Vulnerability & Patching Specialist

**You’re only human.**

It’s a strange thing to say, because us humans are capable of incredible things. And at Medibank, we know our greatest potential lies in the people who work with us.

We strive to make real, fundamental change, driven by a simple purpose: to create the best health and wellbeing for all of Australia.

**Your new role**:
Medibank maintains and operates a number of information security controls across the organisation. To continue to be effective, these controls require ongoing development, maintenance, support and timely response to alerts generated from the systems.

As the Vulnerability & Patching Specialist you will make a direct impact on the organization's vulnerability and patching management processes, driving security improvements and operational efficiency.

**Key Responsibilities**:

- Lead the implementation, configuration, and ongoing management of vulnerability scanning tools such as CrowdStrike, Defender, Tenable IO, Tenable SC, and ASM, ensuring accurate identification of vulnerabilities across the organization’s systems and networks.
- Oversee asset discovery processes using tools like runZero to ensure 100% coverage of vulnerability scanning tools across all environments, including on-premises, hybrid, and cloud infrastructures.
- Analyze vulnerability scanning results, identify trends, and drive continuous improvements in vulnerability remediation and patching performance. Provide detailed reports and dashboards to internal stakeholders to inform decision-making and risk management strategies.
- Manage vulnerability tracking, monitoring, risk assessment, and reporting. Collaborate with IT, operations, and security teams to prioritize vulnerabilities based on business impact and risk levels, ensuring timely remediation.
- Ensure effective patch management across data centers, public cloud environments (AWS, Azure), and endpoints. Coordinate patching cycles using tools like BigFix, ensuring that patches are applied efficiently and in alignment with established security standards and deadlines.
- Work closely with automation tools and workflows to integrate scanning tools with patch management systems, streamlining the vulnerability remediation and patching process, and reducing manual effort.
- Support the broader security operations functions, including incident response, threat intelligence, monitoring, and detection. Collaborate with security engineering teams to assess vulnerabilities in the context of broader security threats and risks.
- Conduct regular risk assessments to determine the business impact of identified vulnerabilities and patching gaps. Develop and present mitigation strategies to reduce potential business risks, ensuring compliance with internal security standards.
- Communicate effectively with security teams, business units, and external stakeholders to provide updates on vulnerability and patch management status, ensuring clear understanding and support for remediation efforts.

**About you**:

- Proven hands-on experience with vulnerability scanning tools, specifically CrowdStrike, Defender, Tenable IO, Tenable SC, ASM.
- Expertise in asset discovery using tools like runZero to ensure comprehensive vulnerability scanning coverage.
- Strong experience with vulnerability management processes, including vulnerability tracking, monitoring, and risk assessment.
- Familiarity with patching cycles, patch management tools (e.g., BigFix), and patch management processes across data centers and cloud environments (AWS, Azure).
- Ability to integrate and automate patch management workflows in conjunction with vulnerability scanning and assessment tools.
- Strong analytical skills to identify and assess vulnerabilities, business risks, and impact.
- Knowledge of security engineering and operations functions, including incident response, monitoring, threat intelligence, and investigations.
- Excellent communication skills with the ability to collaborate effectively across security, technical, and business teams.
- Strong attention to detail and a proactive approach to vulnerability management and patching.

**Imagine working with us**

We understand that work means different things to everyone... We know happy, healthy people make great teams, and great teams put more heart into each customer and patient interaction. And that’s why we’re reinventing work.

Imagine a workplace where work didn't feel like work.

A workplace where you could shape when and where you work to have more impact.

Where flexible working isn’t a buzzword, it’s a reality.

Imagine a workplace that helps you and your family thrive.

Where connection, personal development and health and wellbeing are front of mind.

For you, work should help you Live Better. It should bring you fulfillment and joy. And with Medibank, it could.

**Inclusion and Accessibility**

We believe in everyone's potential and strive to make Medibank inclusive for all, because different perspectives mak