Information Security Analyst

About The Position

Requirements

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field (or equivalent experience)
• 2–5 years of experience in information security, IT operations, or a related technical role
• Foundational understanding of information security principles, risk management, and control frameworks
• Hands-on experience with application security testing tools such as Veracode and Burp Suite
• Familiarity with static and dynamic application security testing (SAST / DAST)
• Experience supporting vulnerability management, remediation tracking, or incident response activities
• Familiarity with cloud and SaaS security models and identity-centric security concepts
• Strong analytical skills with attention to detail and documentation quality
• Ability to communicate security findings clearly to technical and non-technical audiences

Nice To Haves

• Security certifications such as Security+, SSCP, CEH, or progress toward CISSP
• Experience with HITRUST CSF or other regulated security frameworks
• Familiarity with CI/CD security integration and secure development practices
• Exposure to penetration testing or advanced application security concepts

Responsibilities

• Monitor security alerts, logs, and analytics to identify potential threats, vulnerabilities, and anomalous behavior
• Support investigation and response to security incidents, including evidence collection and documentation
• Assist with post-incident analysis, corrective actions, and reporting
• Support continuous monitoring across cloud, SaaS, application, and endpoint environments
• Perform and support application security testing, including static and dynamic analysis
• Analyze findings from tools such as Veracode (SAST/DAST) and Burp Suite
• Work with Engineering teams to validate findings, assess risk, and track remediation
• Assist with secure design validation and testing within CI/CD pipelines
• Assist in implementing and validating Zero Trust security controls, including identity-centric access, least privilege, and continuous verification
• Support security controls for cloud infrastructure, SaaS platforms, applications, and data
• Partner with Engineering and IT teams on secure configuration reviews and remediation activities
• Assist with vulnerability management and configuration compliance
• Support security assessments and audits such as HITRUST CSF, SOC, ISO, HIPAA, and customer assurance reviews
• Assist in maintaining security policies, standards, and procedures
• Contribute to completion of customer security questionnaires and due diligence responses
• Collect, organize, and maintain audit evidence and documentation
• Support security awareness and training initiatives
• Promote security best practices and shared ownership across teams
• Collaborate with cross-functional stakeholders to ensure security requirements are understood and followed

Benefits

• HITRUST is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, region, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.