Arbour SeniorCare
Information Security Analyst I - Application Security (Penetration Tester)
Arbour SeniorCare, Wayne, Pennsylvania, United States, 19087
Responsibilities
One of the nation’s largest and most respected providers of hospital and healthcare services, Universal Health Services, Inc. (NYSE: UHS) has built an impressive record of achievement and performance. Growing steadily since its inception into an esteemed Fortune 300 corporation, annual revenues were $15.8 billion in 2024. During the year, UHS was again recognized as one of the World’s Most Admired Companies by Fortune; and listed in Forbes ranking of America’s Largest Public Companies. Headquartered in King of Prussia, PA, UHS has approximately 99,000 employees and continues to grow through its subsidiaries. Operating acute care hospitals, behavioral health facilities, outpatient facilities and ambulatory care access points, an insurance offering, a physician network and various related services located all over the U.S. States, Washington, D.C., Puerto Rico and the United Kingdom.
The Corporate Information Services Department is seeking a dynamic and talented Information Security Analyst I-Application Security.
As a key member of our collaborative Cybersecurity team, the
Information Security Analyst I – Application Security
will play a critical role in safeguarding UHS and affiliates information systems. In this role, you will be responsible for identifying, assessing, and mitigating security vulnerabilities in our applications, guiding secure development practices, and collaborating with development teams to embed security throughout the software development lifecycle (SDLC). Works with technical and non-technical staff to insure that deployed technologies are effectively and efficiently providing the intended controls consistent with established policies and procedures. Where appropriate, trains and supports technical staff in UHS affiliated locations to deploy, manage and support selected technologies. May oversee the technical aspects of tasks assigned to less experienced staff or contractors on projects, systems or applications assigned.
Key Responsibilities
Maintains selected information security technologies within guidelines of policies and in keeping with good project management principles. Monitors the resolution of maintenance or enhancement issues assigned by the UHS Customer Support Center.
Perform in-depth security assessments of web, mobile, APIs, and cloud-based applications through code reviews, using tools such as SAST, DAST, IAST, SCA, manual techniques, and penetration testing.
Periodically reviews deployed security technologies to ensure that the solutions continue to provide the intended protections efficiently and effectively.
Work closely with DevOps and engineering teams to integrate security into CI/CD pipelines (DevSecOps).
Identifies gaps in protection, and recommends solutions to remediate or mitigate the risks associated with the protection gaps.
Document findings and assist in creating reports and metrics for technical and non-technical audiences.
Assists more experienced members of the Information Security Team implement and support new information security technologies or processes.
Works with staff at all levels in the organization, vendors and contractors to insure protections are effective, efficient and non-disruptive to the appropriate duties, rights and mission of the individuals and the organization(s) affected.
Qualifications
Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or related field; or equivalent practical experience.
Minimum of 1-3 years’ experience in application security, vulnerability management, or penetration testing.
Experience with security tools such as GitHub Advanced Security, Veracode, Snyk, or similar is a plus.
Technical Expertise
Experience managing and supporting some or all of the following or similar information security technologies or processes: Anti-malware protections and analysis, Web filtering and security, Vulnerability scanning and management, Encryption technologies for data at rest and data in transit, Mobile device and removable media protection or management systems, Authentication – including various forms of SSO and MFA, Cloud application security, Security Information and Event Management (SIEM) systems, Interpreting Common Vulnerabilities and Exposures (CVE) data, Device control, Data Loss Prevention (DLP), Forensic analysis, OWASP Top 10, OWASP MASVS (Mobile AppSec Verification Standard).
Entry-Level Certifications
OffSec Web Assessor (OSWA)
Burp Suite Certified Practitioner (BSCP)
TCM Security Practical Web Pentest Associate (PWPA)
TCM Security Practical Web Pentest Professional (PWPP)
TCM Security Practical Mobile Pentest Associate (PMPA)
SANS GIAC Web Application Penetration Tester (GWAPT)
SANS GIAC Web Application Defender (GWEB)
SANS GIAC Mobile Device Security Analyst (GMOB)
HTB Certified Bug Bounty Hunter (CBBH) – renamed to Certified Web Exploitation Specialist (CWES)
Advanced Certifications
Offsec Web Expert (OSWE)
HTB Certified Web Exploitation Expert (CWEE)
TCM Security Practical Web Pentest Expert (PWPE)
Broader Offensive Security Certifications
OffSec Certified Professional (OSCP)
OffSec Experienced Penetration Tester (OSEP)
TCM Security Practical Network Penetration Tester (PNPT)
Hack the Box (HTB) Certified Penetration Testing Specialist (CPTS)
Familiarity with risk assessment and risk management concepts or processes.
