IS Cybersecurity Specialist
Position Summary
The IS Cybersecurity Specialist is responsible for protecting the confidentiality, integrity, and security of Hamilton Center's information systems and electronic protected health information (ePHI). This position monitors security systems, investigates security events, implements cybersecurity best practices, and assists in maintaining compliance with HIPAA and other applicable regulations. The position requires the ability to work independently with minimal supervision while managing multiple priorities in a rapidly changing technology environment. The Cybersecurity Specialist serves as the organization's technical resource for cybersecurity operations and collaborates with Information Systems staff, vendors, and organizational leadership to reduce risk and improve the overall security posture.
Essential Duties/Responsibilities
- Monitor security tools and platforms including endpoint detection and response (EDR), email security, identity management, vulnerability management, and security information and event management (SIEM) systems.
- Investigate, document, and respond to cybersecurity incidents, alerts, and suspicious activities.
- Coincide containment, eradication, recovery, and post-incident analysis activities when security events occur.
- Perform vulnerability assessments and assist with remediation planning and implementation.
- Aid in developing, implementing, and enforcing Information Systems security policies, standards, and procedures.
- Maintain and review security controls for Microsoft 365, Active Directory, Azure/Entra ID, and other enterprise systems.
- Conduct phishing awareness campaigns and coordinate cybersecurity education and training to employees.
- Aid in risk assessments, third-party security reviews, and internal or external audits.
- Coincide security patch management and verify remediation of identified vulnerabilities.
- Maintain documentation related to security incidents, risk assessments, system configurations, and security procedures.
- Participate in disaster recovery, business continuity, and incident response planning and testing.
- Stay current on emerging cybersecurity threats, vulnerabilities, and industry best practices.
- Participate in on-call support and security incident response activities as required.
- Participate in special projects or activities as assigned.
Minimum Qualifications/Requirements
- Associate or Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field preferred.
- 3-5 years of experience in information technology with emphasis in cybersecurity, systems administration, or network administration preferred.
- Experience with Microsoft Windows Server and workstation operating systems.
- Working knowledge of Microsoft 365, Azure/Entra ID, Active Directory, and Exchange Online.
- Experience with endpoint protection platforms such as CrowdStrike, Microsoft Defender, or equivalent technologies.
- Understanding of network security concepts including TCP/IP, DNS, firewalls, VPNs, and intrusion detection/prevention systems.
- Knowledge of HIPAA Security Rule requirements and healthcare cybersecurity best practices preferred.
- Experience with security frameworks such as NIST Cybersecurity Framework is desirable.
- Excellent analytical, troubleshooting, written, and verbal communication skills.
- Ability to maintain strict confidentiality and exercise sound judgment when handling sensitive information.
- Strong customer service mindset and ability to communicate technical concepts to non-technical users.
- Ability to adapt to evolving technologies and cybersecurity threats while maintaining a proactive approach.