Information Security Application Analyst
Harris Health is a nationally recognized health system comprising three teaching hospitals and an extensive network of ambulatory care centers serving the people of Harris County, Texas, since 1966. Staffed by the faculty, fellows and residents from two nationally ranked medical schools, Baylor College of Medicine and The University of Texas Health Science Center at Houston (UTHealth), Harris Health is the first healthcare system in Houston to receive the prestigious National Committee for Quality Assurance (NCQA) designation for its network of patient-centered medical homes.
Each year, Harris Health provides more than 1.8 million total outpatient visits through its more than 40 ambulatory care facilities. Additionally, Harris Health sees more than 177,000 emergency visits at its Level 1 and Level 3 trauma centers and 35,000 hospital admissions through its two hospitals: Ben Taub and LBJ.
Established by voter referendum to enhance the level of charity care available in the community, Harris Health System has often received national recognition for serving those in need and for its achievements in operational excellence, such as being named to the 2011, 2012, 2013 and 2014 Most Wired Hospitals lists by the American Hospital Association’s Hospitals & Health Networks magazine.
Additionally, Harris Health System is pleased that each of its hospitals — Ben Taub and Lyndon B. Johnson — achieved Pathway to Excellence™ designation by the American Nurses Credentialing Center.
The Information Security Application Analyst reports to the Manager-Information Security Operations. Application Security Analyst will review session management controls, including testing for cross-site request forgery, to ensure that web applications maintain distinct user session. In addition, test susceptibility to SQL injections, cross-site scripting and other OWASP attacks and determine relevancy of threats to the organization. Conduct assessments of web applications, servers, endpoints, databases, client-side applications and tools, and APIs. Response to alerts, and security incidents and work with other Information Security Operations teams members to conduct internal penetration test on production applications.
The successful candidate is a self-starter with excellent development skills to perform duties such as, but not limited to, research and development of secure coding methodologies, providing experienced guidance pertaining to secure application development design and testing.
Bachelors Degree in Computer Science, Information Systems preferred
Licenses & Certification
GWEB, FWAPT, CASE, CSSLP, C|EH Preferred
- 4 Years of Experience -Strong knowledge of OWASP Top 10 and the ability to articulate application security risks and determine threat level.
- Knowledge of dynamic web application scanners is a plus, including (but not limited to) OWASP Zed Attack Proxy, Rapid7 AppSec, Kali Linux, Metasploit, BURP Suite, HP WebInspect, Qualys, or WhiteHat. Static and dynamic code assessment tools.
- Web Application Firewall concepts.
- RadWare, Fortify WebInspect
- Tenable Security Center.
- Knowledge of HIPAA Security Rule and PCI DSS.
Exceptional Verbal (Public Speaking)
Writing - Correspondence/Reports
TYPICAL DUTIES PERFORMED
- Monitor the Hospital's environment for potential application security risks and anomalies
- Determine application security requirements by evaluating business strategies and requirements against established security standards, risk assessment methodology, and client requirements.
- Create applications security reports aligned with OWASP top 10
- Strong software development skills in *.NET, C#, Java, Python, etc.
- Knowledge of SQL / NoSQL Databases to include MSSql, Postgres, Oracle, MongoDB, etc.
- Familiarity with common web application testing tools for Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), and Interactive Application Security Testing (IAST) analysis.
- Experience integrating security into DEV OPS environments.
- Experience with Identity Access Management technologies (e.g. including SAML, LDAP, etc.)
- Familiarity with Web Application Firewall(s) (WAF), reverse proxies, etc.
- Provide guidance to the Information Security Operations to on secure coding best practices
- Serve as subject matter expert on application security tools and techniques
- Analyze and triage of application security alerts escalating incidents when necessary
- Produce detailed documentation of analysis and response activities
- Coordinate remediation efforts on application security events with other information security team members as necessary
- Assist with creating and tuning application security monitoring use cases
- Perform technical research into advanced, targeted attacks, campaigns, malware and other emerging technologies and techniques to identify and report on application security cyber-attacks
- Perform proactive research to identify, categorize and produce reports on new and existing application security threats
- Understand and evaluate the cyber threat landscape, and assess what threats are most relevant to Harris Health in respect to application security
- Conduct insightful research on observed and noteworthy applications threats, as discovered using open and proprietary source as well as vendor-provided intelligence
- Assess behavioral and atomic threat indicators and their fidelity, and distribute indicators to applicable teams for ingestion
- Coordinate with the threat and vulnerability lead to produce impactful intelligence products for secure application design
- Partake in learning opportunities via new tools and trainings to develop expertise
Benefits and EEOC
Harris Health System's benefits program is designed to provide you with more flexibility and choices in meeting your specific needs. Harris Health System's benefits program allows you to protect your income in case of illness, death and disability, and to help you save for retirement.
It is the policy of Harris Health System to provide equal opportunity for all applicants for employment regardless of political affiliation, race, color, national origin, age, sex, religious creed or disability. Applicants may request any reasonable accommodation(s) to participate in the application process.