Security Analyst

Job description

About Us

At SimplePractice, our team is dedicated to improving the health and wellness industry by building a suite of innovative solutions for practitioners and their clients. Our product supports practitioners on their clinical journey to becoming licensed, helps them manage their business and practice once they’re up and running, and enables new clients to discover and interact with practitioners. Taking a practitioner-first approach in everything we do makes it possible for health and wellness practitioners to devote more time to their clients while they use SimplePractice to start, grow, and maintain a successful private practice.

The Role

SimplePractice is seeking a detail-oriented and proactive Security Analyst to join our growing security team. This role is pivotal in safeguarding our AWS-hosted healthcare SaaS platform, ensuring the confidentiality, integrity, and availability of sensitive health data. The ideal candidate will possess a strong background in defensive security operations, regulatory compliance, and risk management, contributing to our mission of delivering secure and reliable healthcare solutions.​

Responsibilities

• Blue Team Operations & Incident Response

  • Monitor security alerts and respond to incidents, conducting root cause analyses and implementing corrective actions
  • Collaborate with the security team to develop and refine incident response plans and playbooks
  • Utilize Security Information and Event Management (SIEM) tools to detect and analyze potential threats
  • Perform regular vulnerability assessments and coordinate remediation efforts with relevant teams
  • Conduct threat hunting activities to proactively identify and mitigate potential security risks.

• Governance, Risk, and Compliance (GRC)

  • Develop, implement, and maintain security policies, standards, and procedures in alignment with industry regulations such as HIPAA, HITRUST, and PCI
  • Conduct risk assessments to identify vulnerabilities and ensure appropriate controls are in place
  • Collaborate with internal stakeholders to ensure compliance with regulatory requirements and internal policies
  • Assist in the preparation and management of documentation for internal and external audits, including evidence collection and control mapping

• Third-Party Risk Management

  • Assess and monitor third-party vendors to ensure they meet security and compliance requirements
  • Work closely with procurement and legal teams to incorporate security considerations into vendor contracts
  • Maintain an up-to-date inventory of third-party vendors and their associated risk profiles
  • Utilize security ratings services to continuously evaluate the security posture of third-party vendors

• Security Awareness & Training

  • Develop and deliver security awareness training programs to educate employees on security best practices and policies
  • Promote a culture of security awareness throughout the organization.

• Security Monitoring & Reporting

  • Generate regular reports on security metrics, incidents, and compliance status for management review

  Stay informed about emerging threats and vulnerabilities, recommending proactive measures to mitigate risks.

Desired Skills & Experience

• Bachelor’s degree in Information Security, Computer Science, or a related field
• Minimum of 3 years of experience in security analysis, GRC, or related roles within a cloud-based environment
• Proficiency in using SIEM tools and conducting security investigations
• Familiarity with regulatory frameworks such as HIPAA, HITRUST, and PCI
• Experience with risk assessment methodologies and tools
• Understanding of AWS security best practices and Infrastructure as Code (IaC) principles
• Knowledge of vulnerability assessment tools and threat intelligence platforms.
• Strong analytical and problem-solving abilities
• Excellent communication skills, capable of articulating complex security concepts to technical and non-technical stakeholders
• Proven ability to work collaboratively in cross-functional teams and adapt to a fast-paced, agile environment.​

Bonus Points

• Relevant certifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC) are highly desirable.​

Base Compensation Range

$80,000 - $100,000 annually

Base salary is one component of total compensation. Employees may also be eligible for an annual bonus or commission. Some roles may also be eligible for overtime pay.

The above represents the expected base compensation range for this job requisition. Ultimately, in determining your pay, we’ll consider many factors including, but not limited to, skills, experience, qualifications, geographic location, and other job-related factors.

Benefits

We offer a competitive benefits program including:

• Medical, dental, vision, life & disability insurance
• 401(k) plan with company match
• Flexible Time Off (FTO), wellbeing days, paid holidays, and summer Fridays
• Mental health resources
• Paid parental leave & Backup Care
• Tuition reimbursement
• Employee Resource Groups (ERGs)

California Job Applicant Privacy Notice

Thank you for your interest in opportunities at SimplePractice LLC (“SimplePractice” or “us” or “we” or “our”). Please note that when you submit your resume or application materials to us for employment purposes, you are subject to the SimplePractice California Job Applicant Privacy Notice.

For more information about our privacy practices, please contact us at [email protected].