HiringCafe
Posted 3d ago

Application Security Analyst

@ HealthStream
View All Jobs
Nashville or San Diego or United States
$79k-$85k/yrHybridFull Time
Responsibilities:testing applications, managing vulnerabilities, supporting SDLC
Requirements Summary:Bachelor's degree or equivalent experience; 2+ years in application security or security-focused software development; knowledge of OWASP Top 10, SAST/DAST/IAST tools, cloud security (AWS/Azure), CI/CD integration, API security, and scripting (Python, JavaScript, Java, Go).
Technical Tools Mentioned:OWASP Top 10, OWASP SAMM, NIST, CIS Controls, SAST, DAST, IAST, Synk, Snyk, Invicti, Checkmarx, SonarQube, Burp Suite, DefectDojo, CI/CD, DevSecOps, AWS, Azure, RESTful, Python, JavaScript, Java, Go, IAM, OAuth, OpenID Connect, HIPAA, SOC 2, HITRUST, FedRAMP
Save
Mark Applied
Hide Job
Report & Hide
Job Description

Company Overview

 



HealthStream is the leader in healthcare workforce solutions. We help organizations work better by helping their people work smarter.

 



HealthStream provides the leading learning, clinical development, credentialing, and scheduling applications delivered on healthcare’s #1 platform. We streamline everyday tasks while improving performance, engagement, and safety – fostering a workplace where people flourish, and care thrives.





 



Why Join Us



 



At HealthStream, you’ll have the opportunity to make a meaningful impact on the future of healthcare by collaborating with a team of talented professionals dedicated to innovation and excellence. We offer competitive compensation, comprehensive benefits, and a supportive work environment where creativity and collaboration thrive.



 



Our shared vision is to enhance the quality of healthcare by empowering the people who deliver care – a commitment we have upheld for over 30 years through providing innovative solutions and driving constant growth. Join us in revolutionizing the healthcare industry and shaping the future of patient care. As a HealthStreamer, you will be at the forefront of healthcare technology innovation, making a recurring impact on the industry.



 



 



We’re proud of our values-forward culture that offers our people:

 




  • Mission-oriented work

  • Diverse and inclusive culture

  • Competitive Compensation & Bonuses

  • Comprehensive Insurance Plans

  • Mental and Physical Health Support

  • Work-from-home flexibility

  • Fitness Center Reimbursements

  • Streaming Good time off for volunteering

  • Wellness workshops

  • Buddy Program for new HealthStreamers

  • Collaborative work environment

  • Career growth opportunities

  • Continuous learning opportunities

  • Inspiring workspaces to collaborate and connect with other HealthStreamers

  • Free employee parking at our Resource Centers in Nashville and San Diego



 



 



At HealthStream, our thriving culture encourages collaboration and values contributions, allowing our team members to continuously solve big problems and grow. We offer flexibility and paid time off to support work-life integration for all employees, including a hybrid work environment and Streaming Good volunteer day. For team members in commutable distance, HealthStream has Resource Centers in Nashville, TN and San Diego, CA. Our resource centers provide an inspiring workspace to collaborate and recharge as well as company-sponsored onsite social events for development, connection, and celebration.



 



We are committed to driving innovation in healthcare and ensuring that patients receive competent care from qualified professionals. As a HealthStream team member, you will help bring this vision to life. If you want to work for a company committed to its values and vision, HealthStream is the place for you!



 



HealthStream is an equal opportunity employer. HealthStream prohibits employment practices that discriminate against individual employees or groups of employees on the basis of age, color, disability, national origin, race, religion, sex, sexual orientation, pregnancy, veteran or military status, genetic information or any other category deemed protected by state and/or federal law.



 



 



 



Position Information



 



 



Position Overview



The Application Security Analyst plays a hands-on role in supporting and executing the application security program at HealthStream. Working closely with and under the guidance of the Sr. Application Security Architect, this role focuses on identifying, assessing, and helping remediate security vulnerabilities across our software products and cloud environments. The Analyst will partner with Engineering, DevOps, and Product teams to embed security practices into the software development lifecycle (SDLC), operate security tooling, and contribute to a culture of security awareness. This is an excellent opportunity for a motivated security professional looking to grow within a collaborative, mission-driven healthcare technology organization. 



 



Key Responsibilities



You will be responsible for adhering to all HealthStream security policies, procedures, and assigned training.



Application Security Testing & Vulnerability Management 




  • Operate and manage automated application security testing tools, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST). 

  • Triage, validate, and prioritize vulnerability findings from security scans, penetration tests, and bug reports, working with development teams to track remediation to closure. 

  • Conduct or support manual security assessments and penetration testing of web applications, APIs, and mobile applications. 

  • Produce clear, actionable vulnerability reports with risk ratings and remediation guidance for development teams. 

  • Manage and maintain vulnerability findings within the Snyk, Invicti and SonarQube or equivalent vulnerability management platform. 



 



Secure Development Lifecycle (SDLC) Support 




  • Support the integration of security into CI/CD pipelines and DevSecOps workflows, including automated security gate checks. 

  • Participate in design and architecture reviews with a security lens, helping identify potential risks early in the development process. 

  • Assist in threat modeling exercises for new features and systems under the guidance of the AppSec Architect. 

  • Perform security-focused code reviews and provide developers with clear, constructive feedback and guidance. 

  • Contribute to the maintenance of a secure code library and reusable security patterns for development teams. 



 



Security Tooling & Cloud Security 




  • Support the management and configuration of application security tools such as Synk, Invicti, SonarQube and DefectDojo. 

  • Assist in implementing and monitoring security controls for cloud-based environments, including AWS and Azure. 

  • Evaluate and test emerging security tools and contribute recommendations to the AppSec team. 

  • Support API security testing and assist in securing third-party and open-source integrations. 



 



Security Awareness & Collaboration 




  • Collaborate with cross-functional teams including Engineering, DevOps, and Product to promote security best practices and a shift-left mindset. 

  • Deliver security awareness content and assist in conducting security training sessions for development staff. 

  • Stay current on emerging security threats, vulnerabilities (CVEs), and attack techniques, sharing relevant intelligence with the team. 

  • Assist in maintaining security documentation, standards, runbooks, and internal knowledge base articles. 

  • Support compliance-related activities, including evidence gathering for audits related to HIPAA, SOC 2, HITRUST or other applicable frameworks. FedRAMP experience is a plus. 

  • Other Duties as assigned.