Working knowledge of various regulatory security requirements – particularly Sarbanes-Oxley (SOX), HIPAA, and HITECH.
Working knowledge of common cyber security frameworks such as HITRUST, NIST, CSC20, or others.
Familiarity with secure coding practices in Java, Python, PowerShell, JavaScript/TypeScript, Swift/Kotlin is a plus.
Experience with mobile testing frameworks (MobSF, Drozer, Frida, Objection) is preferred.
Experience with API testing methodologies and tools (Postman, Burp Pro extensions) is preferred.
Experience with source control and CI/CD tools (GitHub, GitLab, Jenkins, Azure DevOps).
Ability to prioritize multiple tasks and be detail oriented.
Excellent communication, technical report writing, interpersonal and project management skills
Travel Requirements Up to 5% - 10% US – to field locations may be necessary to complete assigned projects.
Compensation and Benefits
Challenging and rewarding work environment
Growth and development opportunities within UHS and its subsidiaries
Competitive Compensation
Excellent Medical, Dental, Vision and Prescription Drug Plan
401k plan with company match
Generous Paid Time Off
EEO Statement All UHS subsidiaries are committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and teammates. UHS subsidiaries are equal opportunity employers and as such, openly support and fully commit to recruitment, selection, placement, promotion and compensation of individuals without regard to race, color, religion, age, sex (including pregnancy, gender identity, and sexual orientation), genetic information, national origin, disability status, protected veteran status or any other characteristic protected by federal, state or local laws.
Notice At UHS and all our subsidiaries, our Human Resources departments and recruiters are here to help prospective candidates by matching skillset and experience with the best possible career path at UHS and our subsidiaries. We take pride in creating a highly efficient and best in class candidate experience. During the recruitment process, no recruiter or employee will request financial or personal information (Social Security Number, credit card or bank information, etc.) from you via email. The recruiters will not email you from a public webmail client like Hotmail, Gmail, Yahoo Mail, etc. If you are suspicious of a job posting or job-related email mentioning UHS or its subsidiaries, let us know by contacting us at https://uhs.alertline.com or 1-800-852-3449.
#J-18808-Ljbffr
The Corporate Information Services Department is seeking a dynamic and talented Information Security Analyst I-Application Security.
As a key member of our collaborative Cybersecurity team, the
Information Security Analyst I – Application Security
will play a critical role in safeguarding UHS and affiliates information systems. In this role, you will be responsible for identifying, assessing, and mitigating security vulnerabilities in our applications, guiding secure development practices, and collaborating with development teams to embed security throughout the software development lifecycle (SDLC). Works with technical and non-technical staff to insure that deployed technologies are effectively and efficiently providing the intended controls consistent with established policies and procedures. Where appropriate, trains and supports technical staff in UHS affiliated locations to deploy, manage and support selected technologies. May oversee the technical aspects of tasks assigned to less experienced staff or contractors on projects, systems or applications assigned.
Key Responsibilities
Maintains selected information security technologies within guidelines of policies and in keeping with good project management principles. Monitors the resolution of maintenance or enhancement issues assigned by the UHS Customer Support Center.
Perform in-depth security assessments of web, mobile, APIs, and cloud-based applications through code reviews, using tools such as SAST, DAST, IAST, SCA, manual techniques, and penetration testing.
Periodically reviews deployed security technologies to ensure that the solutions continue to provide the intended protections efficiently and effectively.
Work closely with DevOps and engineering teams to integrate security into CI/CD pipelines (DevSecOps).
Identifies gaps in protection, and recommends solutions to remediate or mitigate the risks associated with the protection gaps.
Document findings and assist in creating reports and metrics for technical and non-technical audiences.
Assists more experienced members of the Information Security Team implement and support new information security technologies or processes.
