Information Security Analyst (Intermediate)

Highmark Health
1dOnsite
Match Resume

About The Position

JOB SUMMARY About Highmark Health: At Highmark Health, we believe in a world where everyone has access to the best health. We are an integrated delivery network dedicated to transforming healthcare, and our Information Security team plays a critical role in safeguarding our mission-critical assets and protected health information. Join us in building a resilient and secure future. The Opportunity: We are seeking an adaptive, data-driven Information Security Analyst to join our dynamic Vulnerability Management team. This isn't just about identifying technical vulnerabilities; it's about strategic risk prioritization and proactive defense of our most vital assets. You will be a key player in integrating newly acquired infrastructure, resolving "Redline" risks through advanced telemetry and automated orchestration, and ensuring security is a true business enabler. If you thrive in a fast-paced environment, understand that security is a business enabler, and are passionate about defending critical systems, we encourage you to apply! What You Will Do: Strategic Risk Orchestration: Move beyond traditional CVSS-based patching. Leverage our proprietary methodology to transform millions of raw vulnerabilities into a prioritized, actionable resolution queue, focusing on the highest impact risks. Operational Asset Discovery & Contextualization: Serve as a detective for our attack surface. Correlate data from on-premise, cloud, and vendor systems to identify "Crown Jewel" assets and "Operational Core" systems, ensuring business context drives every remediation priority. M&A Cyber Integration: Act as a technical security expert for acquisitions. Perform rapid risk assessments of newly acquired infrastructure, identifying technical debt and "Patient Zero" vulnerabilities (e.g., Unattributed KEVs) before integration into the corporate network. Workflow & Lifecycle Management: Support the end-to-end remediation pipeline within ServiceNow SecOps. Manage the orchestration between automated discovery and manual resolution, ensuring high-velocity threats like Ransomware and Weaponized exploits are mitigated within strict, evidence-based Service Level Objectives (SLOs). Governance & RAID Advocacy: Proactively manage the team's RAID Log (Risks, Assumptions, Issues, Dependencies). Identify and escalate "blockers" – process or technical dependencies – that could impact our security posture or project timelines. Remediation Partnership & Diplomacy: Act as a bridge between Security and IT Operations. Participate in remediation forums, providing technical rationales and impact data to help teams prioritize security tasks alongside their operational roadmaps. Telemetry Integrity: Monitor the efficacy of our scanning agents and API integrations to ensure 100% visibility across all public clouds and on-premises segments. What You Will Bring:

Requirements

  • 1–3 years of experience in Information Security, Vulnerability Management, or Risk Advisory.
  • Proven experience with attack characteristics & mapping, vulnerability advisories or catalogs, and dynamic risk-based prioritization.
  • Hands-on experience with enterprise vulnerability scanners (e.g., Rapid7, Crowdstrike, Asimily, Defender) and cloud security tools.
  • Understanding of healthcare and government mandates (e.g., PCI, NYDFS, CMS, HIPAA, NIST CSF, or NIST 800-53).
  • Experience performing Business Impact Analysis (BIA) or mapping "Critical to Operations" (CTO) dependencies.
  • Ability to correlate "unattributed" threats with specific business impact using advanced scoring frameworks like CVSS v4.0 or EPSS.
  • Comfortable identifying risk in ephemeral cloud workloads (e.g., Azure) and legacy medical/IoT devices that cannot be traditionally patched.
  • Understand how delays in one process create downstream risks in the security pipeline.
  • Proficiency in maintaining RAID logs and project tracking in a fast-paced environment.
  • Ability to drive remediation while maintaining strong partnerships with "Critical Ops" teams.
  • Knowledge of secure SDLC best practices, network security architecture, and virtualization security.
  • 3 - 5 years of experience with Information Security and Systems Analysis
  • 3 - 5 years of experience with Information Security and/or Information Risk Management and/or Information Technology
  • 3 - 5 years of experience with Information Security Governance, Risk and/or Compliance functions and activities
  • 3 - 5 years of experience developing, communicating and presenting Information Security and Risk Management concepts to varying audiences
  • 3 - 5 years of experience with technologies such as Intrusion Prevention Systems (IPS), firewalls, endpoint protection, web/email filtering, Data Loss Prevention (DLP), digital rights management, encryption, Security Event and Incident Management (SEIM), and virtualization platforms
  • Knowledge of HITRUST CSF, NIST 800-83 cyber security framework, PCI, HIPAA, HITECH, COBIT, ISO 27001/2, and ITIL 3
  • Knowledge of NIST Risk Assessment methodology
  • Familiarity with secure SDLC best practices
  • Knowledge of Microsoft Apps and Suites, Windows server, SharePoint, etc.
  • Strong teamwork and inter-personal skills

