Security Analyst

Metro Vein Centers is a rapidly growing healthcare practice specializing in state-of-the-art vein treatments. Our board-certified physicians and expert staff are on a mission to improve people’s quality of life by relieving the painful, yet highly treatable symptoms of vein disease—such as varicose veins and heavy, aching legs. With over 70 clinics across 8 states , and still growing, we’re building the future of vein care—delivering compassionate, results-driven care in a modern, patient-first environment. We proudly maintain a Net Promoter Score (NPS) of 93 , the highest patient satisfaction in the industry. About the Role Metro Vein Centers is hiring a Security Analyst to own and mature our information security program across a 70+ clinic, cloud-first healthcare environment. This is a newly created role that reflects our commitment to proactive security, HIPAA compliance, and a zero trust approach to identity and access management. You will be responsible for day-to-day security operations, including alert monitoring, access reviews, endpoint security, email security, MDM policy enforcement, MFA administration, phishing simulation programs, and more. The ideal candidate is both technically proficient and operationally focused, with the ability to drive security initiatives while partnering with clinical and corporate teams. What You'll Do Monitor security alerts and events across the environment; investigate, triage, and respond to incidents in a timely manner Administer and maintain Google Workspace security controls, including DLP policies, Gmail security settings, Drive sharing policies, and audit log review Manage endpoint detection and response operations Oversee device compliance policies, conditional access rules, and endpoint security baselines Administer and enforce MFA policies and password complexity standards across all user populations Conduct quarterly role-based access audits across critical systems including Athena, Luma, Google Workspace, and BigQuery Own and maintain least-privilege access model across enterprise applications and identity platforms Manage email security controls including phishing protection, spam filtering, and DMARC/DKIM configuration Design and execute phishing simulation campaigns; deliver user security awareness training Support HIPAA security compliance, including contributing to risk assessments, policy updates, and audit readiness Assist with identity and access management (IAM) administration, including SSO, Google Identity Collaborate with the network team on ZTNA policy enforcement and Zscaler security configurations Contribute to incident response plans, disaster recovery documentation, and security runbooks Track and report on key security KPIs including MFA adoption, device compliance rates, open vulnerabilities, and audit findings Other related security duties as assigned Occasional travel for critical issues or growth Being on call rotation What You'll Bring 3–5 years of experience in an information security, security analyst, or IT security operations role Hands-on experience administering Google Workspace security features (admin console, audit logs, DLP, OAuth app controls) Experience with endpoint security platforms; CrowdStrike Falcon preferred, Microsoft Defender for Endpoint also considered Familiarity with Microsoft security products including Intune, Microsoft Defender, and Entra ID Solid understanding of identity and access management concepts: SSO, MFA, RBAC, least privilege Experience conducting access reviews, user provisioning audits, and policy enforcement Working knowledge of email security protocols (SPF, DKIM, DMARC) and email threat landscape Strong analytical skills with the ability to investigate alerts and identify indicators of compromise Excellent written and verbal communication skills; ability to explain security concepts to non-technical users Familiarity with HIPAA Security Rule requirements and healthcare data protection obligations Preferred Skills CrowdStrike certification (CCFA, CCFH, or equivalent) preferred Microsoft security certifications (SC-200, MS-500, or equivalent) a strong plus Experience with Zscaler ZIA security policy management or cloud-native security platforms Familiarity with SIEM platforms and log management tools Experience running security awareness programs and phishing simulations (KnowBe4, Proofpoint, or similar) Prior experience in healthcare IT security or compliance roles Knowledge of NIST CSF or CIS Controls frameworks Benefits to Support Your Wellbeing & Lifestyle Full-time team members at Metro Vein Centers are eligible for: Medical, Dental, and Vision Insurance 401(k) with Company Match Generous Paid Time Off (PTO) + Paid Company Holidays Company-Paid Life Insurance Short-Term & Long-Term Disability Insurance Employee Assistance Program (EAP) Career Growth & Development Opportunities A collaborative, mission-driven culture focused on delivering exceptional patient care Compensation for this role varies based on years of experience, skill set, and alignment with position requirements. Compensation: $75,000 — $85,000 USD The Metro Vein Centers Difference Healthy legs. Happier lives. At Metro Vein Centers, we believe exceptional care begins with an exceptional experience. Our mission is to make vein care approachable, empowering, and connected to overall well-being. From the first conversation to the final follow-up, every patient interaction reflects our commitment to compassion, expertise, and trust. A team united by purpose. Our values guide everything we do: Patients First, Always – Every interaction should make our patients feel valued, heard, and cared for. Stronger Together – Teamwork and collaboration drive our success. We lift each other up to deliver the best for our patients. A Can-Do Spirit – We meet every challenge with positivity, flexibility