Works with staff at all levels in the organization, vendors and contractors to insure protections are effective, efficient and non-disruptive to the appropriate duties, rights and mission of the individuals and the organization(s) affected.
Qualifications
Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or related field; or equivalent practical experience.
Minimum of 1-3 years’ experience in application security, vulnerability management, or penetration testing.
Experience with security tools such as GitHub Advanced Security, Veracode, Snyk, or similar is a plus.
Technical Expertise
Experience managing and supporting some or all of the following or similar information security technologies or processes: Anti-malware protections and analysis, Web filtering and security, Vulnerability scanning and management, Encryption technologies for data at rest and data in transit, Mobile device and removable media protection or management systems, Authentication – including various forms of SSO and MFA, Cloud application security, Security Information and Event Management (SIEM) systems, Interpreting Common Vulnerabilities and Exposures (CVE) data, Device control, Data Loss Prevention (DLP), Forensic analysis, OWASP Top 10, OWASP MASVS (Mobile AppSec Verification Standard).
Entry-Level Certifications
OffSec Web Assessor (OSWA)
Burp Suite Certified Practitioner (BSCP)
TCM Security Practical Web Pentest Associate (PWPA)
TCM Security Practical Web Pentest Professional (PWPP)
TCM Security Practical Mobile Pentest Associate (PMPA)
SANS GIAC Web Application Penetration Tester (GWAPT)
SANS GIAC Web Application Defender (GWEB)
SANS GIAC Mobile Device Security Analyst (GMOB)
HTB Certified Bug Bounty Hunter (CBBH) – renamed to Certified Web Exploitation Specialist (CWES)
Advanced Certifications
Offsec Web Expert (OSWE)
HTB Certified Web Exploitation Expert (CWEE)
TCM Security Practical Web Pentest Expert (PWPE)
Broader Offensive Security Certifications
OffSec Certified Professional (OSCP)
OffSec Experienced Penetration Tester (OSEP)
TCM Security Practical Network Penetration Tester (PNPT)
Hack the Box (HTB) Certified Penetration Testing Specialist (CPTS)
Familiarity with risk assessment and risk management concepts or processes.
Working knowledge of various regulatory security requirements – particularly Sarbanes-Oxley (SOX), HIPAA, and HITECH.
Working knowledge of common cyber security frameworks such as HITRUST, NIST, CSC20, or others.
Familiarity with secure coding practices in Java, Python, PowerShell, JavaScript/TypeScript, Swift/Kotlin is a plus.
Experience with mobile testing frameworks (MobSF, Drozer, Frida, Objection) is preferred.
Experience with API testing methodologies and tools (Postman, Burp Pro extensions) is preferred.
Experience with source control and CI/CD tools (GitHub, GitLab, Jenkins, Azure DevOps).
Ability to prioritize multiple tasks and be detail oriented.
Excellent communication, technical report writing, interpersonal and project management skills
Travel Requirements Up to 5% - 10% US – to field locations may be necessary to complete assigned projects.
Compensation and Benefits
Challenging and rewarding work environment
Growth and development opportunities within UHS and its subsidiaries
Competitive Compensation
Excellent Medical, Dental, Vision and Prescription Drug Plan
401k plan with company match
Generous Paid Time Off
EEO Statement All UHS subsidiaries are committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and teammates. UHS subsidiaries are equal opportunity employers and as such, openly support and fully commit to recruitment, selection, placement, promotion and compensation of individuals without regard to race, color, religion, age, sex (including pregnancy, gender identity, and sexual orientation), genetic information, national origin, disability status, protected veteran status or any other characteristic protected by federal, state or local laws.
Notice At UHS and all our subsidiaries, our Human Resources departments and recruiters are here to help prospective candidates by matching skillset and experience with the best possible career path at UHS and our subsidiaries. We take pride in creating a highly efficient and best in class candidate experience. During the recruitment process, no recruiter or employee will request financial or personal information (Social Security Number, credit card or bank information, etc.) from you via email. The recruiters will not email you from a public webmail client like Hotmail, Gmail, Yahoo Mail, etc. If you are suspicious of a job posting or job-related email mentioning UHS or its subsidiaries, let us know by contacting us at https://uhs.alertline.com or 1-800-852-3449.
#J-18808-Ljbffr