Senior Staff Security Analyst

What You'll Do

AI-assisted security operations. Use AI tools (Claude, copilots, and emerging agentic platforms) as a force multiplier across every part of the job - accelerating triage and investigation, drafting and refining detections, summarizing alerts and incidents, automating repetitive analyst work, and improving the metrics that matter (MTTD, MTTR, dwell time, analyst throughput). Set the bar for how the security team uses AI responsibly in a PHI environment.

Threat hunting. Develop and execute hypothesis-driven hunts across endpoints, cloud workloads, identity, and SaaS. Translate hunt findings into durable detections. Utilize AI and automation to turn Threat Hunting into a powerful, proactive tool.

Vulnerability management. Drive the vulnerability lifecycle - discovery, prioritization (risk-based, not just CVSS), remediation tracking, and reporting. Partner with engineering to close real risk fast.

Attack surface management. Maintain visibility into our external and internal attack surface across cloud, SaaS, third parties, and acquired entities. Find exposure before someone else does.

Incident response and digital forensics. Assist, however necessary, the Lead Incident Responder with investigations and security incidents from triage through containment, eradication, recovery, and post-incident review. Perform host, network, cloud, and memory forensics. Assist with IR playbooks and the evidence chain.

Fraud assessment. Drive deep analysis on the source of digital fraud. From payment card to cyber-initiated fraud, understand the how and why on the digital fraud frontier.

Cross-functional partnership. Work directly with Engineering, IT, Operations, and Compliance. Translate security findings into clear asks with concrete next steps. Attack problems, not people.

Healthcare-specific risk. Apply controls that fit a HIPAA-regulated, PHI-handling environment. Help us move at purposeful speed without breaking what matters.

Who You Are

• 10–12 years of progressive experience in security operations, with deep hands-on work across all of: digital forensics, incident response, vulnerability management, attack surface management, threat hunting, and security analytics.
• Demonstrated ownership of major security incidents end-to-end - you've been the technical lead, not just on the bridge.
• Working knowledge of cloud security, endpoint detection and response, SIEM platforms, identity providers, and modern attacker tradecraft (MITRE ATT&CK fluency expected).
• Detection engineering experience — you've written, tuned, and retired detections, and you can defend your choices with data.
• Scripting and automation proficiency (Python, PowerShell, or similar) — enough to build what you need rather than wait for it.
• Demonstrated, hands-on use of AI tools (Claude, ChatGPT, GitHub Copilot, or equivalent) as part of day-to-day security work — not just experimentation. You can point to specific examples of how AI changed your throughput, your detection quality, or your time-to-resolution.
• Clear point of view on AI safety and data handling — especially what's appropriate to send to which tools when PHI, credentials, or sensitive telemetry are involved.
• Clear written and verbal communication. You can brief an engineer, a clinician, and an executive on the same incident and have all three walk away with what they need.

Strongly Preferred

• Experience in a healthcare, fintech, or other regulated environment with sensitive data handling requirements.
• Working familiarity with HIPAA, HITRUST, or SOC 2 from the operator side — not just the audit side.
• Industry certifications such as GCFA, GCIH, GNFA, GCTI, OSCP, or equivalent demonstrated expertise.
• Experience supporting M&A security integration or multi-entity environments (we operate across several subsidiaries).
• Experience building AI-assisted workflows or automations for security operations (custom prompts, agentic workflows, integrations with SIEM/EDR/ticketing).
• Familiarity with prompt engineering, retrieval-augmented patterns, or building internal tooling on top of LLM APIs.