• Monitor and evaluate threats to cloud-hosted digital banking solutions • Assess applications and infrastructure for vulnerabilities • Operate technical controls to safeguard sensitive data • Lead and support incident response efforts using industry-standard practices • Collaborate with risk management, compliance, and audit functions • Use and optimize monitoring, reporting, and alerting capabilities • Maintain and refine threat models to prioritize risk management activities • Use and maintain vulnerability scanning and penetration testing tools • Collaborate with clients, auditors, vendors, and internal teams • Investigate reported vulnerabilities and risks • Develop and implement strategies, scripts, configurations, and procedures to reduce security risks • Operate and enhance security solutions including firewalls, DLP tools, CASBs, AV/EDR systems • Participate in formalized security incident response procedures • Collect and document evidence of security program activities

Job Description: Summary: The Security Analyst is responsible for assessing information security risk, facilitating remediation of identified vulnerabilities, and continuously monitoring the organization’s security posture. This role performs vulnerability and risk assessments across networks, systems, and applications using established security tools and methodologies. The Security Analyst documents findings, provides remediation recommendations, and tracks mitigation efforts through completion. The position also supports audits, compliance initiatives, and client-facing security inquiries. Essential Duties and Responsibilities: - Monitor and investigate security alerts - Respond to client security questionnaires - Monitor physical access requirements for corporate office environment - Provide independent testing and auditing of security control effectiveness including policy compliance, intrusion detection, and selective spot sample testing of information security controls - Assist in operational and performance management of security components of vRad Technology Platform - Assist in the designing, development, deployment, and utilization of monitoring and alerting tools for performance management and issue identification of security components - Maintain technical understanding of Information Security standards as it relates to company compliance requirements such as HIPAA, SOX, and SOC2. - Provide 24/7 Service Restoration support in the event of vRad Technology Platform outages or major issues - Participate in the development and implementation of disaster recovery and business continuity procedures as they pertain to the infrastructure for vRad - Collaboration with other vRad departments and team members in reporting and resolving security, hardware, software and operational issues - Maintain working knowledge of vRad’s business model and functionality of core Technology Platform components - Other duties as assigned Qualifications/Education: - Bachelor’s Degree preferred - CompTIA Security+ certification preferred; required to obtain within 6 months of employment. - CompTIA Network+ certification preferred; required to obtain within 12 months of employment. - Cisco Certified Network Associate (CCNA) preferred - Commitment to continued education as it relates to security and healthcare - Experience interacting with enterprise security solutions such as - Endpoint protection - IDS/IPS - Vulnerability scanning - File Integrity Monitoring - SEIM - Enterprise asset management - Knowledge of common vulnerabilities and exploitation techniques - Forensics and investigation exposure Job Classification: Light- Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force frequently and/or a negligible amount of force constantly.  A job is light if it involves less than or up to the indicated pounds of force, and one or more of the following apply; walking or standing to a significant degree, sitting and pushing/pulling arm or leg controls, or constant pushing and pulling to maintain a production rate even when weight is negligible. About vRad vRad (Virtual Radiologic) is a national teleradiology practice made up of 500+ radiologists who help expand access to lifesaving care for millions of patients each year. We're also a leader in radiologist workflow technology, supporting hospitals and groups across the country with innovative imaging solutions. Behind it all is a team that thrives in a casually professional, fast-paced, and collaborative environment. We take pride in what we do and in how we support each other, recognizing the extra effort it takes to deliver excellence every day. At vRad, your work truly makes a difference. As a Top Workplace Award winner, we’re known for our mission-driven culture, passion for innovation, and the energy our team brings to everything we do. vRad is an equal opportunity employer and welcomes all qualified applicants. vRad is committed to being an inclusive, safe and welcoming environment where everyone has equal access and equitable resources to reach their full potential. Applicants will receive fair and impartial consideration without regard to race, sex, color, religion, national origin, age, disability, veteran status, genetic data, religion or other legally protected status. For more information, visit https://www.vrad.com/team-member-careers/ vRad participates in E-Verify.

Role Description We are looking for a motivated and skilled Penetration Tester with hands-on experience in Active Directory, Network, and Web Application penetration testing. The ideal candidate should be able to identify security vulnerabilities, misconfigurations, and weaknesses across enterprise environments and provide actionable recommendations to improve the organization's security posture. In addition to traditional penetration testing, the candidate will participate in purple-team exercises, collaborating with defensive teams to simulate real-world attack scenarios and strengthen detection and response capabilities. An interest in SOC operations, monitoring, and threat detection will be considered a strong advantage. Qualifications - Hands-on experience in Active Directory security assessments and penetration testing - Strong knowledge of network penetration testing methodologies - Experience in web application security testing (OWASP Top 10) - Understanding of security configuration reviews and misconfiguration analysis - Experience performing vulnerability validation and risk analysis - Hands-on experience with tools such as: - Nmap - Burp Suite - Metasploit - BloodHound - Impacket - CrackMapExec - Strong understanding of Windows security architecture and AD attack techniques - Knowledge of network protocols, authentication mechanisms, and common attack vectors Requirements - Experience with Purple Team exercises - Exposure to SOC operations, SIEM platforms, or security monitoring - Familiarity with MITRE ATT&CK framework - Scripting knowledge (Python, PowerShell, Bash) - Exposure to cloud security assessments (Azure / AWS) Preferred Certifications (Optional) - PNPT - eCPPT - GPEN / GWAPT Soft Skills - Strong analytical and problem-solving mindset - Ability to clearly communicate technical risks and remediation steps - Good documentation and reporting skills - Ability to collaborate with both offensive and defensive security teams - Strong curiosity and passion for continuous learning in cybersecurity

• Compliance & Audit Leadership: Support the maintenance of our compliance frameworks, specifically ISO 27001 and SOC2 Type II. You will need to be comfortable being a primary point of contact for external auditors. • Client Assurance: Own the end-to-end process for Client Audits and Security RFIs, translating our complex technical controls into clear, professional, and digestible responses for stakeholders. • Cloud Governance: Apply a GRC lens to our cloud environment, ensuring that our AWS infrastructure aligns with best practices (CIS benchmarks) and triage alerts in line with our internal risk appetite. • Incident Management & Triage: Monitor security tools and act as a first-to-second responder for alert triage. You’ll manage the lifecycle of security incidents, from discovery to post-mortem. • Third-Party Risk Management: Conduct thorough due diligence on suppliers, integrations , ensuring our supply chain meets our rigorous security standards. • Risk-Based Decision Making: Conduct risk assessments across the business, providing actionable advice that balances security requirements with operational efficiency. • Security Automation: Identify opportunities to automate manual GRC and SecOps tasks to increase the team's velocity.