[Remote] Security Analyst

Note: The job is a remote job and is open to candidates in USA. Metro Vein Centers is a rapidly growing healthcare practice specializing in state-of-the-art vein treatments. They are hiring a Security Analyst to own and mature their information security program across a 70+ clinic, cloud-first healthcare environment, focusing on proactive security and HIPAA compliance.

Responsibilities

• Monitor security alerts and events across the environment; investigate, triage, and respond to incidents in a timely manner
• Administer and maintain Google Workspace security controls, including DLP policies, Gmail security settings, Drive sharing policies, and audit log review
• Manage endpoint detection and response operations
• Oversee device compliance policies, conditional access rules, and endpoint security baselines
• Administer and enforce MFA policies and password complexity standards across all user populations
• Conduct quarterly role-based access audits across critical systems including Athena, Luma, Google Workspace, and BigQuery
• Own and maintain least-privilege access model across enterprise applications and identity platforms
• Manage email security controls including phishing protection, spam filtering, and DMARC/DKIM configuration
• Design and execute phishing simulation campaigns; deliver user security awareness training
• Support HIPAA security compliance, including contributing to risk assessments, policy updates, and audit readiness
• Assist with identity and access management (IAM) administration, including SSO, Google Identity
• Collaborate with the network team on ZTNA policy enforcement and Zscaler security configurations
• Contribute to incident response plans, disaster recovery documentation, and security runbooks
• Track and report on key security KPIs including MFA adoption, device compliance rates, open vulnerabilities, and audit findings
• Other related security duties as assigned
• Occasional travel for critical issues or growth
• Being on call rotation

Skills

• 3–5 years of experience in an information security, security analyst, or IT security operations role
• Hands-on experience administering Google Workspace security features (admin console, audit logs, DLP, OAuth app controls)
• Experience with endpoint security platforms; CrowdStrike Falcon preferred, Microsoft Defender for Endpoint also considered
• Familiarity with Microsoft security products including Intune, Microsoft Defender, and Entra ID
• Solid understanding of identity and access management concepts: SSO, MFA, RBAC, least privilege
• Experience conducting access reviews, user provisioning audits, and policy enforcement
• Working knowledge of email security protocols (SPF, DKIM, DMARC) and email threat landscape
• Strong analytical skills with the ability to investigate alerts and identify indicators of compromise
• Excellent written and verbal communication skills; ability to explain security concepts to non-technical users
• Familiarity with HIPAA Security Rule requirements and healthcare data protection obligations
• CrowdStrike certification (CCFA, CCFH, or equivalent) preferred
• Microsoft security certifications (SC-200, MS-500, or equivalent) a strong plus
• Experience with Zscaler ZIA security policy management or cloud-native security platforms
• Familiarity with SIEM platforms and log management tools
• Experience running security awareness programs and phishing simulations (KnowBe4, Proofpoint, or similar)
• Prior experience in healthcare IT security or compliance roles
• Knowledge of NIST CSF or CIS Controls frameworks

Benefits

• Medical, Dental, and Vision Insurance
• 401(k) with Company Match
• Generous Paid Time Off (PTO) + Paid Company Holidays
• Company-Paid Life Insurance
• Short-Term & Long-Term Disability Insurance
• Employee Assistance Program (EAP)
• Career Growth & Development Opportunities
• A collaborative, mission-driven culture focused on delivering exceptional patient care

Company Overview