Security Analyst

About the Role

Metro Vein Centers is hiring a Security Analyst to own and mature our information security program across a 70+ clinic, cloud-first healthcare environment. This is a newly created role that reflects our commitment to proactive security, HIPAA compliance, and a zero trust approach to identity and access management.

You will be responsible for day-to-day security operations, including alert monitoring, access reviews, endpoint security, email security, MDM policy enforcement, MFA administration, phishing simulation programs, and more. The ideal candidate is both technically proficient and operationally focused, with the ability to drive security initiatives while partnering with clinical and corporate teams.

What You'll Do

• Monitor security alerts and events across the environment; investigate, triage, and respond to incidents in a timely manner
• Administer and maintain Google Workspace security controls, including DLP policies, Gmail security settings, Drive sharing policies, and audit log review
• Manage endpoint detection and response operations
• Oversee device compliance policies, conditional access rules, and endpoint security baselines
• Administer and enforce MFA policies and password complexity standards across all user populations
• Conduct quarterly role-based access audits across critical systems including Athena, Luma, Google Workspace, and BigQuery
• Own and maintain least-privilege access model across enterprise applications and identity platforms
• Manage email security controls including phishing protection, spam filtering, and DMARC/DKIM configuration
• Design and execute phishing simulation campaigns; deliver user security awareness training
• Support HIPAA security compliance, including contributing to risk assessments, policy updates, and audit readiness
• Assist with identity and access management (IAM) administration, including SSO, Google Identity
• Collaborate with the network team on ZTNA policy enforcement and Zscaler security configurations
• Contribute to incident response plans, disaster recovery documentation, and security runbooks
• Track and report on key security KPIs including MFA adoption, device compliance rates, open vulnerabilities, and audit findings
• Other related security duties as assigned
• Occasional travel for critical issues or growth
• Being on call rotation

What You'll Bring

• 3–5 years of experience in an information security, security analyst, or IT security operations role
• Hands-on experience administering Google Workspace security features (admin console, audit logs, DLP, OAuth app controls)
• Experience with endpoint security platforms; CrowdStrike Falcon preferred, Microsoft Defender for Endpoint also considered
• Familiarity with Microsoft security products including Intune, Microsoft Defender, and Entra ID
• Solid understanding of identity and access management concepts: SSO, MFA, RBAC, least privilege
• Experience conducting access reviews, user provisioning audits, and policy enforcement
• Working knowledge of email security protocols (SPF, DKIM, DMARC) and email threat landscape
• Strong analytical skills with the ability to investigate alerts and identify indicators of compromise
• Excellent written and verbal communication skills; ability to explain security concepts to non-technical users
• Familiarity with HIPAA Security Rule requirements and healthcare data protection obligations

Preferred Skills

• CrowdStrike certification (CCFA, CCFH, or equivalent) preferred
• Microsoft security certifications (SC-200, MS-500, or equivalent) a strong plus
• Experience with Zscaler ZIA security policy management or cloud-native security platforms
• Familiarity with SIEM platforms and log management tools
• Experience running security awareness programs and phishing simulations (KnowBe4, Proofpoint, or similar)
• Prior experience in healthcare IT security or compliance roles
• Knowledge of NIST CSF or CIS Controls frameworks

Benefits to Support Your Wellbeing & Lifestyle

Full-time team members at Metro Vein Centers are eligible for:

• Medical, Dental, and Vision Insurance
• 401(k) with Company Match
• Generous Paid Time Off (PTO) + Paid Company Holidays
• Company-Paid Life Insurance
• Short-Term & Long-Term Disability Insurance
• Employee Assistance Program (EAP)
• Career Growth & Development Opportunities
• A collaborative, mission-driven culture focused on delivering exceptional patient care