Information Security Analyst - Application Security (Penetration Tester)

One of the nation’s largest and most respected providers of hospital and healthcare services, Universal Health Services, Inc. (NYSE : UHS) has built an impressive record of achievement and performance. Growing steadily since its inception into an esteemed Fortune 300 corporation, annual revenues were $15.8 billion in 2024. During the year, UHS was again recognized as one of the World’s Most Admired Companies by Fortune; and listed in Forbes ranking of America’s Largest Public Companies. Headquartered in King of Prussia, PA, UHS has approximately 99,000 employees and continues to grow through its subsidiaries. Operating acute care hospitals, behavioral health facilities, outpatient facilities and ambulatory care access points, an insurance offering, a physician network and various related services located all over the U.S. States, Washington, D.C., Puerto Rico and the United Kingdom.

The Corporate Information Services Department is seeking a dynamic and talented Information Security Analyst I-Application Security.

As a key member of our collaborative Cybersecurity team, the Information Security Analyst I – Application Security will play a critical role in safeguarding UHS and affiliates information systems. In this role, you will be responsible for identifying, assessing, and mitigating security vulnerabilities in our applications, guiding secure development practices, and collaborating with development teams to embed security throughout the software development lifecycle (SDLC).Works with technical and non-technical staff to insure that deployed technologies are effectively and efficiently providing the intended controls consistent with established policies and procedures. Where appropriate, trains and supports technical staff in UHS affiliated locations to deploy, manage and support selected technologies. May oversee the technical aspects of tasks assigned to less experienced staff or contractors on projects, systems or applications assigned.

Key Responsibilities include :

• Maintains selected information security technologies within guidelines of policies and in keeping with good project management principles. Monitors the resolution of maintenance or enhancement issues assigned by the UHS Customer Support Center.
• Perform in-depth security assessments of web, mobile, APIs, and cloud-based applications through code reviews, using tools such as SAST, DAST, IAST, SCA, manual techniques, and penetration testing.
• Periodically reviews deployed security technologies to ensure that the solutions continue to provide the intended protections efficiently and effectively.
• Work closely with DevOps and engineering teams to integrate security into CI / CD pipelines (DevSecOps).
• Identifies gaps in protection, and recommends solutions to remediate or mitigate the risks associated with the protection gaps.
• Document findings and assist in creating reports and metrics for technical and non-technical audiences.
• Assists more experienced members of the Information Security Team implement and support new information security technologies or processes.
• Works with staff at all levels in the organization, vendors and contractors to insure protections are effective, efficient and non-disruptive to the appropriate duties, rights and mission of the individuals and the organization(s) affected.

Position Requirements :

Relevant Entry-Level Certifications (one or more required) :

Relevant Advanced Certifications (one or more preferred) :

Bonus Broader Offensive Security Certifications :

Significant relevant experience in addition to professional certifications and / or an Associate’s Degree (4 years) may be considered in lieu of the educational requirement.

Travel Requirements : Up to 5% - 10% US - to field locations may be necessary to complete assigned projects.

This opportunity provides the following :