This Cybersecurity Engineer III position, with a primary focus on senior-level vulnerability management, is responsible for providing thought leadership and enhancing the cybersecurity team in identifying, assessing, prioritizing, and remediating security vulnerabilities across the organization's endpoints, servers, networks, cloud, and applications. This role involves designing, implementing, and optimizing enterprise vulnerability management solutions-including Rapid7 and Tenable Nessus-to reduce risk to protected health information (PHI) and other regulated data, as well as performing vulnerability scanning, risk-based prioritization, remediation tracking, metrics and reporting, and mentoring junior team members while providing strategic direction to the team and organization. While vulnerability management is the primary focus of this position, the successful applicant will also work as part of a dynamic team responsible for cybersecurity incident response, as well as other cybersecurity-related initiatives, and will share in rotating on-call responsibilities, drawing on broad cybersecurity knowledge to support detection, triage, and response activities.
Qualifications
Duties and Responsibilities
- Lead efforts in designing, deploying, and maintaining enterprise vulnerability management solutions and scanning infrastructure across endpoints, servers, network devices, cloud, and applications.
- Administer, configure, and optimize Rapid7 (InsightVM/Nexpose) and Tenable Nessus to discover assets, scan for vulnerabilities, and assess exposure across the environment.
- Perform risk-based prioritization of vulnerabilities using CVSS, threat intelligence, and asset criticality, and develop, tune, and continuously improve scanning policies and remediation workflows.
- Track and drive vulnerability remediation to closure in coordination with IT, infrastructure, application, and patch management teams, including validation and root cause analysis of recurring findings.
- Develop and maintain vulnerability metrics, dashboards, and reporting for technical teams and leadership, and collaborate with teams throughout ISS, as well as Privacy and Compliance, to ensure the protection of PHI and adherence to HIPAA and other regulatory requirements.
- Provide mentorship and guidance to junior and mid-level cybersecurity engineers.
- Participate in the development and implementation of cybersecurity strategies and policies.
- Serve as part of a dynamic incident response team, assisting with the detection, triage, investigation, containment, and remediation of security incidents.
- Conduct offensive security exercises, such as penetration testing and red team activities, to proactively identify vulnerabilities and validate defenses across the network.
- Participate in a rotating on-call schedule to support time-sensitive vulnerability and incident response activities outside of normal business hours.
Education, Training and Certification
- Bachelor's degree or higher in Cybersecurity, Information Technology, or a related field is preferred; equivalent experience may be considered in lieu of a degree for exceptionally qualified candidates.
- Relevant certifications such as CISSP, GIAC GEVA (GIAC Enterprise Vulnerability Assessor), CompTIA Security+, CompTIA PenTest+, or equivalent are highly desirable.
Knowledge and Experience
- Strong understanding of vulnerability management principles, the vulnerability lifecycle, CVSS scoring, and risk-based remediation practices.
- Hands-on proficiency with Rapid7 (InsightVM/Nexpose), Tenable Nessus, and other vulnerability scanning and assessment technologies across endpoints, servers, network, cloud, and applications.
- Extensive experience implementing and operating enterprise vulnerability management programs, including scan configuration, risk-based prioritization, and remediation tracking.
- 3-5 years of experience in vulnerability management, information security, or information technology in a large organization, preferably a large healthcare environment.
- Hands-on experience contributing to incident response, including alert triage, investigation, containment, and remediation.
- While not a requirement, the candidate should have some hands-on experience with, and be comfortable conducting, offensive security exercises such as penetration testing to actively identify vulnerabilities on the network, going beyond traditional vulnerability scanning. Deep expertise in this area is not expected.
- Broad, well-rounded knowledge of cybersecurity domains and concepts; a certification such as CISSP is a plus to demonstrate this overall cybersecurity knowledge.
- Willingness and availability to participate in a rotating on-call schedule.
Skills and Abilities
- Strong analytical and problem-solving skills.
- Excellent communication and teamwork abilities.
- Ability to learn and adapt to new technologies quickly.
- Attention to detail and a proactive approach to security.
- Leadership and mentoring skills.
- Ability to manage cybersecurity projects within a healthcare organization, coordinating effectively with both technical and non-technical team members.
