We are seeking a highly skilled and experienced professional to join our Information Security team as a Senior Information Security Analyst. This position will report directly to the Director of Information Security and will play a critical role in supporting our security program. The ideal candidate will have hands-on experience with a variety of security technologies and a strong understanding of security and compliance requirements.
This position is fully remote and we are willing to consider candidates based on location.
Key Responsibilities
- Microsoft Azure: Review configurations, including the use of posture management tools, for Azure resources such as networking, firewalls, virtual machines, storage, and virtual desktop environments. Recommend improvements and ensure that findings are addressed in a timely manner.
- Office 365 & Microsoft Security Suite: Manage Office 365, Defender for Endpoint, and Microsoft Sentinel. Implement and monitor security measures across these platforms including verification that connected data sources are functioning and adequate and that alerts and recommendations are being addressed.
- Security Monitoring & Response: Utilize SIEM tools (Microsoft Sentinel or equivalent) for security monitoring, incident response, and threat detection. Develop and maintain security dashboards and alerts.
- Incident Response: Respond to and escalate incidents as appropriate. Develop and maintain incident response playbooks, ensuring a structured and efficient response to security incidents. Participate in or lead incident response tabletop exercises.
- Query & Scripting: Leverage scripting languages and query tools such as KQL and PowerShell for automation, reporting, and data analysis.
- Endpoint Security: Configure and address findings from Qualys, CrowdStrike, and Defender for Endpoint portals. Maintain software allow/block lists and ensure available patches are applied timely. Ensure asset inventories are current and accurate.
- Email Security: Manage and support Exchange and Outlook environments, utilizing an understanding of phishing techniques to assist in identifying, confirming, and neutralizing potential threats in quarantine or reported by users.
- Training and Awareness: Educate users through simulated phishing campaigns and user awareness training including developing content for newsletters, presentations, and role specific learning.
- Network & Firewall Management: Oversee reviews of firewall and other network configurations and manage web filtering tools. Ensure documentation such as network diagrams is accurate and kept current.
- Identity & Access Management: Manage Entra/Active Directory, implement Conditional Access Policies, perform access and directory health reviews, and maintain data loss prevention strategies.
- Compliance & Risk Management: Support compliance efforts with frameworks such as HIPAA, HITRUST, and PCI. Conduct third-party risk assessments, participate in assessments and evidence gathering, and ensure maintenance of and adherence to policies and procedures.
- Penetration Testing: Schedule or conduct and then manage remediation of findings from External and Internal Network and Application Penetration Tests and Vulnerability Scans.
- Business Continuity & Disaster Recovery: Assist in improving, testing, and verifying business continuity and disaster recovery plans including verification of backups and technical recovery procedures.
- Vendor Management: Manage vendor relationships, contracts, and performance evaluations.
- Emerging Technologies: Stay current with new security technologies and trends. Evaluate and recommend new tools and solutions to enhance the organization's security capabilities.
Qualifications:
- At least six years of experience in a similar role focusing on security and compliance.
- Preference for experience with security, compliance, and information technology in a healthcare environment.
- Comfort with and experience working directly to support end users.
- Excellent problem-solving skills and the ability to work under pressure.
- Relevant certifications (e.g., CISSP, CISM, Azure Security Engineer) are a plus.
This role has a salary range of $125,000 and regular, full-time employees working 30 or more hours per week are eligible for comprehensive benefits including Medical, Dental, Vision, Life, 401(K), Paid time off (PTO).
The Company is committed to the principles of equal employment. We are committed to complying with all federal, state, and local laws providing equal employment opportunities, and all other employment laws and regulations. It is our intent to maintain a work environment which is free of harassment, discrimination, or retaliation because of age, race, color, national origin, ancestry, religion, sex, pregnancy (including childbirth, lactation and related medical conditions), physical or mental disability, genetic information (including testing and characteristics), veteran status, uniformed servicemember status, or any other status protected by federal, state, or local laws. The company is dedicated to the fulfillment of this policy in regard to all aspects of employment, including but not limited to recruiting, hiring, placement, transfer, training, promotion, rates of pay, and other compensation, termination, and all other terms, conditions, and privileges of employment
For information about our Privacy Policy, please visit here
Apply Now