HCA, Hospital Corporation of America Senior Security Vulnerability Engineer in Nashville, Tennessee


The Security Vulnerability Engineer implements and monitors enterprise wide vulnerability management solutions for HCA. A Security Vulnerability Engineer strives to enforce security best practices, policies, standards and guidance to ensure the safeguard of HCA’s proprietary data, physical infrastructure and resources from internal and external threats. The Security Vulnerability Engineer is required to maintain an extensive understanding of services provided by HCA, IT&S and to develop relationships throughout the organization to assist Information Security in accomplishing its goals for the company.


• Organize resources to build and perform vulnerability assessments of operating systems, applications, databases and network infrastructure components to detect, enumerate and classify major vulnerabilities for performing trend analysis and reporting to Enterprise customers through the use of vulnerability assessment tools and methodologies.

• Schedule and maintain security operations management of operating systems, security applications and network infrastructure components to provide security configurations, controls for user account access, monitoring of services, centralized logging, network connectivity, job scheduling execution and routine maintenance through the use of administrative tools and methodologies.

• Organize and perform vulnerability classification based on industry publications, attack vector analysis, and external intelligence.

• Coordinate resources for auditing of applications, operating systems and networks to provide a measurable technical assessment that includes interviewing staff personnel, performing security vulnerability scans, reviewing access controls or analyzing physical access to ensure availability, confidentiality and integrity to help the organization meet internal and external regulatory compliance (PCI, SOX, HIPPA, NIST).

• Interpret the results of the attack and penetration testing of the HCA enterprise for information gathering, vulnerability detection, analysis and exploitation planning, and results reporting to remediate exploits and ensure confidentiality, integrity and availability of mission critical information assets.

• Mentor junior engineers in security knowledge and experience in technologies and methodologies as it relates to operating systems, firewalls, proxies, access controls, encryption, networking, programming/scripting, auditing, vulnerability assessments, and operations management to assist the team with effective research, data gathering, analysis, metrics reporting and communications.

• Provide guidance using specialized knowledge and toolsets to operational teams during enterprise wide crisis scenarios, e.g. large-scale production service outages, outside of the routine change management process.


5-7 years of applicable work experience is needed for a successful candidate.


• Comprehensive understanding of Security Methodologies • Advanced experience with TCPIP/UDP/ICMP • Comprehensive knowledge of the OSI Reference Model • Windows / Linux / Unix operating systems • Advanced experience with Networking components (routers, switches, load balancers, wireless access points, etc) • Comprehensive knowledge of firewalls, proxies, mail servers and web servers • Advanced experience with operational support for operating systems, applications and networks • Comprehensive knowledge of relational databases and structured query language • Advanced experience with vulnerability assessments • Comprehensive knowledge of malicious code (worms, viruses, spyware, etc.) • Comprehensive knowledge of enterprise-scale security assessment infrastructure • Advanced experience in automation and scripting of applications and systems systems i.e. Python, Perl, JavaScript, Splunk, Archer GRC


College graduate or comparable work experience.


Title: Senior Security Vulnerability Engineer

Location: Tennessee-Nashville-Corporate Main Campus

Requisition ID: 10207-18693