Application Security Analyst

At Owens & Minor, we are a critical part of the healthcare process. As a Fortune 500 company with 350+ facilities across the US and 22,000 teammates in over 90 countries, we provide integrated technologies, products and services across the full continuum of care. Customers—and their patients—are at the heart of what we do.

Our mission is to empower our customers to advance healthcare, and our success starts with our teammates. 

Owens & Minor teammate benefits include:

• Medical, dental, and vision insurance, available on first working day

• 401(k), eligibility after one year of service

• Employee stock purchase plan

• Tuition reimbursement

The Entry-Level Cybersecurity Analyst will play a key role in supporting the organization’s Application Security Program, ensuring the security of healthcare applications and data. This position is responsible for assisting in the implementation of security best practices within the Secure Software Development Lifecycle (SDLC), performing application security assessments, and supporting developers in identifying and remediating security vulnerabilities.

This role offers an excellent opportunity to develop expertise in Application Security while contributing to the protection of electronic health records (EHRs) and other critical healthcare applications.

• Assist in conducting application security assessments, including static and dynamic code analysis, vulnerability scanning, and penetration testing.
• Support developers in identifying, analyzing, and remediating security vulnerabilities in software applications.
• Work with application development teams to integrate security best practices into the SDLC.
• Assist in managing Web Application Firewalls (WAFs) and other security technologies to protect applications from threats.
• Monitor security tools and respond to security incidents related to applications, working with senior analysts as needed.
• Participate in threat modeling to proactively identify risks in healthcare applications.
• Research and stay up-to-date on emerging application security threats, frameworks (e.g., OWASP Top 10, NIST, HIPAA, HITRUST), and best practices.
• Assist in reviewing and implementing secure authentication and access control mechanisms for applications, including modern authentication methods (OAuth, SAML, MFA).
• Contribute to the development and maintenance of security policies, procedures, and documentation related to application security.
• Collaborate with cross-functional teams, including developers, IT, compliance, and risk management, to ensure security requirements are met.

• Performs additional duties as directed.
• Effectively accomplishes set goals while primarily working in a remote capacity.
• Collaborate with peers and team leads on investigations and continuous improvement.

Qualifications

• 0-2 years of experience in an Information Technology role
• Demonstrated interest in the cybersecurity domain

• Basic understanding of web application security principles and OWASP Top 10 vulnerabilities (e.g., SQL Injection, Cross-Site Scripting, Broken Authentication).
• Knowledge of software development methodologies and how security fits into the SDLC.
• Ability to read and understand code snippets and identify potential security risks.
• Strong analytical and problem-solving skills with attention to detail.
• Willingness to learn and apply new application security tools and technologies.
• Understanding of HIPAA, HITRUST, and other healthcare cybersecurity regulations is a plus.
• Excellent written and verbal communication skills to collaborate with developers, IT teams, and stakeholders.
• Self-motivated with the ability to work independently and as part of a team in a fast-paced healthcare environment.

If you feel this opportunity could be the next step in your career, we encourage you to apply. This position will accept applications on an ongoing basis.

Owens & Minor is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, sex, sexual orientation, genetic information, religion, disability, age, status as a veteran, or any other status prohibited by applicable national, federal, state or local law.