Application Security Analyst
Listed on 2026-07-03
-
IT/Tech
Cybersecurity, Information Security
Health Stream is an equal opportunity employer. Health Stream prohibits employment practices that discriminate against individual employees or groups of employees on the basis of age, color, disability, national origin, race, religion, sex, sexual orientation, pregnancy, veteran or military status, genetic information or any other category deemed protected by state and/or federal law.
Position OverviewThe Application Security Analyst plays a hands‑on role in supporting and executing the application security program king closely with and under the guidance of the Sr. Application Security Architect, this role focuses on identifying, assessing, and helping remediate security vulnerabilities across our software products and cloud environments. The Analyst will partner with Engineering, Dev Ops, and Product teams to embed security practices into the software development lifecycle (SDLC), operate security tooling, and contribute to a culture of security awareness.
This is an excellent opportunity for a motivated security professional looking to grow within a collaborative, mission‑driven healthcare technology organization.
- Application Security Testing & Vulnerability Management
- Operate and manage automated application security testing tools, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST).
- Triage, validate, and prioritize vulnerability findings from security scans, penetration tests, and bug reports, working with development teams to track remediation to closure.
- Conduct or support manual security assessments and penetration testing of web applications, APIs, and mobile applications.
- Produce clear, actionable vulnerability reports with risk ratings and remediation guidance for development teams.
- Manage and maintain vulnerability findings within the Snyk, Invicti and Sonar Qube or equivalent vulnerability management platform.
- Secure Development Lifecycle (SDLC) Support
- Support the integration of security into CI/CD pipelines and Dev Sec Ops workflows, including automated security gate checks.
- Participate in design and architecture reviews with a security lens, helping identify potential risks early in the development process.
- Assist in threat modeling exercises for new features and systems under the guidance of the App Sec Architect.
- Perform security‑focused code reviews and provide developers with clear, constructive feedback and guidance.
- Contribute to the maintenance of a secure code library and reusable security patterns for development teams.
- Security Tooling & Cloud Security
- Support the management and configuration of application security tools such as Synk, Invicti, Sonar Qube and Defect Dojo.
- Assist in implementing and monitoring security controls for cloud‑based environments, including AWS and Azure.
- Evaluate and test emerging security tools and contribute recommendations to the App Sec team.
- Support API security testing and assist in securing third‑party and open‑source integrations.
- Security Awareness & Collaboration
- Collaborate with cross‑functional teams including Engineering, Dev Ops, and Product to promote security best practices and a shift‑left mindset.
- Deliver security awareness content and assist in conducting security training sessions for development staff.
- Stay current on emerging security threats, vulnerabilities (CVEs), and attack techniques, sharing relevant intelligence with the team.
- Assist in maintaining security documentation, standards, runbooks, and internal knowledge base articles.
- Support compliance‑related activities, including evidence gathering for audits related to HIPAA, SOC 2, HITRUST or other applicable frameworks. FedRAMP experience is a plus.
- Other Duties as assigned.
- Bachelor’s degree in information security, Computer Science, Software Engineering, or a related field. Equivalent practical experience will be considered.
- 2 to 4 years of experience in application security, information security, or software development with a security focus.
- Working knowledge of the OWASP Top 10, common web application vulnerabilities, and secure coding…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).