IT Security Analyst
InVita Healthcare TechnologiesAbout InVita Healthcare Technologies
InVita Healthcare Technologies is a leading software provider for complex medical, forensics, and community care environments. We build specialized, highly configurable, and integrated systems that support hospitals, blood centers, donation organizations, public health labs, and forensic labs. InVita is the clear leader in the blood, implant, organ procurement, DNA, and Forensic software markets. Our software solutions have built-in compliance safeguards that streamline processes and enable quick and efficient information exchange with better decision making. For more information about our software solutions, please visit invitahealth.com.
Job Title: IT Security Analyst
Department: Security & Compliance
Reporting to: Director of Security
Location: Baltimore, MD
Hours of work: Typical hours of work are from 8:30 AM until 5:00 PM local time Monday through Friday. Flexibility of Working Hours dependent on location. Additional hours may be necessary as needed. This position is exempt from overtime.
Compensation: $65,000 - $75,000 annually. Range is commensurate with experience.
Who We Are
InVita develops specialized medical software for regulated industries that support the advancement of Human Biologics as well as Public Health and Safety. We are the acknowledged leader in the markets we serve. Our subject matter expertise is unmatched in the industry and our products are used by public health and medical professionals across the globe. As we expand, we are strengthening our security posture to continue to meet[LB1] regulatory requirements, manage risk, and protect sensitive healthcare data.
Overview
We are seeking a Security Analyst to support day-to-day security operations across our applications, endpoints, cloud environments, and corporate IT systems. This role focuses on monitoring and triaging security alerts, supporting incident response, improving detection and response playbooks, and partnering with IT, DevOps, and Engineering teams to reduce risk. The Security Analyst will also support control evidence collection and customer due diligence activities (e.g., SOC 2, HIPAA, and customer security questionnaires) as needed.
Essential Functions
Security Monitoring & Alert Triage
Required
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodation may be made to enable individuals with disabilities to perform the functions.
This document does not create an employment contract, implied or otherwise, other than an "at-will" relationship.
InVita provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.
[LB1]to continue to meet
InVita Healthcare Technologies is a leading software provider for complex medical, forensics, and community care environments. We build specialized, highly configurable, and integrated systems that support hospitals, blood centers, donation organizations, public health labs, and forensic labs. InVita is the clear leader in the blood, implant, organ procurement, DNA, and Forensic software markets. Our software solutions have built-in compliance safeguards that streamline processes and enable quick and efficient information exchange with better decision making. For more information about our software solutions, please visit invitahealth.com.
Job Title: IT Security Analyst
Department: Security & Compliance
Reporting to: Director of Security
Location: Baltimore, MD
Hours of work: Typical hours of work are from 8:30 AM until 5:00 PM local time Monday through Friday. Flexibility of Working Hours dependent on location. Additional hours may be necessary as needed. This position is exempt from overtime.
Compensation: $65,000 - $75,000 annually. Range is commensurate with experience.
Who We Are
InVita develops specialized medical software for regulated industries that support the advancement of Human Biologics as well as Public Health and Safety. We are the acknowledged leader in the markets we serve. Our subject matter expertise is unmatched in the industry and our products are used by public health and medical professionals across the globe. As we expand, we are strengthening our security posture to continue to meet[LB1] regulatory requirements, manage risk, and protect sensitive healthcare data.
Overview
We are seeking a Security Analyst to support day-to-day security operations across our applications, endpoints, cloud environments, and corporate IT systems. This role focuses on monitoring and triaging security alerts, supporting incident response, improving detection and response playbooks, and partnering with IT, DevOps, and Engineering teams to reduce risk. The Security Analyst will also support control evidence collection and customer due diligence activities (e.g., SOC 2, HIPAA, and customer security questionnaires) as needed.
Essential Functions
Security Monitoring & Alert Triage
- Monitor security alerts from SIEM/MDR, endpoint protection (EDR), cloud security tooling, and other sources; triage and investigate suspicious activity.
- Analyze logs and telemetry (endpoint, network, identity, and cloud) to identify root cause, scope, and potential impact.
- Document investigations clearly, including timelines, evidence, and recommended next steps; escalate incidents when required.
- Support tuning of detections, alert thresholds, and response workflows to reduce noise and improve time to detect.
- Assist with incident response activities including containment, eradication, and recovery for events such as phishing, malware, suspicious logins, or data exposure.
- Collect and preserve evidence and relevant logs; support coordination with internal stakeholders and external partners when needed.
- Maintain and improve incident response runbooks and playbooks; participate in tabletop exercises and post-incident reviews.
- Support vulnerability management by reviewing scan results, prioritizing findings, and tracking remediation through closure.
- Validate remediation efforts (e.g., patching, configuration hardening, IAM changes) and document verification evidence.
- Assist with identifying and tracking security configuration risks across cloud and endpoint environments.
- Assist in the design, delivery, and continuous improvement of security awareness and training program aligned with risk, regulations, and threat trends
- Support development of role-based security training content covering phishing, data handling, secure development, and incident reporting
- Perform phishing simulation campaigns, analyzing results, and drive targeted remediation to reduce risk
- Track training completion, maintain audit-ready evidence, and report effectiveness metrics
- Promote a strong security culture by translating incidents and threat intelligence into actionable awareness initiatives
- Support ongoing evidence collection and control testing for compliance programs such as SOC 2 and HIPAA.
- Contribute to customer security questionnaires and due diligence requests by providing accurate, current technical/security details.
- Help maintain security documentation including standards, procedures, FAQs, and customer-facing security summaries.
- Identify opportunities to improve security operations through automation, better documentation, and workflow standardization.
- Develop basic reporting and metrics (e.g., alert volumes, response times, remediation status) to support security leadership and continuous improvement.
Required
- 2+ years of experience in security operations, incident response, IT audit, risk management, or a related field.
- Working knowledge of common security controls and frameworks (e.g., SOC 2, HIPAA, NIST, ISO 27001).
- Experience triaging and investigating alerts using SIEM and/or MDR tooling and endpoint detection and response (EDR).
- Familiarity with cloud environments (AWS, Azure, and/or GCP) and SaaS security concepts.
- Strong writing and documentation skills, with the ability to communicate technical findings clearly and accurately.
- Strong organizational skills with attention to detail and the ability to manage multiple investigations and requests simultaneously.
- Experience working in a SaaS, healthcare, or highly regulated industry.
- Experience with Microsoft Defender, MDR providers (e.g., Arctic Wolf or similar), and vulnerability management tooling.
- Basic scripting skills (Python, PowerShell, or Bash) for automation and investigation support.
- Security certifications such as Security+, GSEC, GCIH, CISSP, or CISA are a plus.
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodation may be made to enable individuals with disabilities to perform the functions.
- While performing the duties of this position, prolonged periods of sitting at a desk and working on a computer may be required.
- Additionally, the employee is regularly required to talk or listen.
- The employee frequently is required to use hands or fingers, handle, or feel objects, tools, or controls.
- The employee is occasionally required to stand, walk, sit; reach with hands and arms; climb or balance; and stoop, kneel, crouch, or crawl.
- The employee must occasionally lift and/or move up to 15 pounds.
- Specific vision abilities required by this position include close vision, distance vision, color vision, peripheral vision, and the ability to adjust focus.
- The noise level in the work environment is usually moderate.
This document does not create an employment contract, implied or otherwise, other than an "at-will" relationship.
InVita provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.
[LB1]to continue to meet
Job Type
- Job Type
- Contract
- Location
- Baltimore, MD
Share this job: