Job Summary:
We are seeking a detail-oriented and experienced Security Analyst to join our Information Security team. The ideal candidate will be responsible for identifying, evaluating, and addressing security findings, managing HIPAA compliance requirements, and leading incident response activities. This position requires hands-on experience with tools such as Qualys and a strong understanding of HIPAA regulations and incident reporting protocols.
Must live with proximity to Rockville, MD.
Key Responsibilities:
- Security Findings Management:
- Analyze and respond to security findings from vulnerability management tools such as Qualys.
- Work with IT and application teams to validate, prioritize, and remediate vulnerabilities.
- Track and report remediation progress and validate closure.
- Compliance & Risk Management:
- Conduct periodic compliance checks to ensure adherence to HIPAA, HITRUST, and other regulatory frameworks.
- Maintain and update security policies and procedures to align with compliance requirements.
- Support audits and assessments by providing required documentation and evidence.
- HIPAA Incident Response:
- Lead investigations into potential HIPAA violations and security incidents involving protected health information (PHI).
- Document incidents, assess risk, determine reportability, and coordinate response efforts.
- Prepare incident reports in compliance with HIPAA Breach Notification Rule.
- Reporting & Documentation:
- Create clear, concise, and actionable security reports for technical and non-technical stakeholders.
- Maintain logs, reports, and documentation of all compliance and incident activities.
- Collaboration & Support:
- Collaborate with cross-functional teams including legal, compliance, and IT to ensure security and privacy alignment.
- Provide guidance and training on security best practices and HIPAA compliance.
Qualifications:
- Bachelor's degree in Information Security, Computer Science, or related field (or equivalent experience)
- 3+ years of experience in a Security Analyst or related role
- Proven experience with Qualys or other vulnerability scanning tools
- Strong knowledge of HIPAA Security and Privacy Rules
- Experience in security incident response and investigation
- Familiarity with regulatory standards such as NIST, HITRUST, or ISO 27001 is a plus
- Excellent analytical, communication, and documentation skills
- Relevant certifications such as CISSP, HCISPP, CEH, or Security+ are desirable
Preferred Skills:
- Experience with SIEM tools and log analysis
- Understanding of cloud security (e.g., AWS, Azure)
- Knowledge of data loss prevention (DLP) and endpoint protection solutions