Remote Cloud Security Analyst (ISC2 CCSP Required)

Description

WHO WE ARE

Founded in 1983, the Medical Review Institute of America (MRIoA) is the market leader for technology-enabled utilization management and clinical medical review solutions. We have an outstanding reputation for excellence and achieve continual improvement.

At MRIoA, we believe our employees are the key to our success. Here, you are more than just a cog in the machine – you are a valued member of our team.

WE OFFER

• A competitive compensation package.
• Benefits include healthcare, vision and dental insurance, a generous 401k match, paid vacation, personal time, and holidays.
• Growth and training opportunities.
• A team atmosphere with fun events and prizes scheduled throughout the year.

POSITION OVERVIEW

The Cloud Security Analyst will be responsible for designing, implementing, and managing security measures across cloud and on-premise environments, ensuring a secure and compliant infrastructure in a hybrid IT landscape. This role requires expertise in cybersecurity, risk management, and compliance standards while securing a distributed workforce and legacy systems.

Key Responsibilities:

• Design, implement, and manage cloud security controls across platforms such as AWS, Azure, and Google Cloud.
• Implement and manage security measures for remote work environments, including VPN security, endpoint protection, and identity & access management (IAM) solutions.
• Monitor and analyze cloud security alerts, logs, and incidents to detect and respond to threats.
• Assess and improve security configurations of on-premise infrastructure, including firewalls, network security, endpoint protection, and identity access management.
• Collaborate with IT and DevOps teams to integrate security best practices into cloud and on-premise architectures.
• Conduct vulnerability assessments, penetration testing, and risk analysis for hybrid environments.
• Develop and enforce security policies, procedures, and standards for cloud and on-premise security.
• Ensure compliance with industry regulations such as ISO 27001, NIST, SOC 2, GDPR, and HITRUST.
• Investigate security incidents, conduct forensic analysis, and provide recommendations for mitigation.
• Stay up to date with emerging security threats and advancements in cloud security technologies.
• Provide training and guidance to internal teams on security best practices and threat awareness.

Work Environment:

• Ability to sit at a desk, utilize a computer, telephone, and other basic office equipment is required. This role is designed to be a remote position (work-from-home).

Diversity creates a healthier atmosphere: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.

This company is a drug-free workplace. All candidates are required to pass a Background Screen before beginning employment. All newly hired employees will take a Drug Screen, as well as agreeing to all necessary Compliance Regulations on their first day of employment.

California Consumer Privacy Act (CCPA) Information:

Sensitive Personal Info: MRIoA may collect sensitive personal info such as real name, nickname or alias, postal address, telephone number, email address, Social Security number, signature, online identifier, Internet Protocol address, driver’s license number, or state identification card number, and passport number.

Data Access and Correction: Applicants can access their data and request corrections. For questions and/or requests to edit, delete, or correct data, please email the Medical Review Institute at [email protected].

Requirements

Skills and Experience:

• 5+ years of experience in cloud security (AWS, Azure, GCP) and on-premise security, preferably in a healthcare setting.
• Possession of a verifiable ISC2 Certified Cloud Security Professional (CCSP) certification is required.
• Must have a strong background in information technology with a clear understanding of the challenges of information security.
• Excellent communication and presentation skills to help build an understanding and awareness of security issues throughout the organization.
• Demonstrated analytical and problem-solving abilities to identify and fix security risks.
• Must be able to organize a team to develop security solutions in collaboration with other information technology professionals.
• Familiarity with antivirus, spam, IDS, Web Application Firewalls, etc
• Expert knowledge of HIPAA and HITECH security assessments.
• Knowledge of Windows operating systems.
• Knowledge of firewall and intrusion detection/prevention protocols.
• Understanding of secure coding practices and threat modeling.
• Understanding of network security architecture development and definition.
• Knowledge of third-party auditing.
• Experience with security frameworks, best practices, and tools such as CSPM, SIEM, and IAM.
• Experience with firewall management, endpoint security, and intrusion detection systems.
• Familiarity with container security (Docker, Kubernetes) and CI/CD security processes.
• Experience in automation using Python, PowerShell, or Bash for security operations, monitoring, and incident response. •
• Hands-on experience with security assessment tools such as Nessus, Qualys, or Metasploit.
• Additional certifications such as CISSP, CISM, OSCP, AWS Security Specialty, Microsoft Azure Security Engineer, or Google Professional Cloud Security Engineer are a plus.
• Varonis knowledge is a plus

Preferred Qualifications:

• Experience with zero-trust security models and micro-segmentation strategies.
• Experience in securing Protected Health Information (PHI) and HIPAA-compliant environments.
• Knowledge of security governance frameworks such as HITRUST, NIST, ISO, and CIS.
• Experience with incident response and digital forensics in hybrid environments.
• Strong communication skills with the ability to explain complex security concepts to non-technical stakeholders.

Education & Certifications:

• Bachelor's degree in Computer Science, Programming, or a related field.
• Possession of the ISC2 CCSP certification is required.
• Additional certifications such as CISSP, CISM, OSCP, AWS Security Specialty, Microsoft Azure Security Engineer, or Google Professional Cloud Security Engineer are a plus.