Cybersecurity Analyst

Ennoble Care is a mobile primary care, palliative care, and hospice service provider with patients in New York, New Jersey, Maryland, DC, Virginia, Oklahoma, Kansas, Pennsylvania, Texas, Florida, and Georgia. Ennoble Care’s clinicians go to the home of the patient, providing continuum of care for those with chronic conditions and limited mobility. Ennoble Care offers a variety of programs including, remote patient monitoring, behavioral health management, and chronic care management, to ensure that our patients receive the highest quality of care by a team they know and trust. We seek individuals who are driven to make a difference and embody our motto, “To Care is an Honor.” Join Ennoble Care today!

We are hiring our first dedicated cybersecurity professional. You will own the day-to-day security operations for a HIPAA-regulated, cloud-only environment. This is a hands-on role: you will harden our Microsoft security stack, run incident response, hunt threats, and build the security program alongside our external Microsoft security partner.

This is not a policy-writing job. You will spend most of your time in Defender, Entra ID, Purview, and Exchange Online. You will be the person who investigates alerts, tunes detections, closes gaps in Conditional Access, and ensures our compliance posture holds up under scrutiny.

You will report to the CIO and work closely with our CTO and our Engineering AI Transformation Manager who serves as a cybersecurity technical SME with FedRamp/NIST 800-171/Soc2/ISO 27001 cybersecurity R&D background.

• →Managing on-premises infrastructure (we have none)
• →Writing policies in isolation without implementing them
• →Sitting in a SOC watching a SIEM all day (our MDR handles tier-1 monitoring)

• Manage and refine Conditional Access policies across Entra ID
• Administer Privileged Identity Management (PIM) and enforce least-privilege
• Monitor and respond to identity-based threats (token theft, MFA bypass, impossible travel)
• Drive adoption of phishing-resistant MFA (FIDO2/passkeys, Windows Hello for Business, certificate-based auth) and deploy token-theft protections — token protection, Continuous Access Evaluation, and sign-in risk-based Conditional Access
• Ability to conduct quarterly tabletop exercises for anticipation of threats and corrective action plans.
• Conduct regular entitlement reviews and clean up stale access

• Harden Exchange Online Protection: Safe Links, Safe Attachments, anti-phishing policies, quarantine management
• Own email authentication: configure and maintain SPF, DKIM, and DMARC records in DNS, monitor DMARC aggregate reports for spoofing and broken senders, and drive the domain to enforcement (p=reject)
• Strengthen mail transport and anti-spoofing posture (MTA-STS, TLS-RPT, ARC), and enable BIMI once DMARC is at enforcement
• Investigate and respond to BEC, phishing, and account compromise incidents
• Own the user phishing-reporting workflow (Report Phishing button, submissions triage) and rapid email remediation — ZAP and tenant-wide message purge — with a target time-to-contain for reported messages
• Design and execute simulated phishing campaigns to measure and improve user resilience
• Run the security awareness and human-risk program (Attack Simulation Training, onboarding and recurring training, just-in-time coaching, targeted remediation for repeat clickers) and report on click-rate and report-rate trends over time

• Write and tune KQL queries in Microsoft Defender Advanced Hunting
• Triage Defender alerts, investigate incidents end-to-end, and document findings
• Coordinate with our MDR provider on endpoint detections
• Own the incident response lifecycle from detection through remediation and lessons learned

• Implement Microsoft Purview information protection labels, DLP policies, and retention rules
• Collect and maintain evidence for HIPAA compliance assessments and SOC 2 readiness
• Support cyber insurance renewals with accurate risk documentation

• Work with our external Microsoft security partner to execute posture improvement roadmaps
• Track and improve Microsoft Secure Score across identity, devices, apps, and data
• Own the security workstream during M&A integrations (approximately one acquisition per quarter)
• Evaluate and recommend security tooling additions as the program matures

• 3+ years in a hands-on security operations, security engineering, or security analyst role
• Deep working knowledge of Microsoft 365 security stack: Defender for Office 365, Entra ID, Conditional Access, Intune
• Experience investigating and remediating email compromise, phishing, and identity-based attacks
• Hands-on experience with email authentication (SPF, DKIM, DMARC) and Exchange Online Protection / Defender for Office 365
• Proficiency with KQL for threat hunting and log analysis
• Understanding of HIPAA security requirements and how they translate to technical controls
• Ability to work independently and prioritize in a fast-moving environment with minimal bureaucracy

• Healthcare industry experience
• Experience with Microsoft Purview (Information Protection, DLP, eDiscovery)
• Familiarity with SentinelOne or similar EDR platforms
• Experience supporting M&A security integration or due diligence
• Comfort with AI-assisted security workflows
• Certifications: Security+, CISSP, SC-200, SC-300, or SC-400

We've invested heavily in improving our security posture over the past six months and need a dedicated person to sustain that momentum, own the day-to-day, and build toward a mature security program. You'll have budget, executive support, and a strong external partner. What we need is someone who will take ownership.

Ennoble Care is an Equal Opportunity Employer, committed to hiring the best team possible, and does not discriminate against protected characteristics including but not limited to - race, age, sexual orientation, gender identity and expression, national origin, religion, disability, and veteran status.