HopeHealth, Inc.
About The Role
The Cyber Security Analyst plays a critical role in protecting HopeHealth’s information systems, patient data, and network infrastructure. This position supports daily monitoring, analysis, and improvement of security controls across all HopeHealth environments. The analyst will respond to cyber threats, perform vulnerability assessments, enforce security policies, and ensure compliance with HIPAA, HRSA, 340B program standards, and industry security frameworks applicable to Federally Qualified Health Centers (FQHCs).
Required Qualifications
Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field (or equivalent experience).
Minimum 3-4 years of hands‑on cybersecurity experience, preferably in healthcare or another regulated industry.
Strong understanding of:
Networking (TCP/IP, VLANs, DNS, VPNs, routing/switching)
Firewalls, IDS/IPS, SIEM tools
Endpoint security, email security, and identity management
Experience with vulnerability management tools (e.g., Tenable, Qualys, etc.).
Working knowledge of HIPAA, NIST CSF, CIS Controls, and incident response frameworks.
Ability to develop and maintain technical documentation and policy materials.
Strong analytical thinking, problem‑solving, and communication skills.
Preferred Qualifications
Experience in an FQHC or healthcare environment.
Certifications such as Security+, CySA+, CEH, CCNA, GSEC, or equivalent.
Experience with cloud security (Office 365, Azure, AWS).
Knowledge of MDR/XDR tools and threat intelligence platforms.
Familiarity with PCI DSS, SOC 2, and 340B compliance requirements.
Security Monitoring & Incident Response
Monitor HopeHealth’s SIEM, EDR, firewall logs, and intrusion detection systems for anomalies.
Perform triage, investigation, and remediation for security alerts and incidents.
Document findings and generate incident reports with recommendations for corrective action.
Assist with forensic analysis of compromised systems when necessary.
Vulnerability Management
Conduct scheduled vulnerability scans across servers, workstations, cloud services, and medical devices.
Prioritize and track remediation in coordination with IT Infrastructure teams.
Validate the effectiveness of patches and configuration changes.
Network & System Security
Implement and maintain secure network configurations across routers, switches, firewalls, and wireless access points.
Support segmentation projects, VPN management, zero‑trust architecture enhancements, and MFA enforcement.
Evaluate new technologies for security risks and recommend secure implementation strategies.
Policy, Governance & Compliance
Assist in writing, updating, and enforcing cybersecurity policies, standards, and procedures.
Support HIPAA Security Rule audits, HRSA OSV readiness, and annual risk assessments.
Maintain documentation required for compliance with 340B program integrity regarding system access and data safeguards.
User Security Awareness & Training
Provide training and support to staff on phishing prevention, secure workflows, and incident reporting.
Assist in managing simulated phishing campaigns and tracking user performance metrics.
Collaborate with HR and Compliance on onboarding/offboarding security processes.
Access & Identity Management
Support IAM processes (provisioning, deprovisioning, access reviews).
Maintain privilege management policies and review elevated access usage.
Ensure alignment with least‑privilege principles across all departments.
Project Support & Continuous Improvement
Assist with security architecture improvements, cloud migrations, and infrastructure upgrades.
Participate in disaster recovery planning, business continuity exercises, and tabletop simulations.
Recommend new security controls or technology enhancements to reduce organizational risk.
Core Competencies
High level of confidentiality and ethical judgment.
Ability to collaborate with clinical, administrative, and technical teams.
Strong time‑management, prioritization, and multitasking abilities.
Commitment to continuous learning in a rapidly evolving cyber threat landscape.
Skills The required skills such as Nessus and Splunk are utilized daily to perform vulnerability assessments and monitor security events, enabling timely detection and mitigation of threats. Systems security knowledge and security architecture expertise guide the design and implementation of robust security frameworks that protect organizational assets. Incident response skills are critical for investigating and managing security breaches, minimizing impact, and restoring normal operations swiftly. Developing and enforcing security policies ensures compliance and promotes a culture of security awareness across the organization. Preferred skills like professional certifications and cloud security experience enhance the analyst’s ability to address complex security challenges and adapt to evolving technology landscapes.
Physical Requirements Hearing: Adequate to perform job duties in person and over the telephone. Speaking: Must be able to communicate clearly to patients in person and over the telephone. Vision: Visual acuity adequately to perform job duties, including reading information from printed sources and computer screens. Other: Requires occasional lifting and carrying items weighing up to 10 pounds unassisted in normal daily activities and up to 30 lbs. for other required work activities. Additionally, requires frequent bending, reaching, and repetitive hand movements (especially if keyboarding and writing), standing, walking, squatting, and sitting, with some lifting, pushing and pulling exerted regularly throughout a regular work shift.
