Information Security Analyst

Description:HITRUST is seeking an Information Security Analyst to support and operate critical components of our enterprise information security program in a cloud-first, Zero Trust environment. This role is responsible for protecting the confidentiality, integrity, and availability of HITRUST information assets through monitoring, analysis, testing, and compliance support activities.The Information Security Analyst works closely with the Information Security Officer, Engineering, IT, and business stakeholders to ensure security controls are implemented, monitored, and continuously improved in alignment with HITRUST assurance requirements and industry best practices.Duties & Responsibilities: Security Monitoring & OperationsMonitor security alerts, logs, and analytics to identify potential threats, vulnerabilities, and anomalous behaviorSupport investigation and response to security incidents, including evidence collection and documentationAssist with post-incident analysis, corrective actions, and reportingSupport continuous monitoring across cloud, SaaS, application, and endpoint environmentsApplication & Cloud Security TestingPerform and support application security testing, including static and dynamic analysisAnalyze findings from tools such as Veracode (SAST/DAST) and Burp SuiteWork with Engineering teams to validate findings, assess risk, and track remediationAssist with secure design validation and testing within CI/CD pipelinesCloud-First & Zero Trust Security SupportAssist in implementing and validating Zero Trust security controls, including identity-centric access, least privilege, and continuous verificationSupport security controls for cloud infrastructure, SaaS platforms, applications, and dataPartner with Engineering and IT teams on secure configuration reviews and remediation activitiesAssist with vulnerability management and configuration complianceCompliance & Assurance ActivitiesSupport security assessments and audits such as HITRUST CSF, SOC, ISO, HIPAA, and customer assurance reviewsAssist in maintaining security policies, standards, and proceduresContribute to completion of customer security questionnaires and due diligence responsesCollect, organize, and maintain audit evidence and documentationSecurity Awareness & CollaborationSupport security awareness and training initiativesPromote security best practices and shared ownership across teamsCollaborate with cross-functional stakeholders to ensure security requirements are understood and followedRequired Qualifications:Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field (or equivalent experience)2–5 years of experience in information security, IT operations, or a related technical roleFoundational understanding of information security principles, risk management, and control frameworksHands-on experience with application security testing tools such as Veracode and Burp SuiteFamiliarity with static and dynamic application security testing (SAST / DAST)Experience supporting vulnerability management, remediation tracking, or incident response activitiesFamiliarity with cloud and SaaS security models and identity-centric security conceptsStrong analytical skills with attention to detail and documentation qualityAbility to communicate security findings clearly to technical and non-technical audiencesPreferred Qualifications:Security certifications such as Security+, SSCP, CEH, or progress toward CISSPExperience with HITRUST CSF or other regulated security frameworksFamiliarity with CI/CD security integration and secure development practicesExposure to penetration testing or advanced application security conceptsAbout Us:HITRUST, the leader in cybersecurity assurance used in risk management and compliance, offers certification programs for the application and validation of security, privacy, and AI controls. Informed by over 50 standards and frameworks, the company's threat-adaptive approach delivers the most relevant and reliable solutions, including multiple selectable and traversable assessments and certifications, an ecosystem of over 100 independent assessment firms, centralized quality reviews, reporting and certification, and a powerful SaaS platform enabling its program and process.For over 17 years, HITRUST has led the assurance industry and today is widely recognized as the most trusted solution to establish, maintain, and demonstrate security capabilities for risk management and compliance.HITRUST is an equal opportunity employer that is committed to diversity and inclusion in the workplace.We prohibit discrimination and harassment of any kind based on race, color, region, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.