Security Analyst II

KNO2 LLC

Security Analyst II

Job Description

Job Summary:

The Security Analyst will be responsible for implementing maintaining and continuously improving the security posture of our cloud-based health care SaaS platform. The role involves monitoring and analyzing security events ensuring compliance with HIPAA and HITRUST and leveraging expertise in Microsoft M365 Azure Cloudflare and GitHub to protect sensitive patient data. The ideal candidate will have a strong foundation in cybersecurity a comprehensive understanding of cloud environments and hands-on experience implementing compliance frameworks in the healthcare industry.

Key Responsibilities:

Security Monitoring & Incident Response:

1. Continuously monitor security events and alerts across the companys cloud and on-premises environments.

2. Investigate analyze and respond to security incidents in a timely manner to minimize impact.

3. Develop and maintain incident response plans including root cause analysis and remediation strategies.

Cloud Security Management:

Manage security configurations access controls and threat monitoring in Microsoft Azure and Microsoft M365 environments.

1. Oversee the implementation and management of CloudFlare services to protect against external threats such as DDoS attacks and web application vulnerabilities.

2. Ensure that cloud security best practices are adhered to throughout our SaaS solutions.

Compliance & Regulatory Oversight:

1. Ensure that all systems and processes comply with HIPAA and HITRUST standards conducting regular audits and risk assessments.

2. Collaborate with compliance and legal teams to develop internal policies and procedures that support regulatory requirements.

3. Maintain documentation for security controls incident reports and audit trails for review by external regulators.

Development & Operations Security:

1. Review and monitor security configurations and code repositories in Github.

2. Collaborate with development teams to embed security practices (DevSecOps) into the software development lifecycle.

3. Implement automated security testing and continuous monitoring to proactively identify vulnerabilities.

Security Strategy & Continuous Improvement:

1. Develop and update the organizations security strategy to address emerging threats in the evolving healthcare SaaS landscape.

2. Stay current on industry trends best practices and emerging technologies to continuously enhance the organizations security posture.

3. Conduct security awareness training for employees and stakeholders.

Risk Management & Reporting:

1. Perform regular risk assessments vulnerability scans and penetration tests to evaluate the effectiveness of security controls.

2. Report on security incidents compliance metrics and risk assessments to senior management.

3. Collaborate with cross-functional teams to develop mitigation strategies for identified risks.

Qualifications and Skills:

Technical Expertise:

1. Proficiency with Microsoft M365 and Azure including configuration monitoring and incident response.

2. Experience managing and securing CloudFlare or similar CDN and security platforms.

3. Familiarity with Github for code repository management including security practices in version control systems.

4. Hands-on experience with security tools SIEM platforms and vulnerability management solutions.

Compliance & Regulatory:

1. Deep understanding of HIPAA and HITRUST frameworks with experience ensuring technology compliance.

2. Proven track record of performing security audits risk assessments and regulatory compliance reviews in the healthcare sector.

Analytical & Problem-Solving Skills:

1. Strong analytical skills to detect assess and resolve security incidents and vulnerabilities.

2. Excellent problem-solving abilities and the capacity to adapt to emerging cybersecurity challenges.

Communication & Collaboration:

1. Ability to clearly communicate technical security concepts to non-technical stakeholders.

2. Experience collaborating with IT engineering and compliance teams to embed security into business processes.

3. Strong organizational skills and attention to detail in managing security documentation and reports.

Preferred Qualifications:

1. Bachelors degree in Computer Science Information Security or related field.

2. 3-5 years related work experience.

3. Relevant certifications such as Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) or equivalent.

4. Experience in a SaaS environment particularly within the healthcare industry.

5. Demonstrated experience in a DevSecOps environment and familiarity with CI/CD pipelines.