Security Analyst

Position Overview


Security and compliance are vital to protecting the systems that allow us to serve families living with dementia. As our Security Analyst, you are the first line of defense. You will help us configure security monitoring tools, integrate signal data, and build a security monitoring program. If you love looking into the technical details, learning intricate configurations, and watching user patterns, this role is built for you. This is an important effort because it will elevate our security operations towards a path of automation and data-driven monitoring. This role reports directly to the CISO with a focus on mentoring and partnership to further your career opportunities.


About Us & What We Do


Ceresti is on a mission to reduce avoidable hospitalizations and improve care for people living with dementia while improving the lives of their families and caregivers. We envision a world in which family caregivers of people living with dementia are supported and have the knowledge, skills, and confidence to provide the best possible care for their loved ones.


Ceresti is a tech-enabled dementia care provider with a differentiated model of care that improves outcomes and delivers guaranteed cost savings by including family caregivers in the care team. We offer health plans and accountable care organizations a turnkey solution for impacting a population that has limited engagement in traditional clinical programs.


Our culture is rooted in agility, innovation, and collaboration. We believe that every idea - no matter how small - can spark a meaningful improvement. We work in cross-functional Agile teams that move fast, ship often, and learn together. Together, we create solutions that make a lasting impact on the healthcare ecosystem, enabling more compassionate and cost-effective care for those who need it most.


Responsibilities
• Analyze, deploy, integrate, and monitor security tools, including connecting sources such as AWS, HubSpot, Canvas, and MacBook endpoints (Mosyle, Bitdefender) into our Huntress SIEM.
• Review security baselines for configurations to identify gaps, then work with IT to close those gaps (e.g., CIS Benchmark, Vendor Best Practices)
• Assist in monitoring security controls in support of SOC 2 (and future HITRUST) compliance assessments.
• Monitor security dashboards, alerts, cyber incidents, and participate in tabletop exercises to improve the detection and response posture.
• Study user and system behavior to strengthen our security awareness training (KnowBe4) by turning real-world signal into targeted, relevant education for our team.
• Work closely with the product team (engineering, product management, and quality assurance) to ensure security monitoring is in place throughout the SDLC
• Create proofs of concept and develop capabilities using AI to demonstrate what is possible and accelerate the security program.
• Compile and update runbooks to respond to possible security scenarios.
• Track assets, users, and files to ensure the security process is followed by our security design and zero trust architecture.
• Write and maintain simple scripts and utilities to automate routine security checks across the Govern, Identify, Protect, Detect, Respond, and Recover functions.
• Help track and report key metrics such as average time to detect/respond/contain, false positive rate, failed login rate, patch compliance rate, and vulnerability exposure time.
• Assist in other capacities around Governance, Risk, and Compliance as needed.


Qualifications


Education
• BS/BA degree or higher in Computer Science, Engineering, Computer Security or a related technical field


Experience
• 2-4 years in security, IT, or a related technical role. Internships, security certifications (e.g., Security+), home-lab projects, and academic work all count.
• Experience with SOC2, HITRUST, or HIPAA (or equivalent compliance standards)
• Familiarity with SIEM and logging concepts; hands-on exposure to Huntress or a similar platform is a plus
• Proven experience being a part of a team and contributing to achieve team goals
• Exposure to security or IT tools such as AWS, M365 Entra / Purview, Huntress, Mosyle, Bitdefender, KnowBe4, or Snyk - familiarity with several, not all, is fine
• Awareness of CI/CD pipeline concepts (e.g., Bitbucket Pipelines, GitHub Actions) - a plus, not required
• Comfort with, or eagerness to learn, basic scripting (Python, Bash, or Go) to verify data and configuration settings
• Experience within healthcare industry highly desired
• Experience with security testing in regulated environments, ideally HIPAA / healthcare, and an instinct for protecting PHI is a plus
• Experience using AI tools (e.g., Co-Pilot, Gemini, Claude) to accelerate security analysis and development of scripts for security system integration/validation
• Clear written and verbal communication, including writing security ticket resolutions and root cause analysis reports, and staying calm and communicating clearly during a security incident


Skills
• Reliable, persistent and results-oriented
• Easy to get along with; able to work with a team
• Must demonstrate a high level of integrity and ownership
• Consistently transparent, courageous and enthusiastic
• Must be able to pass a background check


Job Type
• Full time


Location
• This position is entirely remote. US-based candidates only.


What We Offer
• Health insurance
• Opportunities for professional growth and development
• Collaborative and dynamic work environment
• Flexible work arrangements and remote work options
• Access to cutting-edge technologies and tools
• The chance to do work that directly improves the lives of patients with dementia and the families who love them


Join us to build technology solutions that empower family caregivers and improve patient care outcomes, all while advancing your career in a dynamic, growth-oriented environment.