Jobs · Information Technology · New York

Security Analyst

Spectrum Health & Human Services · Orchard Park, NY · 4 wk ago
On-siteInformation Technology$68k–$85k/yrFull-time

Major Duties and Responsibilities

  • Monitor security alerts, logs, and events from systems such as SIEM, EDR, firewalls, email security, and vulnerability management tools.
  • Investigate and respond to potential security incidents, escalating issues as appropriate.
  • Support incident response activities, including documentation, evidence collection, root cause analysis, and remediation tracking.
  • Aid in vulnerability scanning, risk assessment, patch validation, and security control testing.
  • Help maintain compliance with HIPAA, HITECH, HITRUST, NIST, and internal security policies.
  • Review access controls and support identity and access management processes.
  • Partner with IT, compliance, legal, and clinical teams to identify and reduce security risks.
  • Aid in developing and maintaining security policies, procedures, standards, and awareness materials.
  • Support phishing investigations, security awareness campaigns, and user education efforts.
  • Prepare reports and metrics related to threats, vulnerabilities, incidents, and compliance activities.
  • Stay current on emerging cybersecurity threats, especially those affecting healthcare organizations.

Security Monitoring and Incident Response Tools

  • SIEM platforms such as Splunk, Microsoft Sentinel, or QRadar;
  • EDR/XDR tools such as CrowdStrike, Microsoft Defender for Endpoint, SentinelOne, or Carbon Black;
  • IDS/IPS;
  • SOAR workflows;
  • case management or ticketing systems such as ServiceNow or Jira.

Network and Infrastructure Security

  • Firewalls;
  • VPNs;
  • secure web gateways;
  • DNS filtering;
  • email security gateways;
  • vulnerability scanners;
  • endpoint hardening;
  • Active Directory;
  • Windows and Linux systems;
  • basic TCP/IP, routing, and network troubleshooting.

Cloud and SaaS Security

  • Azure, AWS, or Google Cloud security controls;
  • Microsoft 365 security and compliance tools;
  • identity providers;
  • MFA;
  • conditional access;
  • cloud logging;
  • secure configuration reviews.

Healthcare Security Environment

  • HIPAA-regulated data;
  • electronic health record platforms;
  • clinical applications;
  • medical device networks;
  • third-party vendor access;
  • protection of protected health information across clinical and administrative workflows.

Hands-on Security Operations

  • alert triage;
  • log analysis;
  • phishing investigation;
  • malware containment;
  • account compromise investigation;
  • vulnerability validation;
  • threat hunting;
  • evidence collection;
  • remediation follow-up.

Core Competencies

  • Hands-on threat detection and alert triage using SIEM, EDR/XDR, firewall, identity, endpoint, email, and cloud logs.
  • Practical incident response experience, including containment, eradication, recovery coordination, root cause analysis, and post-incident documentation.
  • Ability to investigate phishing, malware, suspicious authentication activity, data loss indicators, endpoint anomalies, and network-based threats.
  • Working knowledge of vulnerability management, including scan review, risk prioritization, remediation tracking, patch validation, and exception documentation.
  • Strong understanding of identity and access controls, including Active Directory, role-based access, privileged access, MFA, conditional access, and access reviews.
  • Experience translating technical findings into clear risk statements, executive summaries, tickets, and remediation plans for IT, compliance, and clinical stakeholders.
  • Ability to work independently during investigations while collaborating with infrastructure, application, compliance, privacy, and vendor teams.
  • Sound judgment when handling protected health information, sensitive security data, and time-sensitive incidents in a regulated healthcare environment.

Education Requirements

  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field, or equivalent experience.

Experience

  • 3 - 5+ years of experience in cybersecurity, information security, IT risk, or security operations.
  • Familiarity with security tools such as SIEM, EDR/XDR, vulnerability scanners, firewalls, IDS/IPS, ethical hacking techniques, and ticketing systems.
  • 3- 5+ years of experience and understanding of cybersecurity concepts, including threat detection, incident response, vulnerability management, network security, and access control.
  • Knowledge of HIPAA, healthcare privacy/security requirements, or other regulated environments.
  • Strong analytical, troubleshooting, and documentation skills.
  • Ability to communicate security risks clearly to technical and non-technical stakeholders.

Preferred Qualifications

  • Experience working in a healthcare, clinical, and remote office environment.
  • Familiarity with frameworks such as NIST CSF, NIST 800-53, ISO 27001, CIS Controls, or HITRUST.
  • Certifications such as Security+, CySA+, SSCP, GSEC, CEH, and similar.
  • Experience with cloud security concepts across AWS, Azure, or Google Cloud.
  • Experience supporting audits, risk assessments, or third-party vendor security reviews.
  • Familiarity with electronic health record systems, medical device security, or healthcare IT environments.

Compensation

$68,000- $85,000/ annually

Similar jobs

Security Analyst

Boutique RecruitingUnited States· 4 days ago
RemoteInformation Technology$70k–$90k/yrapply on jobs.boutiquerecruiting.com

Security Analyst

Surgical Information SystemsUnited States· 5 days ago
RemoteInformation Technologyapply on recruiting.ultipro.com

Security Analyst

ECLAROArlington, TX· 3 wk ago
Information Technology$55–$60/hrapply on www2.jobdiva.com

Security Analyst

WHOOPBoston, MA· 2 wk ago
Information Technology$70k–$110k/yrapply on jobs.lever.co

Security Analyst

AmentumChantilly, VA· 2 wk ago
Information Technology$85k/yrapply on amentumcareers.com

Security Analyst

K L McKinney ConsultingHouston, TX· 3 wk ago
Information Technology$110k–$130k/yrapply on jobvertise.com