Lead Security Analyst at HealthEZ

Edina, Minnesota, United States -

Full Time

Start Date

Immediate

Expiry Date

18 Mar, 26

Salary

155000.0

Posted On

18 Dec, 25

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Cybersecurity, Incident Response, Risk Management, Vulnerability Management, Security Operations, Policy Governance, Compliance, Security Architecture, Microsoft 365 Security, EDR Platforms, Microsoft Sentinel, Cloud Security, Data Protection, Threat Intelligence, Communication Skills, Analytical Skills

Industry

Insurance

Description

Job Details Job Location: Minnesota - Minneapolis, MN 55439 Salary Range: $120,000.00 - $155,000.00 Salary The Opportunity The Lead Security Analyst is responsible for safeguarding the organization’s digital assets and ensuring the confidentiality, integrity, and availability of information systems. This role serves as the central point of leadership within the cybersecurity program—overseeing daily security operations, coordinating incident response efforts, managing risk assessments, and developing security policies, standards, and best practices. The Lead Security Analyst partners closely with IT, compliance, and leadership teams to identify vulnerabilities, implement mitigation strategies, and ensure regulatory compliance. This position is essential for strengthening organizational resilience, reducing security risk, and ensuring ongoing compliance with industry standards such as SOC, NIST, HIPAA, and other regulatory requirements. What you’ll do Risk & Vulnerability Management Conduct ongoing risk assessments, vulnerability scanning, and security posture evaluations across cloud, on-premises, and hybrid environments. Prioritize findings based on criticality and develop mitigation plans in collaboration with technical teams. Oversee third-party and vendor risk assessments and track remediation. Security Operations & Monitoring Monitor security tools, SIEM alerts, endpoint protection, and network activity for suspicious behavior. Lead the triage, investigation, and remediation of security incidents. Maintain threat intelligence awareness and apply security updates, patches, and optimizations accordingly. Incident Response Develop, maintain, and execute the organization’s incident response plan. Serve as the primary escalation point for security events and coordinate internal and external response teams. Conduct post-incident root cause analysis and produce detailed reporting. Policy, Governance & Compliance Create, update, and enforce security policies, procedures, and standards. Support audits (SOC 1/2, HIPAA, PCI, etc.) and maintain documentation of controls and evidence. Ensure adherence to regulatory and contractual security requirements. Security Architecture & Strategy Provide guidance on secure design principles for new applications, integrations, and infrastructure changes. Partner with IT and engineering teams to implement zero-trust principles, identity controls, and data protection strategies. Evaluate emerging security technologies and recommend improvements. Qualifications What we expect from you Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field; equivalent experience will be considered. 5+ years of professional experience in cybersecurity, security operations, incident response, or information security analysis. Hands-on experience with endpoint detection and response (EDR) platforms, including CrowdStrike Falcon (required). Strong operational experience with Microsoft 365 security and compliance tools, including: Microsoft Defender for Endpoint Microsoft Defender for Identity Microsoft Defender for Cloud / Cloud Apps Microsoft Purview (DLP, Compliance, Data Governance) Microsoft Entra ID (formerly Azure AD) for identity and access management Exchange Online protection/security Proficiency with Microsoft Sentinel (SIEM/SOAR) for log ingestion, alerting, playbooks, and incident analysis. Experience managing security controls, policies, and monitoring in Microsoft Azure and hybrid cloud environments. Demonstrated ability to lead end-to-end security incident investigations—including detection, triage, containment, remediation, and post-incident reporting. Strong understanding of security frameworks and control standards such as NIST CSF, ISO 27001, CIS Controls, SOC 2, SOC 1, and HIPAA. Experience performing risk assessments, vulnerability management, access governance reviews, and related compliance activities. Excellent communication skills with the ability to create clear documentation, explain technical concepts to non-technical stakeholders, and present findings to leadership. Desired Skills Relevant certifications such as CISSP, CISM, CEH, Security+, or Azure security certifications. Strong analytical and problem-solving skills with the ability to interpret technical data. Experience with secure software development practices and DevSecOps methodologies. Ability to lead cross-functional teams and influence decision-makers. Familiarity with Azure cloud environments and modern identity frameworks (SAML, OAuth, MFA). Strong organizational skills and attention to detail. Work Environment Hybrid work environment with a combination of remote and on-site collaboration, depending on organizational needs. Fast-paced, highly collaborative setting that involves cross-functional coordination. May require occasional off-hours work during critical security incidents or system updates. Standard office hours with flexibility as needed to support security operations. We make healthcare EZ! Additional Opportunity Details: Target Base Compensation Range for this role is $120,000-$155,000* * Factors that may be used to determine your actual salary include your job specific skills, education, training, job location, number of years of experience related to this role and comparison to other employees already in this role. Employee benefits are part of the competitive total rewards package that HealthEZ provides to you. Our comprehensive benefits program includes health benefits, retirement plan (401k), paid time away, paid leaves (including paid parental leave) and more. HealthEZ recognizes its responsibilities under federal, state, and local laws requiring non-discriminatory employment practices. All employment decisions, practices and procedures will be carried out without regard to race, color, creed, religion, sex (including pregnancy), sexual orientation, national origin or ancestry, age, marital status, disability, family status, status with regard to public assistance, or any other characteristic protected under applicable local, state, and federal laws. HealthEZ is proud to be an equal opportunity employer.

Responsibilities

The Lead Security Analyst is responsible for safeguarding the organization’s digital assets and overseeing daily security operations. This includes coordinating incident response efforts, managing risk assessments, and developing security policies and standards.