Qualifications: Education, Licensure and Certifications, Related Work Experience
· 7-10 years of experience in IT security, security engineering, or a related role.
· Preferred: Bachelor’s degree in computer science, Information Technology, or related field.
· Relevant security certifications such as Microsoft Security certifications (SC-200, SC-300, SC-400, AZ-500), CompTIA Security certifications (Security+, CySA+, CASP+, etc), or similar is preferred.
Other specialized skills and knowledge necessary to perform this job. (e.g., basic accounting principles, computer skills and software, specific healthcare processes, interpersonal, communication, etc.
1.
Strong hands-on experience with Microsoft 365 security, including Entra ID, Defender, Purview, and Intune.
3.
Familiarity with network security concepts and tools, including secure web gateways and zero trust architectures (e.g., Zscaler).
2.
Experience with endpoint security, EDR, and MDR solutions (e.g., Huntress, Crowdstrike, etc.).
4.
Working knowledge of Azure or AWS security fundamentals.
5.
Strong understanding of security engineering principles, including defense-in-depth, identity-first security, least privilege, and zero trust architectures.
6.
Experience designing and operating security controls in regulated or privacy-sensitive environments, preferably healthcare.
7.
Working knowledge of incident response, forensic investigation support, and root-cause analysis.
8.
Ability to reason about threat models, attack paths, and control effectiveness rather than relying solely on tools.
Essential Job Duties/Responsibilities
1.
Design, implement, and operate secure identity and access controls across Microsoft Entra, Microsoft 365, and integrated SaaS platforms, with a strong emphasis on conditional access, multifactor authentication, least privilege, and privileged identity management.
2.
Administer and optimize endpoint detection and response (EDR) and managed threat detection tools, including Microsoft Defender and Huntress.
3.
Implement and manage secure access and network security solutions, including Zscaler.
4.
Monitor, investigate, and respond to security alerts, incidents, and vulnerabilities across endpoints, identities, networks, and cloud workloads.
5.
Perform threat hunting, root-cause analysis, and remediation of security events, with an emphasis on preventing recurrence through improved controls and configuration.
6.
Secure both human and non-human identities, including service accounts, integrations, and application access, ensuring appropriate lifecycle management.
7.
Manage device security posture for Windows and mobile devices using Intune and security baselines.
8.
Secure cloud environments in Azure and AWS by implementing identity-centric controls, network segmentation, logging, and secure configuration baselines, and by continuously assessing cloud security posture.
9.
Design and maintain secure system and security tool configurations, and implement changes through approved workflows to ensure traceability, reliability, and investigative readiness.
10.
Contribute to the design and maturation of the security program, including security architecture patterns, standards, procedures, and technical controls, in partnership with Security, IT, and Compliance leadership.
11.
Support healthcare regulatory and compliance requirements (e.g., HIPAA, HITRUST).
Compliance Requirements
Adherence to Laws, Rules, Regulations, Standards, Guidelines, Policies and Procedures:
· Ensure compliance with all federal, state, and local laws, regulations, standards, guidelines, and Eventus WholeHealth policies and procedures pertaining to the job.
· Remain informed of any changes to federal, state, and local laws, regulations, standards,guidelines, and Eventus WholeHealth policies and procedures that impact the job and the company.
· Promptly report any non-compliant conduct and/or practices to Eventus WholeHealth’s Chief Compliance and Risk Officer.
Ethical Conduct:
· Ensure adherence to Eventus WholeHealth's Code of Ethics and Business Conduct.
· Perform the job duties with integrity and professionalism.
· Promptly report any unethical conduct and/or practices to Eventus WholeHealth’s Chief Compliance and Risk Officer.
Patient Privacy and Confidentiality:
· Strictly protect patient information in accordance with all federal and state privacy laws and Eventus WholeHealth policies and procedures.
· Promptly report any violations of federal and state privacy laws and Eventus WholeHealth
· policies and procedures to Eventus WholeHealth’s Chief Compliance and Risk Officer.
Documentation and Record Keeping:
· Maintain accurate and complete documentation when performing the job duties.
· Ensure that all Eventus WholeHealth information, data, documentation, and records are always safeguarded and maintained confidentially.
Training and Education:
· Participate in all assigned training.
· Complete all assigned training by the deadline for completion.
Risk Management and Incident Reporting:
· Engage in regular risk assessments to identify potential risks and work proactively with a supervisor and Eventus WholeHealth’s Chief Compliance and Risk Officer to mitigate any identified risks.
· Promptly report any incidents (as defined in the “Incident Report Policy”) to the Chief Compliance and Risk Officer.
Eventus WholeHealth PLLC provides holistic physician-led healthcare services for medically vulnerable adults residing in skilled nursing and assisted living facilities. With our highly-trained team of physicians, psychiatrists, nurse practitioners, physician assistants, psychotherapists, podiatrists, specialists, and support staff, our comprehensive, evidence-based model provides truly integrated care across a wide range of specialties.
Our differentiated approach not only delivers great outcomes for patients and families, it also empowers the facilities to reach their own goals and objectives.
