Lead Information Security Analyst

Job ID 2019-1418

Technology New York, New York


WebMD is the most recognized and trusted brand of health information and the leading provider of health information services, serving consumers, physicians, healthcare professionals, employers and health plans through our public and private online portals and WebMD the Magazine. The WebMD Health Network includes WebMD, Medscape, MedicineNet, eMedicine, RxList, theheart.org and Medscape Education. Our consumer portals and mobile health applications provide engaging, relevant and credible health and wellness information, personalized health assessment tools and access to online communities.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.

Lead Information Security Analyst


  • Provide comprehensive Technical Leadership for company-wide Information Security
  • Perform security architecture reviews; providing guidance to engineers and developers
  • Drive implementation of security tools and platforms
  • Monitor and test web applications for vulnerabilities (including SQL Injection, Cross Site Scripting, etc.)
  • Promote secure development and coding methodologies
  • Oversee internal/external vulnerability scans and coordinate related remediation activities
  • Conduct internal security assessments of platforms and sites
  • Perform security due diligence of third party tools, vendors and systems
  • Assist in the resolution of security incidents including root cause analysis
  • Research/recommend tools/processes/technologies for ensuring the security of WebMD


  • Bachelor’s degree in Computer Science or Engineering
  • 5 + years’ experience in Information Security with a background in application security and experience with OWASP related vulnerabilities and mitigation strategies
  • Proven knowledge of threats, vulnerabilities, attack methods and countermeasures for web based applications, including threat modeling, secure coding, and vulnerability testing
  • Experience with software development (for example: .NET, Java, C#, etc.)
  • Familiarity with regulatory and standards requirements and practices (SOX/HIPAA/FISMA and one or more of ISO 27000 series)