Senior Information Security Analyst - IS Mod

The Senior Information Security Analyst – Application Protection will support enterprise efforts to secure APIs and provide support for secure software development lifecycle (S-SDLC) initiatives and operations. 

Responsibilities

• Partner with Information Technology and development teams to ensure secure API design, implementation, and operation in alignment with organizational policies and standards.
• Review and analyze API and application vulnerability data; identify trends, assess risk, and provide reporting to support remediation and risk reduction efforts.
• Coordinate exception management workflows related to vulnerability and application protection policies to ensure effective remediation and accountability.
• Contribute to the design and implementation of a robust, repeatable, and measurable secure development lifecycle process in collaboration with IT and Security stakeholders.
• Support Application Security Posture Management (ASPM) through data analysis and reporting to improve application security visibility.
• Support the creation and continuous improvement of governance, metrics, and documentation that promote secure development best practices.

This is a full-time, remote position within the United States.

This vacancy is not eligible for sponsorship/ we will not sponsor or transfer visas for this position. Also, Mayo Clinic DOES NOT participate in the F-1 STEM OPT extension program.

Master's degree in applicable field and 4 years' experience, or Bachelor’s degree in applicable field and 5 years’ experience. Pertinent fields of study and experience include (but is not limited to) the following: information security, operational analysis, process change, electronic systems implementation, leadership, systems analysis and project management with broad-based key enterprise initiatives. Must have one of the following certifications (or equivalent) at time of hire. In lieu of
certification at time of hire, candidate must pass the exam within three years and complete the certification process once years of service requirements of the certifying body have been met.

• CISSP
• CISM
• HCISPP
• GSEC
• OSCP

Preferred Qualifications:

Strong understanding of API security concepts, including specifications (e.g., REST, GraphQL, OpenAPI), architectures, and common vulnerabilities (e.g., OWASP API Security Top 10), preferred.

Experience using and interpreting results from application and API security tools such as SAST, DAST, SCA, or API gateways.

Familiarity with vulnerability management processes, including triage, prioritization, and remediation tracking.

Working knowledge of secure software development practices and CI/CD pipeline integration points.

Ability to analyze and correlate data from multiple security tools to identify trends, coverage gaps, and areas for improvement.

Proven ability to communicate technical risk findings clearly to both technical and non-technical audiences.

Experience collaborating with development and infrastructure teams to drive remediation and enhance security practices.

Familiarity with automation and reporting through tools such as ServiceNow or custom dashboards.