Job Description: Summary: The Security Analyst is responsible for assessing information security risk, facilitating remediation of identified vulnerabilities, and continuously monitoring the organization’s security posture. This role performs vulnerability and risk assessments across networks, systems, and applications using established security tools and methodologies. The Security Analyst documents findings, provides remediation recommendations, and tracks mitigation efforts through completion. The position also supports audits, compliance initiatives, and client-facing security inquiries. Essential Duties and Responsibilities: - Monitor and investigate security alerts - Respond to client security questionnaires - Monitor physical access requirements for corporate office environment - Provide independent testing and auditing of security control effectiveness including policy compliance, intrusion detection, and selective spot sample testing of information security controls - Assist in operational and performance management of security components of vRad Technology Platform - Assist in the designing, development, deployment, and utilization of monitoring and alerting tools for performance management and issue identification of security components - Maintain technical understanding of Information Security standards as it relates to company compliance requirements such as HIPAA, SOX, and SOC2. - Provide 24/7 Service Restoration support in the event of vRad Technology Platform outages or major issues - Participate in the development and implementation of disaster recovery and business continuity procedures as they pertain to the infrastructure for vRad - Collaboration with other vRad departments and team members in reporting and resolving security, hardware, software and operational issues - Maintain working knowledge of vRad’s business model and functionality of core Technology Platform components - Other duties as assigned Qualifications/Education: - Bachelor’s Degree preferred - CompTIA Security+ certification preferred; required to obtain within 6 months of employment. - CompTIA Network+ certification preferred; required to obtain within 12 months of employment. - Cisco Certified Network Associate (CCNA) preferred - Commitment to continued education as it relates to security and healthcare - Experience interacting with enterprise security solutions such as - Endpoint protection - IDS/IPS - Vulnerability scanning - File Integrity Monitoring - SEIM - Enterprise asset management - Knowledge of common vulnerabilities and exploitation techniques - Forensics and investigation exposure Job Classification: Light- Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force frequently and/or a negligible amount of force constantly.  A job is light if it involves less than or up to the indicated pounds of force, and one or more of the following apply; walking or standing to a significant degree, sitting and pushing/pulling arm or leg controls, or constant pushing and pulling to maintain a production rate even when weight is negligible. About vRad vRad (Virtual Radiologic) is a national teleradiology practice made up of 500+ radiologists who help expand access to lifesaving care for millions of patients each year. We're also a leader in radiologist workflow technology, supporting hospitals and groups across the country with innovative imaging solutions. Behind it all is a team that thrives in a casually professional, fast-paced, and collaborative environment. We take pride in what we do and in how we support each other, recognizing the extra effort it takes to deliver excellence every day. At vRad, your work truly makes a difference. As a Top Workplace Award winner, we’re known for our mission-driven culture, passion for innovation, and the energy our team brings to everything we do. vRad is an equal opportunity employer and welcomes all qualified applicants. vRad is committed to being an inclusive, safe and welcoming environment where everyone has equal access and equitable resources to reach their full potential. Applicants will receive fair and impartial consideration without regard to race, sex, color, religion, national origin, age, disability, veteran status, genetic data, religion or other legally protected status. For more information, visit https://www.vrad.com/team-member-careers/ vRad participates in E-Verify.

Role Description We are looking for a motivated and skilled Penetration Tester with hands-on experience in Active Directory, Network, and Web Application penetration testing. The ideal candidate should be able to identify security vulnerabilities, misconfigurations, and weaknesses across enterprise environments and provide actionable recommendations to improve the organization's security posture. In addition to traditional penetration testing, the candidate will participate in purple-team exercises, collaborating with defensive teams to simulate real-world attack scenarios and strengthen detection and response capabilities. An interest in SOC operations, monitoring, and threat detection will be considered a strong advantage. Qualifications - Hands-on experience in Active Directory security assessments and penetration testing - Strong knowledge of network penetration testing methodologies - Experience in web application security testing (OWASP Top 10) - Understanding of security configuration reviews and misconfiguration analysis - Experience performing vulnerability validation and risk analysis - Hands-on experience with tools such as: - Nmap - Burp Suite - Metasploit - BloodHound - Impacket - CrackMapExec - Strong understanding of Windows security architecture and AD attack techniques - Knowledge of network protocols, authentication mechanisms, and common attack vectors Requirements - Experience with Purple Team exercises - Exposure to SOC operations, SIEM platforms, or security monitoring - Familiarity with MITRE ATT&CK framework - Scripting knowledge (Python, PowerShell, Bash) - Exposure to cloud security assessments (Azure / AWS) Preferred Certifications (Optional) - PNPT - eCPPT - GPEN / GWAPT Soft Skills - Strong analytical and problem-solving mindset - Ability to clearly communicate technical risks and remediation steps - Good documentation and reporting skills - Ability to collaborate with both offensive and defensive security teams - Strong curiosity and passion for continuous learning in cybersecurity

