Security Analyst

Summary

Join SimplePractice's growing security team as a detail-oriented and proactive Security Analyst. This pivotal role focuses on safeguarding our AWS-hosted healthcare SaaS platform, ensuring data confidentiality, integrity, and availability. You will contribute to our mission of delivering secure and reliable healthcare solutions by performing blue team operations, incident response, and GRC tasks. The position also involves third-party risk management and security awareness training. You will generate regular security reports and stay informed about emerging threats. This role requires strong analytical and problem-solving skills, excellent communication, and collaboration within cross-functional teams.

Requirements

• Bachelor’s degree in Information Security, Computer Science, or a related field
• Minimum of 3 years of experience in security analysis, GRC, or related roles within a cloud-based environment
• Proficiency in using SIEM tools and conducting security investigations
• Familiarity with regulatory frameworks such as HIPAA, HITRUST, and PCI
• Experience with risk assessment methodologies and tools
• Understanding of AWS security best practices and Infrastructure as Code (IaC) principles
• Knowledge of vulnerability assessment tools and threat intelligence platforms
• Strong analytical and problem-solving abilities
• Excellent communication skills, capable of articulating complex security concepts to technical and non-technical stakeholders
• Proven ability to work collaboratively in cross-functional teams and adapt to a fast-paced, agile environment

Responsibilities

• Monitor security alerts and respond to incidents, conducting root cause analyses and implementing corrective actions
• Collaborate with the security team to develop and refine incident response plans and playbooks
• Utilize Security Information and Event Management (SIEM) tools to detect and analyze potential threats
• Perform regular vulnerability assessments and coordinate remediation efforts with relevant teams
• Conduct threat hunting activities to proactively identify and mitigate potential security risks
• Develop, implement, and maintain security policies, standards, and procedures in alignment with industry regulations such as HIPAA, HITRUST, and PCI
• Conduct risk assessments to identify vulnerabilities and ensure appropriate controls are in place
• Collaborate with internal stakeholders to ensure compliance with regulatory requirements and internal policies
• Assist in the preparation and management of documentation for internal and external audits, including evidence collection and control mapping
• Assess and monitor third-party vendors to ensure they meet security and compliance requirements
• Work closely with procurement and legal teams to incorporate security considerations into vendor contracts
• Maintain an up-to-date inventory of third-party vendors and their associated risk profiles
• Utilize security ratings services to continuously evaluate the security posture of third-party vendors
• Develop and deliver security awareness training programs to educate employees on security best practices and policies
• Promote a culture of security awareness throughout the organization
• Generate regular reports on security metrics, incidents, and compliance status for management review
• Stay informed about emerging threats and vulnerabilities, recommending proactive measures to mitigate risks

Preferred Qualifications

Relevant certifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC) are highly desirable

Benefits

• Medical, dental, vision, life & disability insurance
• 401(k) plan with company match
• Flexible Time Off (FTO), wellbeing days, paid holidays, and summer Fridays
• Mental health resources
• Paid parental leave & Backup Care
• Tuition reimbursement
• Employee Resource Groups (ERGs)