Cybersecurity Analyst

What You'll Do

Identity & Access Security

• Manage and refine Conditional Access policies across Entra ID
• Administer Privileged Identity Management (PIM) and enforce least-privilege
• Monitor and respond to identity-based threats (token theft, MFA bypass, impossible travel)
• Drive adoption of phishing-resistant MFA (FIDO2/passkeys, Windows Hello for Business, certificate-based auth) and deploy token-theft protections — token protection, Continuous Access Evaluation, and sign-in risk-based Conditional Access
• Ability to conduct quarterly tabletop exercises for anticipation of threats and corrective action plans.
• Conduct regular entitlement reviews and clean up stale access

Email & Messaging Security

• Harden Exchange Online Protection: Safe Links, Safe Attachments, anti-phishing policies, quarantine management
• Own email authentication: configure and maintain SPF, DKIM, and DMARC records in DNS, monitor DMARC aggregate reports for spoofing and broken senders, and drive the domain to enforcement (p=reject)
• Strengthen mail transport and anti-spoofing posture (MTA-STS, TLS-RPT, ARC), and enable BIMI once DMARC is at enforcement
• Investigate and respond to BEC, phishing, and account compromise incidents
• Own the user phishing-reporting workflow (Report Phishing button, submissions triage) and rapid email remediation — ZAP and tenant-wide message purge — with a target time-to-contain for reported messages
• Design and execute simulated phishing campaigns to measure and improve user resilience
• Run the security awareness and human-risk program (Attack Simulation Training, onboarding and recurring training, just-in-time coaching, targeted remediation for repeat clickers) and report on click-rate and report-rate trends over time

Threat Detection & Response

• Write and tune KQL queries in Microsoft Defender Advanced Hunting
• Triage Defender alerts, investigate incidents end-to-end, and document findings
• Coordinate with our MDR provider on endpoint detections
• Own the incident response lifecycle from detection through remediation and lessons learned

Data Protection & Compliance

• Implement Microsoft Purview information protection labels, DLP policies, and retention rules
• Collect and maintain evidence for HIPAA compliance assessments and SOC 2 readiness
• Support cyber insurance renewals with accurate risk documentation

Security Posture & Partnership

• Work with our external Microsoft security partner to execute posture improvement roadmaps
• Track and improve Microsoft Secure Score across identity, devices, apps, and data
• Own the security workstream during M&A integrations (approximately one acquisition per quarter)
• Evaluate and recommend security tooling additions as the program matures

What We're Looking For

Required

• 3+ years in a hands-on security operations, security engineering, or security analyst role
• Deep working knowledge of Microsoft 365 security stack: Defender for Office 365, Entra ID, Conditional Access, Intune
• Experience investigating and remediating email compromise, phishing, and identity-based attacks
• Hands-on experience with email authentication (SPF, DKIM, DMARC) and Exchange Online Protection / Defender for Office 365
• Proficiency with KQL for threat hunting and log analysis
• Understanding of HIPAA security requirements and how they translate to technical controls
• Ability to work independently and prioritize in a fast-moving environment with minimal bureaucracy

Preferred

• Healthcare industry experience
• Experience with Microsoft Purview (Information Protection, DLP, eDiscovery)
• Familiarity with SentinelOne or similar EDR platforms
• Experience supporting M&A security integration or due diligence
• Comfort with AI-assisted security workflows
• Certifications: Security+, CISSP, SC-200, SC-300, or SC-400

What You Won't Be Doing

• Managing on-premises infrastructure (we have none)
• Writing policies in isolation without implementing them
• Sitting in a SOC watching a SIEM all day (our MDR handles tier-1 monitoring)

Why This Role Matters

We've invested heavily in improving our security posture over the past six months and need a dedicated person to sustain that momentum, own the day-to-day, and build toward a mature security program. You'll have budget, executive support, and a strong external partner. What we need is someone who will take ownership.

Pay Rate: $115,000- $135,000