Information Security Analyst (Intermediate)

This a Full Remote job, the offer is available from: United States, Austria, Canada, Alabama (USA), Alaska (USA), Arizona (USA), Arkansas (USA), California (USA), Colorado (USA), Connecticut (USA), Delaware (USA), District of Columbia (USA), Florida (USA), Georgia (USA), Hawaii (USA), Idaho (USA), Illinois (USA), Indiana (USA), Iowa (USA), Kansas (USA), Kentucky (USA), Louisiana (USA), Maine (USA), Maryland (USA), Massachusetts (USA), Michigan (USA), Minnesota (USA), Mississippi (USA), Missouri (USA), Montana (USA), Nebraska (USA), Nevada (USA), New Hampshire (USA), New Jersey (USA), New Mexico (USA), New York (USA), North Carolina (USA), North Dakota (USA), Ohio (USA), Oklahoma (USA), Oregon (USA), Pennsylvania (USA), Rhode Island (USA), South Carolina (USA), South Dakota (USA), Tennessee (USA), Texas (USA), Utah (USA), Vermont (USA), Virginia (USA), Washington (USA), West Virginia (USA), Wisconsin (USA), Wyoming (USA) Company : enGenJob Description : JOB SUMMARY About Highmark Health: At Highmark Health, we believe in a world where everyone has access to the best health. We are an integrated delivery network dedicated to transforming healthcare, and our Information Security team plays a critical role in safeguarding our mission-critical assets and protected health information. Join us in building a resilient and secure future. The Opportunity: We are seeking an adaptive, data-driven Information Security Analyst to join our dynamic Vulnerability Management team. This isn't just about identifying technical vulnerabilities; it's about strategic risk prioritization and proactive defense of our most vital assets. You will be a key player in integrating newly acquired infrastructure, resolving "Redline" risks through advanced telemetry and automated orchestration, and ensuring security is a true business enabler. If you thrive in a fast-paced environment, understand that security is a business enabler, and are passionate about defending critical systems, we encourage you to apply! What You Will Do:

• Strategic Risk Orchestration: Move beyond traditional CVSS-based patching. Leverage our proprietary methodology to transform millions of raw vulnerabilities into a prioritized, actionable resolution queue, focusing on the highest impact risks.
• Operational Asset Discovery & Contextualization: Serve as a detective for our attack surface. Correlate data from on-premise, cloud, and vendor systems to identify "Crown Jewel" assets and "Operational Core" systems, ensuring business context drives every remediation priority.
• M&A Cyber Integration: Act as a technical security expert for acquisitions. Perform rapid risk assessments of newly acquired infrastructure, identifying technical debt and "Patient Zero" vulnerabilities (e.g., Unattributed KEVs) before integration into the corporate network.
• Workflow & Lifecycle Management: Support the end-to-end remediation pipeline within ServiceNow SecOps. Manage the orchestration between automated discovery and manual resolution, ensuring high-velocity threats like Ransomware and Weaponized exploits are mitigated within strict, evidence-based Service Level Objectives (SLOs).
• Governance & RAID Advocacy: Proactively manage the team's RAID Log (Risks, Assumptions, Issues, Dependencies). Identify and escalate "blockers" – process or technical dependencies – that could impact our security posture or project timelines.
• Remediation Partnership & Diplomacy: Act as a bridge between Security and IT Operations. Participate in remediation forums, providing technical rationales and impact data to help teams prioritize security tasks alongside their operational roadmaps.
• Telemetry Integrity: Monitor the efficacy of our scanning agents and API integrations to ensure 100% visibility across all public clouds and on-premises segments. What You Will Bring:
• Experience: 1–3 years of experience in Information Security, Vulnerability Management, or Risk Advisory.
• Vulnerability Frameworks: Proven experience with attack characteristics & mapping, vulnerability advisories or catalogs, and dynamic risk-based prioritization.
• Tech Stack Proficiency: Hands-on experience with enterprise vulnerability scanners (e.g., Rapid7, Crowdstrike, Asimily, Defender) and cloud security tools.
• Governance & Compliance: Understanding of healthcare and government mandates (e.g., PCI, NYDFS, CMS, HIPAA, NIST CSF, or NIST 800-53).
• Operational Awareness: Experience performing Business Impact Analysis (BIA) or mapping "Critical to Operations" (CTO) dependencies. Skills & Abilities:
• Analytical Mindset: Ability to correlate "unattributed" threats with specific business impact using advanced scoring frameworks like CVSS v4.0 or EPSS.
• Cloud & IoT Savvy: Comfortable identifying risk in ephemeral cloud workloads (e.g., Azure) and legacy medical/IoT devices that cannot be traditionally patched.
• Systems Thinking: Understand how delays in one process create downstream risks in the security pipeline.
• Agile Docume

Apply tot his job Apply To this Job