Information Security Application Analyst
Harris Health is a nationally recognized health system comprising three teaching hospitals and an extensive network of ambulatory care centers serving the people of Harris County, Texas, since 1966. Staffed by the faculty, fellows and residents from two nationally ranked medical schools, Baylor College of Medicine and The University of Texas Health Science Center at Houston (UTHealth), Harris Health is the first healthcare system in Houston to receive the prestigious National Committee for Quality Assurance (NCQA) designation for its network of patient-centered medical homes.
Each year, Harris Health provides more than 1.8 million total outpatient visits through its more than 40 ambulatory care facilities. Additionally, Harris Health sees more than 177,000 emergency visits at its Level 1 and Level 3 trauma centers and 35,000 hospital admissions through its two hospitals: Ben Taub and LBJ.
Established by voter referendum to enhance the level of charity care available in the community, Harris Health System has often received national recognition for serving those in need and for its achievements in operational excellence, such as being named to the 2011, 2012, 2013 and 2014 Most Wired Hospitals lists by the American Hospital Association’s Hospitals & Health Networks magazine.
Additionally, Harris Health System is pleased that each of its hospitals — Ben Taub and Lyndon B. Johnson — achieved Pathway to Excellence™ designation by the American Nurses Credentialing Center.
The Information Security Application Analyst reports to the Manager-Information Security Operations. Application Security Analyst will review session management controls, including testing for cross-site request forgery, to ensure that web applications maintain distinct user session. In addition, test susceptibility to SQL injections, cross-site scripting and other OWASP attacks and determine relevancy of threats to the organization. Conduct assessments of web applications, servers, endpoints, databases, client-side applications and tools, and APIs. Respond to alerts, and security incidents and work with other Information Security Operations teams members to conduct internal penetration test on production applications.
The right candidate is a self-starter with excellent development skills to perform duties such as, but not limited to, research and development of secure coding methodologies, providing experienced guidance pertaining to secure application development design and testing.
Bachelors' degree in Computer Science, Information Systems Preferred
Licenses & Certification
GWEB, FWAPT, CASE, CSSLP, C|EH Preferred
- 4 years of experience -Strong knowledge of OWASP Top 10 and the ability to articulate application security risks and determine threat level.
- Knowledge of dynamic web application scanners is a plus, including (but not limited to) OWASP Zed Attack Proxy, Rapid7 AppSec, Kali Linux, Metasploit, BURP Suite, HP WebInspect, Qualys, or WhiteHat. Static and dynamic code assessment tools.
- Web Application Firewall concepts.
- RadWare, Fortify WebInspect
- Tenable Security Center.
- Knowledge of HIPAA Security Rule and PCI DSS.
Exceptional Verbal (Public Speaking)
Writing Correspondence/ Reports
Benefits and EEOC
Harris Health System's benefits program is designed to provide you with more flexibility and choices in meeting your specific needs. Harris Health System's benefits program allows you to protect your income in case of illness, death and disability, and to help you save for retirement.
It is the policy of Harris Health System to provide equal opportunity for all applicants for employment regardless of political affiliation, race, color, national origin, age, sex, religious creed or disability. Applicants may request any reasonable accommodation(s) to participate in the application process.