Job Description

HITRUST is seeking an Information Security Analyst to support and operate critical components of our enterprise information security program in a cloud-first, Zero Trust environment This role is responsible for protecting the confidentiality, integrity, and availability of HITRUST information assets through monitoring, analysis, testing, and compliance support activities.

The Information Security Analyst works closely with the Information Security Officer, Engineering, IT, and business stakeholders to ensure security controls are implemented, monitored, and continuously improved in alignment with HITRUST assurance requirements and industry best practices.

Duties & Responsibilities:

Security Monitoring & Operations

• Monitor security alerts, logs, and analytics to identify potential threats, vulnerabilities, and anomalous behavior
• Support investigation and response to security incidents, including evidence collection and documentation
• Assist with post-incident analysis, corrective actions, and reporting
• Support continuous monitoring across cloud, SaaS, application, and endpoint environments

Application & Cloud Security Testing

• Perform and support application security testing, including static and dynamic analysis
• Analyze findings from tools such as Veracode (SAST/DAST) and Burp Suite
• Work with Engineering teams to validate findings, assess risk, and track remediation
• Assist with secure design validation and testing within CI/CD pipelines

Cloud-First & Zero Trust Security Support

• Assist in implementing and validating Zero Trust security controls, including identity-centric access, least privilege, and continuous verification
• Support security controls for cloud infrastructure, SaaS platforms, applications, and data
• Partner with Engineering and IT teams on secure configuration reviews and remediation activities
• Assist with vulnerability management and configuration compliance

Compliance & Assurance Activities

• Support security assessments and audits such as HITRUST CSF, SOC, ISO, HIPAA, and customer assurance reviews
• Assist in maintaining security policies, standards, and procedures
• Contribute to completion of customer security questionnaires and due diligence responses
• Collect, organize, and maintain audit evidence and documentation

Security Awareness & Collaboration

• Support security awareness and training initiatives
• Promote security best practices and shared ownership across teams
• Collaborate with cross-functional stakeholders to ensure security requirements are understood and followed

Required Qualifications:

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field (or equivalent experience)
• 2–5 years of experience in information security, IT operations, or a related technical role
• Foundational understanding of information security principles, risk management, and control frameworks
• Hands-on experience with application security testing tools such as Veracode and Burp Suite
• Familiarity with static and dynamic application security testing (SAST / DAST)
• Experience supporting vulnerability management, remediation tracking, or incident response activities
• Familiarity with cloud and SaaS security models and identity-centric security concepts
• Strong analytical skills with attention to detail and documentation quality
• Ability to communicate security findings clearly to technical and non-technical audiences

Preferred Qualifications:

• Security certifications such as Security+, SSCP, CEH, or progress toward CISSP
• Experience with HITRUST CSF or other regulated security frameworks
• Familiarity with CI/CD security integration and secure development practices
• Exposure to penetration testing or advanced application security concepts

About Us:

HITRUST, the leader in cybersecurity assurance used in risk management and compliance, offers certification programs for the application and validation of security, privacy, and AI controls. Informed by over 50 standards and frameworks, the company's threat-adaptive approach delivers the most relevant and reliable solutions, including multiple selectable and traversable assessments and certifications, an ecosystem of over 100 independent assessment firms, centralized quality reviews, reporting and certification, and a powerful SaaS platform enabling its program and process.

For over 17 years, HITRUST has led the assurance industry and today is widely recognized as the most trusted solution to establish, maintain, and demonstrate security capabilities for risk management and compliance.

HITRUST is an equal opportunity employer that is committed to diversity and inclusion in the workplace.

We prohibit discrimination and harassment of any kind based on race, color, region, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.