Seniority level
Mid‑Senior level
Employment type
Full‑time
Job function
Information Technology
Industries
Hospitals and Health Care
#J-18808-Ljbffr
Required Qualifications
Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field (or equivalent experience).
Minimum 3-4 years of hands‑on cybersecurity experience, preferably in healthcare or another regulated industry.
Strong understanding of:
Networking (TCP/IP, VLANs, DNS, VPNs, routing/switching)
Firewalls, IDS/IPS, SIEM tools
Endpoint security, email security, and identity management
Experience with vulnerability management tools (e.g., Tenable, Qualys, etc.).
Working knowledge of HIPAA, NIST CSF, CIS Controls, and incident response frameworks.
Ability to develop and maintain technical documentation and policy materials.
Strong analytical thinking, problem‑solving, and communication skills.
Preferred Qualifications
Experience in an FQHC or healthcare environment.
Certifications such as Security+, CySA+, CEH, CCNA, GSEC, or equivalent.
Experience with cloud security (Office 365, Azure, AWS).
Knowledge of MDR/XDR tools and threat intelligence platforms.
Familiarity with PCI DSS, SOC 2, and 340B compliance requirements.
Security Monitoring & Incident Response
Monitor HopeHealth’s SIEM, EDR, firewall logs, and intrusion detection systems for anomalies.
Perform triage, investigation, and remediation for security alerts and incidents.
Document findings and generate incident reports with recommendations for corrective action.
Assist with forensic analysis of compromised systems when necessary.
Vulnerability Management
Conduct scheduled vulnerability scans across servers, workstations, cloud services, and medical devices.
Prioritize and track remediation in coordination with IT Infrastructure teams.
Validate the effectiveness of patches and configuration changes.
Network & System Security
Implement and maintain secure network configurations across routers, switches, firewalls, and wireless access points.
Support segmentation projects, VPN management, zero‑trust architecture enhancements, and MFA enforcement.
Evaluate new technologies for security risks and recommend secure implementation strategies.
Policy, Governance & Compliance
Assist in writing, updating, and enforcing cybersecurity policies, standards, and procedures.
Support HIPAA Security Rule audits, HRSA OSV readiness, and annual risk assessments.
Maintain documentation required for compliance with 340B program integrity regarding system access and data safeguards.
User Security Awareness & Training
Provide training and support to staff on phishing prevention, secure workflows, and incident reporting.
Assist in managing simulated phishing campaigns and tracking user performance metrics.
Collaborate with HR and Compliance on onboarding/offboarding security processes.
Access & Identity Management
Support IAM processes (provisioning, deprovisioning, access reviews).
Maintain privilege management policies and review elevated access usage.
Ensure alignment with least‑privilege principles across all departments.
Project Support & Continuous Improvement
Assist with security architecture improvements, cloud migrations, and infrastructure upgrades.
Participate in disaster recovery planning, business continuity exercises, and tabletop simulations.
Recommend new security controls or technology enhancements to reduce organizational risk.
Core Competencies
High level of confidentiality and ethical judgment.
Ability to collaborate with clinical, administrative, and technical teams.
Strong time‑management, prioritization, and multitasking abilities.
Commitment to continuous learning in a rapidly evolving cyber threat landscape.
Skills The required skills such as Nessus and Splunk are utilized daily to perform vulnerability assessments and monitor security events, enabling timely detection and mitigation of threats. Systems security knowledge and security architecture expertise guide the design and implementation of robust security frameworks that protect organizational assets. Incident response skills are critical for investigating and managing security breaches, minimizing impact, and restoring normal operations swiftly. Developing and enforcing security policies ensures compliance and promotes a culture of security awareness across the organization. Preferred skills like professional certifications and cloud security experience enhance the analyst’s ability to address complex security challenges and adapt to evolving technology landscapes.
Physical Requirements Hearing: Adequate to perform job duties in person and over the telephone. Speaking: Must be able to communicate clearly to patients in person and over the telephone. Vision: Visual acuity adequately to perform job duties, including reading information from printed sources and computer screens. Other: Requires occasional lifting and carrying items weighing up to 10 pounds unassisted in normal daily activities and up to 30 lbs. for other required work activities. Additionally, requires frequent bending, reaching, and repetitive hand movements (especially if keyboarding and writing), standing, walking, squatting, and sitting, with some lifting, pushing and pulling exerted regularly throughout a regular work shift.
Seniority level
Mid‑Senior level
Employment type
Full‑time
Job function
Information Technology
Industries
Hospitals and Health Care
#J-18808-Ljbffr