Application Security Analyst

Owens & Minor is a leading global healthcare solutions company that provides logistics and supply chain management services to enhance patient care in healthcare.

Our mission is to empower our customers to advance healthcare, and our success starts with our teammates.

Owens & Minor teammate benefits include:

• Medical, dental, and vision insurance, available on first working day

• 401(k), eligibility after one year of service

• Employee stock purchase plan

• Tuition reimbursement

POSITION SUMMARY

The Entry-Level Cybersecurity Analyst will play a key role in supporting the organization’s Application Security Program, ensuring the security of healthcare applications and data. This position is responsible for assisting in the implementation of security best practices within the Secure Software Development Lifecycle (SDLC), performing application security assessments, and supporting developers in identifying and remediating security vulnerabilities.

This role offers an excellent opportunity to develop expertise in Application Security while contributing to the protection of electronic health records (EHRs) and other critical healthcare applications.

ESSENTIAL JOB FUNCTIONS:

• Assist in conducting application security assessments, including static and dynamic code analysis, vulnerability scanning, and penetration testing.
• Support developers in identifying, analyzing, and remediating security vulnerabilities in software applications.
• Work with application development teams to integrate security best practices into the SDLC.
• Assist in managing Web Application Firewalls (WAFs) and other security technologies to protect applications from threats.
• Monitor security tools and respond to security incidents related to applications, working with senior analysts as needed.
• Participate in threat modeling to proactively identify risks in healthcare applications.
• Research and stay up-to-date on emerging application security threats, frameworks (e.g., OWASP Top 10, NIST, HIPAA, HITRUST), and best practices.
• Assist in reviewing and implementing secure authentication and access control mechanisms for applications, including modern authentication methods (OAuth, SAML, MFA).
• Contribute to the development and maintenance of security policies, procedures, and documentation related to application security.
• Collaborate with cross-functional teams, including developers, IT, compliance, and risk management, to ensure security requirements are met.

SUPPLEMENTAL JOB FUNCTIONS:

• Performs additional duties as directed.
• Effectively accomplishes set goals while primarily working in a remote capacity.
• Collaborate with peers and team leads on investigations and continuous improvement.

Qualifications

EDUCATION & EXPERIENCE:

• 0-2 years of experience in an Information Technology role
• Demonstrated interest in the cybersecurity domain

KNOWLEDGE SKILLS & ABILITIES:

• Basic understanding of web application security principles and OWASP Top 10 vulnerabilities (e.g., SQL Injection, Cross-Site Scripting, Broken Authentication).
• Knowledge of software development methodologies and how security fits into the SDLC.
• Ability to read and understand code snippets and identify potential security risks.
• Strong analytical and problem-solving skills with attention to detail.
• Willingness to learn and apply new application security tools and technologies.
• Understanding of HIPAA, HITRUST, and other healthcare cybersecurity regulations is a plus.
• Excellent written and verbal communication skills to collaborate with developers, IT teams, and stakeholders.
• Self-motivated with the ability to work independently and as part of a team in a fast-paced healthcare environment.

If you feel this opportunity could be the next step in your career, we encourage you to apply. This position will accept applications on an ongoing basis.

Owens & Minor is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, sex, sexual orientation, genetic information, religion, disability, age, status as a veteran, or any other status prohibited by applicable national, federal, state or local law.