Security Analyst II

About The Position

Requirements

• Proficiency with Microsoft M365 and Azure, including configuration, monitoring, and incident response.
• Experience managing and securing CloudFlare or similar CDN and security platforms.
• Familiarity with Github for code repository management, including security practices in version control systems.
• Hands-on experience with security tools, SIEM platforms, and vulnerability management solutions.
• Deep understanding of HIPAA and HITRUST frameworks with experience ensuring technology compliance.
• Proven track record of performing security audits, risk assessments, and regulatory compliance reviews in the healthcare sector.
• Strong analytical skills to detect, assess, and resolve security incidents and vulnerabilities.
• Excellent problem-solving abilities and the capacity to adapt to emerging cybersecurity challenges.
• Ability to clearly communicate technical security concepts to non-technical stakeholders.
• Experience collaborating with IT, engineering, and compliance teams to embed security into business processes.
• Strong organizational skills and attention to detail in managing security documentation and reports.

Nice To Haves

• Bachelor’s degree in Computer Science, Information Security, or related field.
• 3-5 years related work experience.
• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or equivalent.
• Experience in a SaaS environment, particularly within the healthcare industry.
• Demonstrated experience in a DevSecOps environment and familiarity with CI/CD pipelines.

Responsibilities

• Continuously monitor security events and alerts across the company’s cloud and on-premises environments.
• Investigate, analyze, and respond to security incidents in a timely manner to minimize impact.
• Develop and maintain incident response plans, including root cause analysis and remediation strategies.
• Manage security configurations, access controls, and threat monitoring in Microsoft Azure and Microsoft M365 environments.
• Oversee the implementation and management of CloudFlare services to protect against external threats, such as DDoS attacks and web application vulnerabilities.
• Ensure that cloud security best practices are adhered to throughout our SaaS solutions.
• Ensure that all systems and processes comply with HIPAA and HITRUST standards, conducting regular audits and risk assessments.
• Collaborate with compliance and legal teams to develop internal policies and procedures that support regulatory requirements.
• Maintain documentation for security controls, incident reports, and audit trails for review by external regulators.
• Review and monitor security configurations and code repositories in Github.
• Collaborate with development teams to embed security practices (DevSecOps) into the software development lifecycle.
• Implement automated security testing and continuous monitoring to proactively identify vulnerabilities.
• Develop and update the organization’s security strategy to address emerging threats in the evolving healthcare SaaS landscape.
• Stay current on industry trends, best practices, and emerging technologies to continuously enhance the organization’s security posture.
• Conduct security awareness training for employees and stakeholders.
• Perform regular risk assessments, vulnerability scans, and penetration tests to evaluate the effectiveness of security controls.
• Report on security incidents, compliance metrics, and risk assessments to senior management.
• Collaborate with cross-functional teams to develop mitigation strategies for identified risks.