IT Security Analyst

About InVita Healthcare Technologies

InVita Healthcare Technologies is a leading software provider for complex medical, forensics, and community care environments. We build specialized highly configurable, and integrated systems that support hospitals, blood centers, donation organizations, public health labs, and forensic labs. InVita is the clear leader in the blood, implant, organ procurement, DNA, and Forensic software markets. Our software solutions have built-in compliance safeguards that streamline processes and enable quick and efficient information exchange with better decision making.

For more information about our software solutions, please visit

Job Title:

IT Security Analyst

Department:
Security & Compliance

Reporting to:
Director of Security

Location:

Baltimore, MD

Hours of work:
Typical hours of work are from 8:30 AM until 5:00 PM local time Monday through Friday. Flexibility of Working Hours dependent on location. Additional hours may be necessary as needed. This position is exempt from overtime.

Compensation: $65,000 - $75,000 annually. Range is commensurate with experience.

InVita develops specialized medical software for regulated industries that support the advancement of Human Biologics as well as Public Health and Safety. We are the acknowledged leader in the markets we serve. Our subject matter expertise is unmatched in the industry and our products are used by public health and medical professionals across the globe. As we expand, we are strengthening our security posture to continue to meet regulatory requirements, manage risk, and protect sensitive healthcare data.

We are seeking a Security Analyst to support day-to-day security operations across our applications, endpoints, cloud environments, and corporate IT systems. This role focuses on monitoring and triaging security alerts, supporting incident response, improving detection and response playbooks, and partnering with IT, Dev Ops, and Engineering teams to reduce risk. The Security Analyst will also support control evidence collection and customer due diligence activities (e.g., SOC 2, HIPAA, and customer security questionnaires) as needed.

• Monitor security alerts from SIEM/MDR, endpoint protection (EDR), cloud security tooling, and other sources; triage and investigate suspicious activity.
• Analyze logs and telemetry (endpoint, network, identity, and cloud) to identify root cause, scope, and potential impact.
• Document investigations clearly, including timelines, evidence, and recommended next steps; elevate incidents when required.
• Support tuning of detections, alert thresholds, and response workflows to reduce noise and improve time to detect.

• Assist with incident response activities including containment, eradication, and recovery for events such as phishing, malware, suspicious logins, or data exposure.
• Collect and preserve evidence and relevant logs; support coordination with internal stakeholders and external partners when needed.
• Maintain and improve incident response runbooks and playbooks; participate in tabletop exercises and post-incident reviews.

• Support vulnerability management by reviewing scan results, prioritizing findings, and tracking remediation through closure.
• Validate remediation efforts (e.g., patching, configuration hardening, IAM changes) and document verification evidence.
• Assist with identifying and tracking security configuration risks across cloud and endpoint environments.

• Assist in the design, delivery, and continuous improvement of security awareness and training program aligned with risk, regulations, and threat trends.
• Support development of role-based security training content covering phishing, data handling, secure development, and incident reporting.
• Perform phishing simulation campaigns, analyzing results, and drive targeted remediation to reduce risk.
• Track training completion, maintain audit-ready evidence, and report effectiveness metrics.
• Promote a strong security culture by translating incidents and threat…