HMH
Join to apply for the
Sr Information Security Analyst
role at
HMH .
HMH is a learning technology company committed to delivering connected solutions that engage learners, empower educators, and improve student outcomes. As a leading provider of K–12 core curriculum, supplemental and intervention solutions, and professional learning services, HMH partners with educators and school districts to uncover solutions that unlock students’ potential and extend teachers’ capabilities.
We are seeking a Senior Security Analyst with strong hands‑on experience in cloud security, application security, web‑based development, scripting, and AI/automation concepts. This role combines responsibilities across cloud infrastructure, secure software development, and application security. The ideal candidate will be adept at designing and implementing advanced security solutions, identifying vulnerabilities, and collaborating with cross‑functional teams to enhance security posture across the organization.
Key Responsibilities
Design and implement secure cloud architectures (AWS, Azure, GCP).
Secure services such as IAM, VPC, S3, KMS, and containerized environments.
Develop and enforce cloud security policies and golden images.
Implement encryption strategies and monitor environments using tools like ORCA, SIEM, CSPM, CWPP.
Ensure compliance with GDPR, HIPAA, SOC 2, PCI DSS, ISO27001 and SOX.
Collaborate with Engineering, DevOps, Legal, and Risk teams.
Automate security workflows using Python, Java, PowerShell, Bash.
Lead application security remediation and incident response.
Address OWASP vulnerabilities and conduct forensic investigations.
Perform vulnerability assessments using SAST, DAST, IAST, RASP, WAF.
Advocate for secure SDLC practices and developer training.
Monitor cloud and on‑prem infrastructure for security threats.
Support and implement controls for third‑party attestations.
Required Qualifications
5+ years in cloud security, application security, and infrastructure management.
Strong scripting and automation skills (Python, PowerShell, Shell/BASH, Terraform).
Proficiency in web development frameworks (React, Angular, NodeJS, Spring, MVC, HTML, CSS).
Experience with vulnerability tools (SAST, DAST, IAST, RASP, WAF).
Familiarity with Kubernetes, microservices, and DevSecOps tools.
Understanding of encryption, authentication, and IAM.
Experience with SIEM tools (Datadog, Splunk, Sumo Logic, Kibana).
Knowledge of AI/ML and automation in security workflows.
Strong communication and stakeholder engagement skills.
Preferred
Experience in agile development environments.
Prior experience in secure software design for externally facing web applications.
Experience with Web Content Management frameworks.
Familiarity with security frameworks (CIS, NIST, ISO 27001).
Exposure to third‑party risk assessments and compliance audits.
Hands‑on experience with JIRA, Confluence, and documentation of security processes.
Ability to support security incident triage, root cause analysis, and post‑incident reviews.
The Information Technology organization is transforming to realize our mission: become a leader in HMH’s digital transformation, and as a strategic partner, innovate and deliver highest value, competitive advantage solutions across all corporate and business functions. Our ambition is to be a digital leader through innovation and develop and deliver leading‑edge technology such as robotic process automation and artificial intelligence to solve some of HMH’s greatest operational business challenges.
We are building a team of IT professionals with an insatiable appetite to learn, a relentless focus on customer service, a technological curiosity toward future possibilities, and a creativity in solving business challenges with leading technologies.
Referrals increase your chances of interviewing at HMH by 2x.
Seniority level Mid‑Senior level
Employment type Full‑time
Job function Information Technology
Industries E‑Learning Providers
#J-18808-Ljbffr
Sr Information Security Analyst
role at
HMH .
HMH is a learning technology company committed to delivering connected solutions that engage learners, empower educators, and improve student outcomes. As a leading provider of K–12 core curriculum, supplemental and intervention solutions, and professional learning services, HMH partners with educators and school districts to uncover solutions that unlock students’ potential and extend teachers’ capabilities.
We are seeking a Senior Security Analyst with strong hands‑on experience in cloud security, application security, web‑based development, scripting, and AI/automation concepts. This role combines responsibilities across cloud infrastructure, secure software development, and application security. The ideal candidate will be adept at designing and implementing advanced security solutions, identifying vulnerabilities, and collaborating with cross‑functional teams to enhance security posture across the organization.
Key Responsibilities
Design and implement secure cloud architectures (AWS, Azure, GCP).
Secure services such as IAM, VPC, S3, KMS, and containerized environments.
Develop and enforce cloud security policies and golden images.
Implement encryption strategies and monitor environments using tools like ORCA, SIEM, CSPM, CWPP.
Ensure compliance with GDPR, HIPAA, SOC 2, PCI DSS, ISO27001 and SOX.
Collaborate with Engineering, DevOps, Legal, and Risk teams.
Automate security workflows using Python, Java, PowerShell, Bash.
Lead application security remediation and incident response.
Address OWASP vulnerabilities and conduct forensic investigations.
Perform vulnerability assessments using SAST, DAST, IAST, RASP, WAF.
Advocate for secure SDLC practices and developer training.
Monitor cloud and on‑prem infrastructure for security threats.
Support and implement controls for third‑party attestations.
Required Qualifications
5+ years in cloud security, application security, and infrastructure management.
Strong scripting and automation skills (Python, PowerShell, Shell/BASH, Terraform).
Proficiency in web development frameworks (React, Angular, NodeJS, Spring, MVC, HTML, CSS).
Experience with vulnerability tools (SAST, DAST, IAST, RASP, WAF).
Familiarity with Kubernetes, microservices, and DevSecOps tools.
Understanding of encryption, authentication, and IAM.
Experience with SIEM tools (Datadog, Splunk, Sumo Logic, Kibana).
Knowledge of AI/ML and automation in security workflows.
Strong communication and stakeholder engagement skills.
Preferred
Experience in agile development environments.
Prior experience in secure software design for externally facing web applications.
Experience with Web Content Management frameworks.
Familiarity with security frameworks (CIS, NIST, ISO 27001).
Exposure to third‑party risk assessments and compliance audits.
Hands‑on experience with JIRA, Confluence, and documentation of security processes.
Ability to support security incident triage, root cause analysis, and post‑incident reviews.
The Information Technology organization is transforming to realize our mission: become a leader in HMH’s digital transformation, and as a strategic partner, innovate and deliver highest value, competitive advantage solutions across all corporate and business functions. Our ambition is to be a digital leader through innovation and develop and deliver leading‑edge technology such as robotic process automation and artificial intelligence to solve some of HMH’s greatest operational business challenges.
We are building a team of IT professionals with an insatiable appetite to learn, a relentless focus on customer service, a technological curiosity toward future possibilities, and a creativity in solving business challenges with leading technologies.
Referrals increase your chances of interviewing at HMH by 2x.
Seniority level Mid‑Senior level
Employment type Full‑time
Job function Information Technology
Industries E‑Learning Providers
#J-18808-Ljbffr