Cyber Security Analyst

About The Role

The Cyber Security Analyst plays a critical role in protecting Hope Health’s information systems, patient data, and network infrastructure. This position supports daily monitoring, analysis, and improvement of security controls across all Hope Health environments. The analyst will respond to cyber threats, perform vulnerability assessments, enforce security policies, and ensure compliance with HIPAA, HRSA, 340B program standards, and industry security frameworks applicable to Federally Qualified Health Centers (FQHCs).

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field (or equivalent experience).
• Minimum 3-4 years of hands‑on cybersecurity experience, preferably in healthcare or another regulated industry.
• Strong understanding of:
  • Networking (TCP/IP, VLANs, DNS, VPNs, routing/switching)
  • Firewalls, IDS/IPS, SIEM tools
  • Endpoint security, email security, and identity management
• Experience with vulnerability management tools (e.g., Tenable, Qualys, etc.).
• Working knowledge of HIPAA, NIST CSF, CIS Controls, and incident response frameworks.
• Ability to develop and maintain technical documentation and policy materials.
• Strong analytical thinking, problem‑solving, and communication skills.

• Experience in an FQHC or healthcare environment.
• Certifications such as Security+, CySA+, CEH, CCNA, GSEC, or equivalent.
• Experience with cloud security (Office 365, Azure, AWS).
• Knowledge of MDR/XDR tools and threat intelligence platforms.
• Familiarity with PCI DSS, SOC 2, and 340B compliance requirements.

• Monitor Hope Health’s SIEM, EDR, firewall logs, and intrusion detection systems for anomalies.
• Perform triage, investigation, and remediation for security alerts and incidents.
• Document findings and generate incident reports with recommendations for corrective action.
• Assist with forensic analysis of compromised systems when necessary.

• Conduct scheduled vulnerability scans across servers, workstations, cloud services, and medical devices.
• Prioritize and track remediation in coordination with IT Infrastructure teams.
• Validate the effectiveness of patches and configuration changes.

• Implement and maintain secure network configurations across routers, switches, firewalls, and wireless access points.
• Support segmentation projects, VPN management, zero‑trust architecture enhancements, and MFA enforcement.
• Evaluate new technologies for security risks and recommend secure implementation strategies.

• Assist in writing, updating, and enforcing cybersecurity policies, standards, and procedures.
• Support HIPAA Security Rule audits, HRSA OSV readiness, and annual risk assessments.
• Maintain documentation required for compliance with 340B program integrity regarding system access and data safeguards.

• Provide training and support to staff on phishing prevention, secure workflows, and incident reporting.
• Assist in managing simulated phishing campaigns and tracking user performance metrics.
• Collaborate with HR and Compliance on onboarding/offboarding security processes.

• Support IAM processes (provisioning, deprovisioning, access reviews).
• Maintain privilege management policies and review elevated access usage.
• Ensure alignment with least‑privilege principles across all departments.

• Assist with security architecture improvements, cloud migrations, and infrastructure upgrades.
• Participate in disaster recovery planning, business continuity exercises, and tabletop simulations.
• Recommend new security controls or technology enhancements to reduce organizational risk.

• High level of confidentiality and ethical judgment.
• Ability to collaborate with clinical, administrative, and technical teams.
• Strong time‑management, prioritization, and multitasking abilities.
• Commitment to continuous learning in a rapidly evolving cyber threat landscape.

The required skills such as Nessus and Splunk are utilized daily to perform vulnerability…