• Compliance & Audit Leadership: Support the maintenance of our compliance frameworks, specifically ISO 27001 and SOC2 Type II. You will need to be comfortable being a primary point of contact for external auditors. • Client Assurance: Own the end-to-end process for Client Audits and Security RFIs, translating our complex technical controls into clear, professional, and digestible responses for stakeholders. • Cloud Governance: Apply a GRC lens to our cloud environment, ensuring that our AWS infrastructure aligns with best practices (CIS benchmarks) and triage alerts in line with our internal risk appetite. • Incident Management & Triage: Monitor security tools and act as a first-to-second responder for alert triage. You’ll manage the lifecycle of security incidents, from discovery to post-mortem. • Third-Party Risk Management: Conduct thorough due diligence on suppliers, integrations , ensuring our supply chain meets our rigorous security standards. • Risk-Based Decision Making: Conduct risk assessments across the business, providing actionable advice that balances security requirements with operational efficiency. • Security Automation: Identify opportunities to automate manual GRC and SecOps tasks to increase the team's velocity.

Job Description Join one of the nation’s most comprehensive academic medical centers, UChicago Medicine as an Epic MyChart Analyst - Intermediate for the IT Clinical Applications department. This is a remote, work from home opportunity and you may be based outside of the greater Chicagoland area. The MyChart Analyst - Intermediate formulates and defines systems scope and objectives through research and fact-finding combined with an understanding of applicable business applications and industry requirements. With this knowledge, develops, configures, or modifies moderately complex information applications. Includes analysis of business and user needs, documenting requirements, and revising existing logic as necessary. Guides and collaborates with other Application Analysts. Contributes to application analysis and considers the business implication of the application of technology to the current business environment. Essential Job Functions - Evaluate business implications of technology on the current business environment - Analyze business and user needs, formulates and defines application requirement scope and objectives - Document Requirements in the BRD (Business Requirement Document) - Revise existing (problematic) application configuration or builds new application configuration - Unit test configuration and other application set up - Mentor less experienced Application Analysts Required Qualifications - Associate or bachelor’s degree or equivalent training or work experience - Epic MyChart certification is required - Minimum of 2 years of experience with information system software solutions - Working knowledge of multiple software applications, systems analysis/design, Integration/design, or web applications/design - Ability and commitment to meet deadlines and to operate in a fast-paced environment - Capable of working well in a diverse, multi-disciplinary team and successfully interacting with others at all levels of the organization, including remote teams - Beginning skills in documenting and analyzing business processes - General understanding of business, functional, and technical requirements - General understanding of underlying technologies: hardware, networking, applications - Excellent interpersonal, written, and oral communication skills, and effective presentation skills - Experience developing presentations for project work - Ability to plan and facilitate meetings with diverse participants - Ability to maintain a professional attitude and demeanor in both normal and pressure situations - Proven skills in problem solving Position Details - Job Type/FTE: Full Time (1.0 FTE) - Shift: Day - Location: Remote - Unit/Department: IT Clinical Applications - CBA Code: Non-Union Why Join Us We’ve been at the forefront of medicine since 1899. We provide superior healthcare with compassion, always mindful that each patient is a person, an individual. To accomplish this, we need employees with passion, talent and commitment… with patients and with each other. We’re in this together: working to advance medical innovation, serve the health needs of the community, and move our collective knowledge forward. If you’d like to add enriching human life to your profile, UChicago Medicine is for you. Here at the forefront, we’re doing work that really matters. Join us. Bring your passion. UChicago Medicine is growing; discover how you can be a part of this pursuit of excellence at: UChicago Medicine Career Opportunities UChicago Medicine is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, ethnicity, ancestry, sex, sexual orientation, gender identity, marital status, civil union status, parental status, religion, national origin, age, disability, veteran status and other legally protected characteristics. As a condition of employment, all employees are required to complete a pre-employment physical, background check, drug screening, and comply with the flu vaccination requirements prior to hire. Medical and religious exemptions will be considered for flu vaccination consistent with applicable law. Compensation & Benefits Overview UChicago Medicine is committed to transparency in compensation and benefits. The pay range provided reflects the anticipated wage or salary reasonably expected to be offered for the position. The pay range is based on a full-time equivalent (1.0 FTE) and is reflective of current market data, reviewed on an annual basis. Compensation offered at the time of hire will vary based on candidate qualifications and experience and organizational considerations, such as internal equity. Pay ranges for employees subject to Collective Bargaining Agreements are negotiated by the medical center and their respective union. Review the full complement of benefit options for eligible roles at Benefits - UChicago Medicine.