Information Security Analyst (Intermediate)

Company : enGenJob Description : JOB SUMMARY About Highmark Health: At Highmark Health, we believe in a world where everyone has access to the best health. We are an integrated delivery network dedicated to transforming healthcare, and our Information Security team plays a critical role in safeguarding our mission-critical assets and protected health information. Join us in building a resilient and secure future. The Opportunity: We are seeking an adaptive, data-driven Information Security Analyst to join our dynamic Vulnerability Management team. This isn't just about identifying technical vulnerabilities; it's about strategic risk prioritization and proactive defense of our most vital assets. You will be a key player in integrating newly acquired infrastructure, resolving "Redline" risks through advanced telemetry and automated orchestration, and ensuring security is a true business enabler. If you thrive in a fast-paced environment, understand that security is a business enabler, and are passionate about defending critical systems, we encourage you to apply! What You Will Do:

• Strategic Risk Orchestration: Move beyond traditional CVSS-based patching. Leverage our proprietary methodology to transform millions of raw vulnerabilities into a prioritized, actionable resolution queue, focusing on the highest impact risks.
• Operational Asset Discovery & Contextualization: Serve as a detective for our attack surface. Correlate data from on-premise, cloud, and vendor systems to identify "Crown Jewel" assets and "Operational Core" systems, ensuring business context drives every remediation priority.
• M&A Cyber Integration: Act as a technical security expert for acquisitions. Perform rapid risk assessments of newly acquired infrastructure, identifying technical debt and "Patient Zero" vulnerabilities (e.g., Unattributed KEVs) before integration into the corporate network.
• Workflow & Lifecycle Management: Support the end-to-end remediation pipeline within ServiceNow SecOps. Manage the orchestration between automated discovery and manual resolution, ensuring high-velocity threats like Ransomware and Weaponized exploits are mitigated within strict, evidence-based Service Level Objectives (SLOs).
• Governance & RAID Advocacy: Proactively manage the team's RAID Log (Risks, Assumptions, Issues, Dependencies). Identify and escalate "blockers" – process or technical dependencies – that could impact our security posture or project timelines.
• Remediation Partnership & Diplomacy: Act as a bridge between Security and IT Operations. Participate in remediation forums, providing technical rationales and impact data to help teams prioritize security tasks alongside their operational roadmaps.
• Telemetry Integrity: Monitor the efficacy of our scanning agents and API integrations to ensure 100% visibility across all public clouds and on-premises segments. What You Will Bring:
• Experience: 1–3 years of experience in Information Security, Vulnerability Management, or Risk Advisory.
• Vulnerability Frameworks: Proven experience with attack characteristics & mapping, vulnerability advisories or catalogs, and dynamic risk-based prioritization.
• Tech Stack Proficiency: Hands-on experience with enterprise vulnerability scanners (e.g., Rapid7, Crowdstrike, Asimily, Defender) and cloud security tools.
• Governance & Compliance: Understanding of healthcare and government mandates (e.g., PCI, NYDFS, CMS, HIPAA, NIST CSF, or NIST 800-53).
• Operational Awareness: Experience performing Business Impact Analysis (BIA) or mapping "Critical to Operations" (CTO) dependencies. Skills & Abilities:
• Analytical Mindset: Ability to correlate "unattributed" threats with specific business impact using advanced scoring frameworks like CVSS v4.0 or EPSS.
• Cloud & IoT Savvy: Comfortable identifying risk in ephemeral cloud workloads (e.g., Azure) and legacy medical/IoT devices that cannot be traditionally patched.
• Systems Thinking: Understand how delays in one process create downstream risks in the security pipeline.
• Agile Documentation: Proficiency in maintaining RAID logs and project tracking in a fast-paced environment.
• Interpersonal Diplomacy: Ability to drive remediation while maintaining strong partnerships with "Critical Ops" teams.
• Technical Breadth: Knowledge of secure SDLC best practices, network security architecture, and virtualization security. Why Highmark Health? We offer a challenging and rewarding environment where your contributions directly impact the health and well-being of millions. You'll work with cutting-edge technologies, collaborate with passionate professionals, and have opportunities for continuous learning and career growth. ESSENTIAL RESPONSIBILITIES
• Perform operational support of information security technology.
• Perform analysis and resolve problems regarding information security.
• Complete project tasks to enable the on time, within budget and scope delivery of information security projects.
• Present ne

Apply tot his job Apply To this Job