Cyber Security Analyst

HopeHealth Inc

About The Position

The Cyber Security Analyst plays a critical role in protecting HopeHealth’s information systems, patient data, and network infrastructure. This position supports the daily monitoring, analysis, and improvement of security controls across all HopeHealth environments. The analyst will respond to cyber threats, perform vulnerability assessments, enforce security policies, and ensure compliance with HIPAA, HRSA, 340B program standards, and industry security frameworks applicable to Federally Qualified Health Centers (FQHCs). This role is ideal for a detail-oriented, disciplined security professional with strong networking knowledge, hands-on incident response experience, and the ability to work collaboratively across IT and clinical operations.

Requirements

Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field (or equivalent experience).
Minimum 3-4 years of hands-on cybersecurity experience, preferably in healthcare or another regulated industry.
Strong understanding of: Networking (TCP/IP, VLANs, DNS, VPNs, routing/switching) Firewalls, IDS/IPS, SIEM tools Endpoint security, email security, and identity management
Experience with vulnerability management tools (e.g., Tenable, Qualys, etc.).
Working knowledge of HIPAA, NIST CSF, CIS Controls, and incident response frameworks.
Ability to develop and maintain technical documentation and policy materials.
Strong analytical thinking, problem-solving, and communication skills.

Nice To Haves

Experience in an FQHC or healthcare environment.
Certifications such as: Security+, CySA+, CEH, CCNA, GSEC, or equivalent.
Experience with cloud security (Office 365, Azure, AWS).
Knowledge of MDR/XDR tools and threat intelligence platforms.
Familiarity with PCI DSS, SOC 2, and 340B compliance requirements.

Responsibilities

Monitor HopeHealth’s SIEM, EDR, firewall logs, and intrusion detection systems for anomalies.
Perform triage, investigation, and remediation for security alerts and incidents.
Document findings and generate incident reports with recommendations for corrective action.
Assist with forensic analysis of compromised systems when necessary.
Conduct scheduled vulnerability scans across servers, workstations, cloud services, and medical devices.
Prioritize and track remediation in coordination with IT Infrastructure teams.
Validate the effectiveness of patches and configuration changes.
Implement and maintain secure network configurations across routers, switches, firewalls, and wireless access points.
Support segmentation projects, VPN management, zero-trust architecture enhancements, and MFA enforcement.
Evaluate new technologies for security risks and recommend secure implementation strategies.
Assist in writing, updating, and enforcing cybersecurity policies, standards, and procedures.
Support HIPAA Security Rule audits, HRSA OSV readiness, and annual risk assessments.
Maintain documentation required for compliance with 340B program integrity regarding system access and data safeguards.
Provide training and support to staff on phishing prevention, secure workflows, and incident reporting.
Assist in managing simulated phishing campaigns and tracking user performance metrics.
Collaborate with HR and Compliance on onboarding/offboarding security processes.
Support IAM processes (provisioning, deprovisioning, access reviews).
Maintain privilege management policies and review elevated access usage.
Ensure alignment with least-privilege principles across all departments.
Assist with security architecture improvements, cloud migrations, and infrastructure upgrades.
Participate in disaster recovery planning, business continuity exercises, and tabletop simulations.
Recommend new security controls or technology enhancements to reduce organizational risk.