Information Security Analyst

Essential Duties & Responsibilities

• Conduct regular vulnerability scans and assessments of EHR systems, applications, networks, and infrastructure (e.g., Rapid7).
• Analyze scan results, prioritize vulnerabilities based on risk severity, and develop remediation plans in collaboration with system owners and development teams.
• Track and manage vulnerabilities through their lifecycle, ensuring timely mitigation or acceptance of risks with proper documentation.
• Collaborate with DevOps and software development teams to integrate secure coding practices and address vulnerabilities in the software development lifecycle (SDLC).
• Maintain and update vulnerability management policies, procedures, and documentation to align with industry standards (e.g., NIST, HITRUST) and regulatory requirements (e.g., HIPAA).
• Monitor threat intelligence feeds to identify emerging vulnerabilities and threats relevant to EHR systems and recommend proactive measures.
• Assist in penetration testing efforts and coordinate with internal teams and external vendors to validate security controls.
• Provide regular reports and metrics on vulnerability management activities to leadership and compliance teams.
• Participate in incident response activities related to vulnerabilities and support the development of patch management strategies.
• Educate and train internal teams on vulnerability management best practices and secure development principles.
  

Experience & Education

• High school diploma/GED.
• Associate degree in Technology/Computers preferred, ideally in Computer Engineering, Computer Science, or Information Systems Management or equivalent work experience in the field of Cybersecurity.
• Two (2) to four (4) years of experience in information security, cybersecurity, or a related role, preferably in the healthcare or technology sector.
• Possess current security certifications (e.g., CEH, CC, CISM, Security+) or be willing to obtain within 1 year of assignment.
• Experience with scripting (e.g., Python, PowerShell) for automating vulnerability management tasks is a plus.
• Experience working with Rapid7 InsightVM a plus.
• Demonstrated experience with vulnerability scanning tools (e.g., Rapid7, Nessus, Qualys) and interpreting scan results.
  

Skills, Knowledge, And Abilities

• Knowledge of common vulnerability scoring systems (e.g., CVSS) and risk assessment methodologies.
• Understanding of secure software development practices and application security testing (e.g., SAST, DAST).
• Ability to work collaboratively in a cross-functional environment and communicate technical concepts to non-technical stakeholders.
• Ability to manage multiple priorities and meet deadlines in a fast-paced environment.
• Strong communication skills to convey complex security concepts to technical and non-technical audiences.
• Proficiency in vulnerability management processes, including identification, assessment, prioritization, and remediation.
• Familiarity with common security frameworks and standards (e.g., NIST 800-53, OWASP, CIS Controls).
• Knowledge of network protocols, operating systems (Windows, Linux), and cloud environments (e.g., AWS, Azure).
• Understanding of EHR system architecture and the unique security challenges in healthcare IT.
• Strong written and verbal communication skills for documenting findings and presenting recommendations.
• Ability to stay current with evolving cybersecurity threats, vulnerabilities, and mitigation techniques.
• Ability to recommend approaches for new or improved processes.
• Displays and promotes a positive attitude and possesses unwavering integrity and extraordinary adherence to high ethical standards.
• Ability and motivation to learn new skills as required by an evolving information security landscape.
• Working knowledge of and experience with the Linux operating system is a plus.
• Ability to perform professional tasks independently and to analyze and develop innovative solutions to complex problems.
  

Work Environment/Physical Demands

• While at work, this position is primarily a sedentary job and requires that the associate can work in an environment where they will consistently be seated for the majority of the work day
• This role requires that one can sit and regularly type on a key board the majority of their work day
• This position requires the ability to observe a computer screen for long periods of time to observe their own and others’ work, as well as in-coming and out-going communications via the computer and/ or mobile devices.
• The role necessitates the ability to listen and speak clearly to customers and other associates
• The work environment is an open room with other associates and noise from others will be part of the regular work day