Listing Description

The Security Analyst (hybrid) role is responsible for tier 1 support of HeartFlow’s security functions as part of the Information Security team. This includes working with security engineers as well as internal teams, like IT and DevOps, and external security partners.

This role offers an opportunity to learn and work hands-on with multiple security technologies and provides a path to grow into a security engineer in a dynamic environment. #LI-IB1

Job Responsibilities:

• Operational support for information security tool alerts, triaging, and maintenance.


• Perform first level incident response and computer forensics activities.


• Work closely with our external security partners.


• Respond to end user security support requests, monitor security inbox and tickets, and follow up on support requests through to completion.


• Work with the security engineers to perform alert tuning and uncover network vulnerabilities.


• Assess security controls and evaluate security posture of organizational internal controls.


• Provide support for training and awareness initiatives, including but not limited to phishing tests, lunch and learn logistical support, etc.


• Research security trends, new methods, and techniques used to preemptively eliminate the possibility of system breach.


• Assist the IAM team with user account management.


• Maintain confidentiality on all sensitive security matters.


• Participate in the on-call rotation for the security team.

Skills Needed:

• Self-starter, positive attitude, and excellent communication skills.


• Ability to analyze and prioritize vulnerabilities to appropriately characterize threats and provide remediation advice.


• Ability to understand information security and information technology risks associated with vulnerability testing, patch management, and secure configuration management.


• Ability to identify and mitigate vulnerabilities and explain how to avoid them.

Preferred Knowledge and Experience:

• General understanding of firewalls, SIEMs, endpoint protection, IDP/IPS, phishing, and other fundamental security concepts.


• General understanding of secure network and system design in both cloud (AWS, Azure, etc.) and on-premises environments.


• Basic knowledge of common information security management frameworks, such as NIST CSF.


• Basic knowledge of relevant legal and regulatory requirements, such as HITRUST, SOC-2, HITECH, or HIPAA.

Educational Requirements and Work Experience:

• Minimum of 3 years experience in information security.


• Bachelor's degree in computer science or a related field is a plus.


• Industry certifications like Security+, CySA+, etc. are nice to have.