[Remote] Security Analyst
Note: The job is a remote job and is open to candidates in USA. Metro Vein Centers is a rapidly growing healthcare practice specializing in state-of-the-art vein treatments. They are hiring a Security Analyst to own and mature their information security program across a 70+ clinic, cloud-first healthcare environment, focusing on proactive security and HIPAA compliance.ResponsibilitiesMonitor security alerts and events across the environment; investigate, triage, and respond to incidents in a timely mannerAdminister and maintain Google Workspace security controls, including DLP policies, Gmail security settings, Drive sharing policies, and audit log reviewManage endpoint detection and response operationsOversee device compliance policies, conditional access rules, and endpoint security baselinesAdminister and enforce MFA policies and password complexity standards across all user populationsConduct quarterly role-based access audits across critical systems including Athena, Luma, Google Workspace, and BigQueryOwn and maintain least-privilege access model across enterprise applications and identity platformsManage email security controls including phishing protection, spam filtering, and DMARC/DKIM configurationDesign and execute phishing simulation campaigns; deliver user security awareness trainingSupport HIPAA security compliance, including contributing to risk assessments, policy updates, and audit readinessAssist with identity and access management (IAM) administration, including SSO, Google IdentityCollaborate with the network team on ZTNA policy enforcement and Zscaler security configurationsContribute to incident response plans, disaster recovery documentation, and security runbooksTrack and report on key security KPIs including MFA adoption, device compliance rates, open vulnerabilities, and audit findingsOther related security duties as assignedOccasional travel for critical issues or growthBeing on call rotationSkills3–5 years of experience in an information security, security analyst, or IT security operations roleHands-on experience administering Google Workspace security features (admin console, audit logs, DLP, OAuth app controls)Experience with endpoint security platforms; CrowdStrike Falcon preferred, Microsoft Defender for Endpoint also consideredFamiliarity with Microsoft security products including Intune, Microsoft Defender, and Entra IDSolid understanding of identity and access management concepts: SSO, MFA, RBAC, least privilegeExperience conducting access reviews, user provisioning audits, and policy enforcementWorking knowledge of email security protocols (SPF, DKIM, DMARC) and email threat landscapeStrong analytical skills with the ability to investigate alerts and identify indicators of compromiseExcellent written and verbal communication skills; ability to explain security concepts to non-technical usersFamiliarity with HIPAA Security Rule requirements and healthcare data protection obligationsCrowdStrike certification (CCFA, CCFH, or equivalent) preferredMicrosoft security certifications (SC-200, MS-500, or equivalent) a strong plusExperience with Zscaler ZIA security policy management or cloud-native security platformsFamiliarity with SIEM platforms and log management toolsExperience running security awareness programs and phishing simulations (KnowBe4, Proofpoint, or similar)Prior experience in healthcare IT security or compliance rolesKnowledge of NIST CSF or CIS Controls frameworksBenefitsMedical, Dental, and Vision Insurance401(k) with Company MatchGenerous Paid Time Off (PTO) + Paid Company HolidaysCompany-Paid Life InsuranceShort-Term & Long-Term Disability InsuranceEmployee Assistance Program (EAP)Career Growth & Development OpportunitiesA collaborative, mission-driven culture focused on delivering exceptional patient careCompany OverviewMetro Vein Centers offers varicose vein treatment that includes vascular surgery, radiofrequency ablation and laser treatment services. It was founded in 2008, and is headquartered in New York, New York, USA, with a workforce of 501-1000 employees. Its website is https://www.metroveincenters.com/.