Application Security Analyst

At Owens & Minor, we are a critical part of the healthcare process. As a Fortune 500 company with 50+ facilities across the US and 18,000 teammates in over 90 countries, we provide integrated technologies, products and services across the full continuum of care. Customers—and their patients—are at the heart of what we do.

Our mission is to empower our customers to advance healthcare, and our success starts with our teammates. 

Owens & Minor teammate benefits include:

• Medical, dental, and vision insurance, available on first working day
• 401(k), eligibility after 30 days of employment
• Employee stock purchase plan
• Tuition reimbursement
• Development opportunities to grow your career with a global company

Position Summary: We are seeking a dedicated and knowledgeable Application Security Analyst to join our Information Security team. This role will be pivotal in supporting the security and compliance of our patient-facing applications. The applications include a mix of legacy and modern systems developed in HTML, Java, and .NET. The ideal candidate will have substantial experience in vulnerability management, secure coding practices, and be well-versed in OWASP guidelines. Proficiency with static and dynamic code analysis tools is essential.

Key Responsibilities:

• Conduct comprehensive security assessments of patient-facing applications to identify vulnerabilities and ensure compliance with healthcare regulations.
• Implement and enforce secure coding practices across all development teams, adhering to OWASP guidelines.
• Utilize static and dynamic code analysis tools to evaluate the security of application code and provide actionable recommendations for remediation.
• Collaborate with development teams to integrate security into the software development lifecycle (SDLC).
• Coordinate with Vulnerability Management teams for regular application vulnerability scans and penetration tests on applications to identify and mitigate security risks.
• Monitor and respond to security incidents related to applications, working with other IT and security teams to resolve issues promptly.
• Develop and maintain security documentation, including policies, procedures, and guidelines for application security.
• Provide training and awareness programs for developers on secure coding practices and application security best practices.
• Stay up-to-date with the latest security threats, vulnerabilities, and industry best practices to continuously improve the security posture of our applications.

Qualifications:

• Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent work experience.
• 3+ years of experience in application security, vulnerability management, or a related field.
• Strong understanding of secure coding practices and experience in implementing them in HTML, Java, and .NET applications.
• Proficiency with static and dynamic code analysis tools (e.g., SonarQube, Fortify, Veracode).
• Experience conducting vulnerability assessments, penetration testing, and security code reviews.
• In-depth knowledge of OWASP guidelines and their application in securing software.
• Knowledge of healthcare regulations and compliance requirements (e.g., HIPAA, HITECH) is highly desirable.
• Excellent problem-solving skills and attention to detail.
• Strong communication and interpersonal skills, with the ability to work collaboratively with cross-functional teams.
• Relevant certifications (e.g., CISSP, CSSLP, CEH) are a plus.

If you feel this opportunity could be the next step in your career, we encourage you to apply. This position will accept applications on an ongoing basis.

Owens & Minor is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, sex, sexual orientation, genetic information, religion, disability, age, status as a veteran, or any other status prohibited by applicable national, federal, state or local law.