← Back to jobs
Ennoblecare
Ennoblecare

Cybersecurity Analyst

engineeringfull-timeRemote
SALARY
Not listed
WORK TYPE
remote
JOB TYPE
full-time
INDUSTRY
healthcare
Apply for this position
✦ AutoApply Let us apply to roles like this on your behalf.
Learn more

About the role

Position Overview

We are hiring our first dedicated cybersecurity professional. You will own the day-to-day security operations for a HIPAA-regulated, cloud-only environment. This is a hands-on role: you will harden our Microsoft security stack, run incident response, hunt threats, and build the security program alongside our external Microsoft security partner.

This is not a policy-writing job. You will spend most of your time in Defender, Entra ID, Purview, and Exchange Online. You will be the person who investigates alerts, tunes detections, closes gaps in Conditional Access, and ensures our compliance posture holds up under scrutiny.

You will report to the CIO and work closely with our CTO and our Engineering AI Transformation Manager who serves as a cybersecurity technical SME with FedRamp/NIST 800-171/Soc2/ISO 27001 cybersecurity R&D background.

What You'll Do

Identity & Access Security

  • Manage and refine Conditional Access policies across Entra ID
  • Administer Privileged Identity Management (PIM) and enforce least-privilege
  • Monitor and respond to identity-based threats (token theft, MFA bypass, impossible travel)
  • Drive adoption of phishing-resistant MFA (FIDO2/passkeys, Windows Hello for Business, certificate-based auth) and deploy token-theft protections — token protection, Continuous Access Evaluation, and sign-in risk-based Conditional Access
  • Ability to conduct quarterly tabletop exercises for anticipation of threats and corrective action plans.
  • Conduct regular entitlement reviews and clean up stale access

Email & Messaging Security

  • Harden Exchange Online Protection: Safe Links, Safe Attachments, anti-phishing policies, quarantine management
  • Own email authentication: configure and maintain SPF, DKIM, and DMARC records in DNS, monitor DMARC aggregate reports for spoofing and broken senders, and drive the domain to enforcement (p=reject)
  • Strengthen mail transport and anti-spoofing posture (MTA-STS, TLS-RPT, ARC), and enable BIMI once DMARC is at enforcement
  • Investigate and respond to BEC, phishing, and account compromise incidents
  • Own the user phishing-reporting workflow (Report Phishing button, submissions triage) and rapid email remediation — ZAP and tenant-wide message purge — with a target time-to-contain for reported messages
  • Design and execute simulated phishing campaigns to measure and improve user resilience
  • Run the security awareness and human-risk program (Attack Simulation Training, onboarding and recurring training, just-in-time coaching, targeted remediation for repeat clickers) and report on click-rate and report-rate trends over time

Threat Detection & Response

  • Write and tune KQL queries in Microsoft Defender Advanced Hunting
  • Triage Defender alerts, investigate incidents end-to-end, and document findings
  • Coordinate with our MDR provider on endpoint detections
  • Own the incident response lifecycle from detection through remediation
✦ Let us apply for you
We find roles like this and apply on your behalf. Cover letter written for each one. Plans from $14.99/mo. Cancel anytime.
Join waitlist
Apply now
Cybersecurity Analyst at Ennoblecare — Remote