Nice To Haves

  • 5 - 7 years of experience with information security and systems analysis
  • Experience working within an information security function using the HITRUST Common Security Framework (HITRUST CSF), or the NIST 800-83 cyber security framework
  • Experience supporting SSAE 16 or SOC 2 Security Trust Principle audits
  • IT/information security risk advisory experience
  • Governance Risk and Compliance (GRC) tool experience such as ARCHER
  • In-depth understanding of network security architecture, network and networking protocol
  • Strategic Vulnerability & Cloud: GEVA (GIAC Enterprise Vulnerability Assessor): Specifically for candidates who understand enterprise-scale vulnerability life cycles beyond just running a scan.
  • CompTIA CySA+ (Cybersecurity Analyst): This is the gold standard for intermediate analysts focusing on behavioral analytics and threat detection.
  • AWS: AWS Certified Security – Specialty (SCS-C02)
  • Azure: Microsoft Azure Security Engineer Associate (AZ-500)
  • GCP: Google Professional Cloud Security Engineer
  • Oracle: OCI Security Professional
  • OpenShift: Red Hat Certified Specialist in OpenShift Advanced Cluster Security (EX430)
  • CCSK (Certificate of Cloud Security Knowledge): Provides the governance and architectural foundation for cloud-native risk management.
  • FIRST.org CVSS v4.0 Training: Demonstrates they are current on the newest vulnerability scoring standards (crucial for your "Redline" resolution).
  • Preferred (Vulnerability & Workflow): ServiceNow: Certified Implementation Specialist – Vulnerability Response (CIS-VR)
  • Vulnerability: GIAC Enterprise Vulnerability Assessor (GEVA) or CySA+
  • IoT/IoMT: GIAC Medical Equipment Security (GIME) or GICSP
  • Cloud Agnostic: Certificate of Cloud Security Knowledge (CCSK)
  • CISA ICS/SCADA Training: Completion of CISA’s specialized Industrial Control Systems curriculum.
  • ISACA CISA (Certified Information Systems Auditor): Highly valued for the "Regulatory Lens" and auditing complex IoT/IoMT compliance.

Responsibilities

  • Perform operational support of information security technology.
  • Perform analysis and resolve problems regarding information security.
  • Complete project tasks to enable the on time, within budget and scope delivery of information security projects.
  • Present new and existing information security information to workforce and management.
  • Assist in incident response procedures.
  • Assist Change Management.
  • Assist in conducting application risk assessments against Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry (PCI).
  • Assure compliance to required standards, procedures, guidelines and processes.
  • Other duties as assigned or requested.

Benefits

  • We offer a challenging and rewarding environment where your contributions directly impact the health and well-being of millions.
  • You'll work with cutting-edge technologies, collaborate with passionate professionals, and have opportunities for continuous learning and career growth.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Entry Level

Job Search Resources

Similar Information Security Analyst (Intermediate) job opportunities

Analyst-Information Services Support Intermediate
IU Health
IU Health • Indianapolis, IN3d • Onsite
Analyst-Information Services Support Intermediate
Indiana University Health System
Indiana University Health System • Indianapolis, IN2d • Onsite
Information Security Analyst
Integral
Integral • San Antonio, TX11d
Information Security Analyst
Community First Credit Union
Community First Credit Union • Neenah, WI6d
Information Security Analyst
GD Information Technology
GD Information Technology • Fort Bragg, NC6d • Onsite
Information Security Analyst
General Dynamics Information Technology
General Dynamics Information Technology • Liberty, NC8d • Onsite
Explore More Jobs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service