Senior Information Security Analyst

At Definitive Healthcare, our passion is to transform data, analytics and expertise into healthcare commercial intelligence. We help clients uncover the right markets, opportunities and people, so they can shape tomorrow’s healthcare industry. Our SaaS platform creates new paths to commercial success in the healthcare market, so companies can identify where to go next.  

Our employees are kind, collaborative, energetic, approachable and driven. On top of that, we value the unique perspectives, backgrounds and voices of our employees. Why? Because their diverse experiences drive new ideas and help us build a better community. 

For over 10 years, we’ve built a collaborative culture driven by employees who share a passion for improving the healthcare ecosystem, enjoy giving back to the local community and value diversity and inclusion.  

One of the hallmarks of our culture is our commitment to community service. Through the DefinitiveCares program, employees can work with their choice of more than 40 charitable organizations, supporting causes from hunger and homelessness to healthcare, LGBTQ+ issues, racial justice, women’s initiatives and more. 2021 marked the sixth year that we had 100% employee participation in DefinitiveCares. 

We also provide a range of opportunities for employees to connect with each other. Employees can join any of our employee run affinity groups supporting causes such as women’s empowerment, LGBTQ+, Black, indigenous and people of color (BIPOC), disabilities and working parents and potential for many more. Affinity groups often enable greater education companywide through training, events and speaker series. 

We’re also a great place to work. For five years in a row, we’ve been recognized by the Boston Business Journal and the Boston Globe as a best place to work in Massachusetts. In 2022, Energage recognized us for Culture Excellence in Compensation & Benefits, Innovation, Great Leadership, Purpose & Value and Work-Life Flexibility! 

Think you’d be a good addition to our team? Explore our available positions here. We’d love the chance to get to know you.  

Qualifications  

• Bachelor’s degree in computer science or a related field, or equivalent work experience  
• Minimum 5 years of experience in information security, with at least 3 years in a senior role, leading security projects, and making strategic security decisions.  
• Familiarity with leading vulnerability scanning and assessment tools such as Nessus, Qualys, or Rapid7. Experience in identifying, evaluating, and prioritizing vulnerabilities in a corporate environment. 
• Deep understanding of IAM principles and technologies, including experience with solutions like Okta, Microsoft Azure Active Directory, or SailPoint for managing digital identities and facilitating secure access. 
• Hands-on experience with PAM tools such as CyberArk, BeyondTrust, or Thycotic to secure, control, and monitor access to critical assets and privileged accounts. 
• Proficiency in data encryption, tokenization, and masking technologies. Familiarity with data protection solutions for both at-rest and in-transit data across various platforms and environments. 
• Expertise in configuring and managing SIEM platforms like Splunk, IBM QRadar, or LogRhythm, including creating custom rules, dashboards, and alerts to monitor security events. 
• Experience with EDR tools such as CrowdStrike Falcon, SentinelOne, or Carbon Black for real-time monitoring and response to threats at the endpoint level. 
• Knowledge of DLP strategies and tools like Symantec DLP, McAfee DLP, or Digital Guardian for protecting sensitive data and preventing unauthorized data transfer. 
• Strong understanding of Microsoft Active Directory and Group Policy Objects (GPOs) for managing users, groups, and policies within a Windows environment. 
• Experience with information security frameworks including ISO 27001, NIST Cybersecurity Framework, and other compliance frameworks.   
• Experience with cloud platforms (AWS, Azure, GCP) and understanding of cloud security best practices, tools, and services to secure cloud environments. 
• The ability to analyze complex security systems and threats, identify vulnerabilities, and devise strategic solutions to mitigate risks. 
• Meticulous attention to detail in monitoring systems, analyzing security alerts, and implementing security measures to prevent oversights that could lead to vulnerabilities. 
• Excellent written and verbal communication skills, including the ability to articular complex issues to technical and non-technical stakeholders.  
• Demonstrated critical thinking, problem-solving, and project management skills.  

Certifications (Any of the Following) 

• (CISSP) Certified Information Systems Security Professional 
• (CISM) Certified Information Security Manager 
• (Security+) CompTIA Security+ 
• (CEH) EC-Council Certified Ethical Hacker 
• (GISF) GIAC Information Security Fundamentals 
• (GSEC) GIAC Security Essentials 

Responsibilities  

• Ensure that all information security policies remain up-to-date and are regularly reviewed.   
• Ensure all firm information security systems are configured and operating according to policies and standards.  
• Collaborate with third-party Managed Detection and Response provider to ensure security logging and monitoring strategy is implemented and to create custom and relevant use cases. 
• Lead incident response, including triage, containment, investigation, and remediation efforts. 
• Investigate and report relevant information regarding security breaches and other incidents.  
• Report information security incidents as per the incident response policy.  
• Develop incident response plans and incident response playbooks and ensure that they are regularly reviewed and maintained.  
• Lead completion of security tickets assigned to the information security team.  
• Assist in responding to client security audits and questionnaires.  
• Assist in leading information security reviews of third-party providers.  
• Maintain and oversee privileged access management software.  
• Monitor and ensure security control effectiveness.   

• Collect and provide updates to management on key security-related metrics.  
• Assist with risk assessments to assess security gaps and risks.  
• Engage in IT and security architecture and design discussions to determine and implement appropriate security controls.   
• Lead enterprise-wide security training and awareness efforts.  
• Evaluate effectiveness of security controls.    
• Ensure that all information created, acquired, or maintained in performance of job duties is used in accordance with the intended purpose, and adheres to standards.  

Why we love Definitive, and why you will too!

• Industry leading products
• Work hard, and have fun doing it
• Incredibly fast growth means limitless opportunity
• Flexible and dynamic culture
• Work alongside some of the most talented and dedicated teammates
• Definitive Cares, our community service group, gives all of us a chance to give back
• Competitive benefits package including great healthcare benefits and a 401(k) match

What our Employees are saying about us on Glassdoor: 

 “Great Work atmosphere, great work life balance, excellent company to work for, amazing top notch product, incredible customer service, lots of tools to help you succeed.”

-Business Development Manager

“Great team. Amazing growth. Employees are treated very well.”

-Research Analyst

“I have waited 36 years to work at a dream job for a dream company and I am so happy to have finally got there.”

-Profile Analyst

If you don’t fit all of these qualifications, but believe you’re still a great fit, feel free to apply and tell us why in your cover letter.

If you are a California, Colorado, New York City or Washington resident and this role is a remote role, you can receive additional information about the compensation and benefits for this role, which we will provide upon request.

Definitive Hiring Philosophy

Definitive Healthcare is an equal opportunity employer that celebrates diversity and is committed to creating an inclusive workplace with equal opportunity for all applicants and teammates. Our goal is to recruit the most talented people from a diverse candidate pool regardless of race, color, religion, age, gender, gender identity, sexual orientation or any other status. If you’re interested in working in a fast growing, exciting working environment – we encourage you to apply!

Privacy 
Your privacy is important to us. Please review our Candidate Privacy Notice which tells you how we use and process your personal information

Please note: All communications regarding the hiring process at Definitive Healthcare will come directly from one of our corporate recruiters or coordinators with an @definitivehc.com email address. We will never request any money transfer or purchase of equipment with a promise of reimbursement. If you receive any suspicious communications, please reach out to careers@definfitivehc.com to confirm your status in the application process.