Application Security Analyst

Job Summary

We are seeking a skilled Application Security / Vulnerability Management Analyst to join our Information Security team. In this role, you will play a critical part in safeguarding our EHR applications by identifying, assessing, and mitigating security vulnerabilities. You will collaborate with development, IT, and compliance teams to ensure our systems meet rigorous security standards, including HIPAA, while maintaining a seamless user experience for healthcare professionals.

Essential Duties & Responsibilities

• Vulnerability Assessment: Conduct regular security assessments of applications, including static and dynamic analysis, to identify vulnerabilities in code, configurations, and third-party dependencies.
• Vulnerability Management: Prioritize, track, and remediate vulnerabilities using industry-standard tools (e.g., Rapid7 InsightVM, Nessus, Snyk, or Burp Suite), ensuring timely resolution in alignment with risk levels.
• Secure Development Support: Partner with software engineers to integrate security best practices into the SDLC, providing guidance on secure coding and vulnerability remediation.
• Compliance Alignment: Ensure application security practices comply with healthcare regulations (e.g., HIPAA) and industry standards (e.g., OWASP Top 10, NIST).
• Threat Analysis: Stay ahead of emerging threats by analyzing attack vectors specific to healthcare applications and recommending proactive defenses.
• Reporting & Documentation: Maintain detailed records of vulnerabilities, remediation efforts, and security metrics; prepare reports for leadership and audit purposes.
• Tool Optimization: Manage and configure vulnerability scanning and security testing tools to maximize coverage and efficiency.
• Incident Support: Assist in investigating and responding to security incidents related to application vulnerabilities as needed.
• Other security-related projects that may be assigned according to skills

Education

• High school diploma or equivalent. Associate degree in Technology/Computers preferred, ideally in Computer Engineering, Computer Science, or Information Systems Management or equivalent work experience in the field of Cybersecurity

Minimum Qualifications

• Possess current security certifications (e.g., CISSP, CEH, OSCP, CSSLP, or CompTIA Security+) or be willing to obtain within 1 year of assignment.
• Scripting skills (e.g., Python, Bash) for automation of security tasks are a bonus.
• 1 – 3 years operational experience with writing or reviewing source code.
• Knowledge of HIPAA compliance and data privacy regulations are a bonus.

Skills/Knowledge

• Proficiency with vulnerability scanning and management tools (e.g., Tenable, Qualys, Rapid7, or similar).
• Familiarity with secure coding practices and tools like SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing).
• Understanding of web application frameworks, APIs, cloud environments (e.g., AWS, Azure), and container security (e.g., Docker, Kubernetes).
• Strong grasp of common vulnerabilities (e.g., SQL injection, XSS, CSRF) and mitigation techniques; familiarity with OWASP Top 10 and CVE databases.
• Soft Skills: Analytical mindset, attention to detail, and excellent communication skills to bridge technical and non-technical teams.

Work Environment/Physical Demands

• While at work, this position is primarily a sedentary job and requires that the associate can work in an environment where they will consistently be seated for the majority of the work day
• This role requires that one can sit and regularly type on a key board the majority of their work day
• This position requires the ability to observe a computer screen for long periods of time to observe their own and others’ work, as well as in-coming and out-going communications via the computer and/ or mobile devices.
• The role necessitates the ability to listen and speak clearly to customers and other associates
• The work environment is an open room with other associates and noise from others will be part of the regular work day

At Greenway, we strive to imagine, empower, engage, and inspire. Join us!

To learn more about Greenway, take a video tour of our office, and meet our employees, visit us at www.GreenwayHealth.com/careers.

Disclaimer: This Job Summary indicates the general nature and level of work expected of the incumbent(s). It is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities required of the incumbent. Incumbent(s) may be asked to perform other duties as requested. Greenway Health, LLC is an Equal Opportunity Employer. We do not discriminate on the basis of race, religion, age, gender, national origin, sexual orientation, disability, or veteran status.