Medibank | Vulnerability

Medibank It's a strange thing to say, because us humans are capable of incredible things.
And at Medibank, we know our greatest potential lies in the people who work with us.

We strive to make real, fundamental change, driven by a simple purpose: to create the best health and wellbeing for all of Australia.

Your new role:
Medibank maintains and operates a number of information security controls across the organisation.
To continue to be effective, these controls require ongoing development, maintenance, support and timely response to alerts generated from the systems.

As the Vulnerability & Patching Specialist you will make a direct impact on the organization's vulnerability and patching management processes, driving security improvements and operational efficiency.

This role will focus on managing and improving the vulnerability management and patching lifecycle across our technology estate, ensuring the identification, assessment, and remediation of vulnerabilities are performed efficiently and effectively.
The ideal candidate will have extensive hands-on experience with vulnerability scanning tools, patch management systems, and a strong understanding of security operations and engineering.

Key Responsibilities:
Lead the implementation, configuration, and ongoing management of vulnerability scanning tools such as CrowdStrike, Defender, Tenable IO, Tenable SC, and ASM, ensuring accurate identification of vulnerabilities across the organization's systems and networks.
Oversee asset discovery processes using tools like runZero to ensure 100% coverage of vulnerability scanning tools across all environments, including on-premises, hybrid, and cloud infrastructures.
Analyze vulnerability scanning results, identify trends, and drive continuous improvements in vulnerability remediation and patching performance.
Provide detailed reports and dashboards to internal stakeholders to inform decision-making and risk management strategies.
Manage vulnerability tracking, monitoring, risk assessment, and reporting.
Collaborate with IT, operations, and security teams to prioritize vulnerabilities based on business impact and risk levels, ensuring timely remediation.
Ensure effective patch management across data centers, public cloud environments (AWS, Azure), and endpoints.
Coordinate patching cycles using tools like BigFix, ensuring that patches are applied efficiently and in alignment with established security standards and deadlines.
Work closely with automation tools and workflows to integrate scanning tools with patch management systems, streamlining the vulnerability remediation and patching process, and reducing manual effort.
Support the broader security operations functions, including incident response, threat intelligence, monitoring, and detection.
Collaborate with security engineering teams to assess vulnerabilities in the context of broader security threats and risks.
Conduct regular risk assessments to determine the business impact of identified vulnerabilities and patching gaps.
Develop and present mitigation strategies to reduce potential business risks, ensuring compliance with internal security standards.
Communicate effectively with security teams, business units, and external stakeholders to provide updates on vulnerability and patch management status, ensuring clear understanding and support for remediation efforts.
About you:
Proven hands-on experience with vulnerability scanning tools, specifically CrowdStrike, Defender, Tenable IO, Tenable SC, ASM.
Expertise in asset discovery using tools like runZero to ensure comprehensive vulnerability scanning coverage.
Strong experience with vulnerability management processes, including vulnerability tracking, monitoring, and risk assessment.
Familiarity with patching cycles, patch management tools (e.g., BigFix), and patch management processes across data centers and cloud environments (AWS, Azure).
Ability to integrate and automate patch management workflows in conjunction with vulnerability scanning and assessment tools.
Strong analytical skills to identify and assess vulnerabilities, business risks, and impact.
Knowledge of security engineering and operations functions, including incident response, monitoring, threat intelligence, and investigations.
Excellent communication skills with the ability to collaborate effectively across security, technical, and business teams.
Strong attention to detail and a proactive approach to vulnerability management and patching.
We believe in everyone's potential and strive to make Medibank inclusive for all, because different perspectives make us better.

To learn about our commitments, employee experiences, and benefits, go to Diversity and Inclusion .

We encourage applications from everyone, including Aboriginal and Torres Strait Islander candidates, those with disabilities, and LGBTQIA+ individuals.
For any adjustments or alternative formats during the recruitment process, please contact us at .

#J-18808-Ljbffr