Senior Security Analyst

This is a fully remote position, open to applicants in Ohio.

📋 Description

• Review, investigate, and adjudicate security incidents escalated from the Security Operations Center (SOC), which includes triage, root cause analysis, containment, remediation, and post-incident review while collaborating with the SOC to enhance detection logic, escalation workflows, and operational efficiency.

• Lead the vulnerability management process by identifying vulnerabilities, prioritizing them based on risk, tracking remediation efforts, and providing reports while coordinating penetration testing activities, assisting in remediation efforts, and conducting application security assessments and reviews.

• Collaborate with engineering teams to identify, prioritize, and address security risks in production environments while contributing to secure configuration standards, monitoring coverage, security best practices, and safeguarding AI-enabled workloads.

• Assist in the continuous development of the security program by enhancing security tools, processes, and operational capabilities while suggesting improvements that bolster the organization's overall security posture.

• Ensure thorough and reliable collection of security logs and telemetry into the SIEM while aiding in security data architecture decisions, onboarding new data sources, validating monitoring coverage, and pinpointing visibility gaps across systems and environments.

• Facilitate internal and external audits, including HITRUST, SOC 2, client assessments, and regulatory reviews while managing evidence collection, tracking remediation efforts, conducting third-party risk assessments, maintaining risk registers, and ensuring ongoing audit readiness.

• Develop, analyze, and present security and risk metrics, KPIs, KRIs, dashboards, and executive-level reports that convert technical findings into valuable business insights and support organizational decision-making.

• Collaborate with engineering, infrastructure, operations, compliance, risk management, and business stakeholders to advance security initiatives, policy and control mapping efforts, risk remediation activities, and strategic security projects.

⛳️ Requirements

• Demonstrated experience in Information Security, Cybersecurity, Security Operations, Governance Risk & Compliance (GRC), preferably within the healthcare or TPA sector.

• Practical experience with incident response, vulnerability management, coordination of penetration testing, application security reviews, and security operations processes.

• Familiarity with SIEM platforms such as Splunk, Microsoft Sentinel, Elastic, or other similar security monitoring and analytics technologies.

• Experience in supporting security audits, assessments, and compliance frameworks including HITRUST, SOC 2, NIST, HIPAA, ISO 27001, or other related standards.

• Proven experience in conducting third-party and vendor risk assessments, maintaining risk registers, and supporting enterprise risk management initiatives.

• Strong analytical, reporting, and problem-solving skills with a background in translating technical findings into actionable risk assessments and business recommendations.

• Excellent verbal and written communication skills, with the ability to collaborate effectively with both technical and non-technical teams and present information to executive leadership.

🏝️ Benefits

• Comprehensive health and wellness programs.

• Competitive salary and performance-based bonuses.

• Opportunities for professional development and career advancement.

• Flexible work arrangements and a supportive work environment.