that identify technical and procedural findings and provide recommended remediation strategies/solutions.
Assist with and implement departmental security projects and process development.
Actively participate and assist in organizational information proof of concepts and enterprise project architecture.
Assist with organization-wide vulnerability remediation activities.
Advise with security risk mitigation efforts and provide guidance to facilitate new business partnerships, data transfers, and/or IT system implementations, in coordination with internal and external (non-MSK) partners.
Knowledge and hands-on experience of secure systems and network architecture design across various operating systems, development platforms, and other technologies (web, mobile, database, endpoint, cloud, virtual) and a demonstrated ability to use and understand how these various technologies function.
Some hands-on ability in one or more scripting (Python, Perl or Shell/PowerShell) or programming (C/C++, Assembly) languages.
Knowledge of different classes of cyber attacks, cyber attack stages, vulnerabilities, application security risks and secure coding principles, network security architecture concepts, operating system hardening techniques.
Hands-on experience with penetration testing tools and techniques, network analysis tools, fuzzers, and vulnerability scanners.
Strong verbal and written communication skills; technical writing or desktop/web publishing skills
1.5+ year professional or educational experience in relevant topics
As one of the world's premier cancer centers, Memorial Sloan-Kettering Cancer Center is committed to exceptional patient care, leading-edge research, and superb educational programs. The close collaboration between our physicians and scientists is one of our unique strengths, enabling us to provide patients with the best care available today as we work to discover more effective strategies to prevent, control, and ultimately cure cancer in the future. Our education programs train future physicians and scientists, and the knowledge and experience they gain at Memorial Sloan-Kettering has an impact on cancer treatment and the biomedical research agenda around the world.