About Us
At Atlantic Health, our promise to our communities is; Anyone who enters one of our facilities will receive the highest quality care delivered at the right time, at the right place, and at the right cost. This commitment is also echoed in the respect, development and opportunities we give to our more than 22,000 team members. Headquarters in Morristown, New Jersey, we are one of the leading non-profit health care systems in the nation. Our facilities and sites of care include:
- Atlantic Health Morristown Medical Center, Morristown, NJ
- Atlantic Health Overlook Medical Center, Summit, NJ
- Atlantic Health Newton Medical Center, Newton, NJ
- Atlantic Health Chilton Medical Center, Pompton Plains, NJ
- Atlantic Health Hackettstown Medical Center, Hackettstown, NJ
- Atlantic Health Goryeb Children's Hospital, Morristown, NJ
- Atlantic Health CentraState Healthcare System, Freehold, NJ
- Atlantic Medical Group
- Atlantic Visiting Nurse
- Atlantic Mobile Health
- Atlantic Rehabilitation
We have more than 900 community-based healthcare providers affiliated through Atlantic Medical Group.
We have received awards and recognition for the services we have provided to our patients, team members and communities. Below are just a few of our accolades:
- Chosen for 17 years by Fortune as one of the magazine's "100 Best Companies to Work For."
- Atlantic Health Morristown and Atlantic Health Overlook Named by Newsweek as two of the "World's Best Hospitals" in 2026.
- Atlantic Health Morristown and Atlantic Health Overlook ranked within the top three hospitals in New Jersey by U.S. News & World Report's 2025-2026 Best Hospital rankings.
- Atlantic Health scored four "A" grades by The Leapfrog Group in its Fall 2025 Hospital Safety Grades, performance measures reflecting errors, accidents, injuries and injections, as well as systems hospitals have in place to prevent harm.
- Atlantic Health Morristown and Atlantic Health Overlook are New Jersey's only hospitals to be named among America's 50 Best hospitals by Healthgrades in 2026.
- Named by Becker's Healthcare as one of the "165 Top Places to Work in Healthcare - 2026.
- Atlantic Health Morristown, Atlantic Health Overlook, Atlantic Health Chilton and Atlantic Health Newton all Forbes Top Hospitals for 2026.
- Named by Newsweek as one of America's Greatest Workplaces for Inclusion & Diversity 2025.
- Atlantic Health rated LEVEL 9 - 2025 CHIME Digital Health Most Wired.
Atlantic Health offers a competitive and comprehensive Total Rewards package that supports the health, financial security, and well-being of all team members. Offerings vary based on role level (Team Member, Director, Executive). Below is a general summary, with role-specific enhancements highlighted:
Team Member Benefits
- Medical, Dental, Vision, Prescription Coverage (22.5 hours per week or above for full-time and part-time team members)
- Life & AD&D Insurance.
- Short-Term and Long-Term Disability (with options to supplement)
- 403(b) Retirement Plan: Employer match, additional non-elective contribution
- PTO & Paid Sick Leave
- Tuition Assistance, Advancement & Academic Advising
- Parental, Adoption, Surrogacy Leave
- Backup and On-Site Childcare
- Well-Being Rewards
- Employee Assistance Program (EAP)
- Fertility Benefits, Healthy Pregnancy Program
- Flexible Spending & Commuter Accounts
- Pet, Home & Auto, Identity Theft and Legal Insurance
Note: In Compliance with the NJ Pay Transparency Act (effective Sunday, June 1, 2025), all job postings will include the hourly wage or salary (or a range), as well as this summary of benefits. Final compensation and benefit eligibility may vary by role and employment status and will be confirmed at the time of offer.
EEO STATEMENT
Atlantic Health, Inc. is an equal employment opportunity employer and federal contractor or subcontractor and therefore abides by applicable laws to protect applicants and employees from discrimination in hiring, promotion, discharge, pay, fringe benefits, job training, classification, referral, and other aspects of employment, on the basis of race, color, religion, sex (including pregnancy, gender identity and sexual orientation), national origin, citizenship status, disability, age, genetics, or veteran