About HIPAA Vault
HIPAA Vault is a leading managed cloud and compliance provider for healthcare. We keep thousands of managed sites secure and audit-ready across HIPAA Linux, WordPress, Windows, and WooCommerce hosting, Google Cloud Platform, and secure workspace services (HIPAA Gmail, O365, Forms, Fax, Text, and sFTP) — backed by 24/7 support, a <15-minute critical response time, and 90% first-call resolution. Our clients trust us because real engineers do the work, and here compliance means secure systems, not just secure paperwork.
The Role
This is a hands-on Compliance Analyst role for someone who fixes things, not just flags them. You'll live in the servers, cloud consoles, and ticket queue — hardening systems, remediating vulnerabilities to closure, driving incident response, and keeping our HIPAA / SOC 2 / NIST posture backed by real technical evidence. You'll work alongside our security and systems team in a fast-moving, 24/7 managed-hosting environment.
If your idea of compliance is writing policies and filling out questionnaires, this isn't the role. If you like getting on a Linux box and closing the finding, read on.
What You'll Do
- Remediate vulnerabilities end-to-end — triage scanner output (Rapid7 or similar), verify findings, apply fixes across Linux and Windows servers, and confirm closure. Own the result, not just the report.
- Secure our WordPress fleet at scale — patch core/plugins/themes, harden configurations, and help automate updates across large numbers of sites.
- Harden cloud infrastructure on Google Cloud Platform — IAM/least-privilege, Cloud Armor / WAF policies, and secure configuration baselines.
- Drive incident response from detection through root-cause analysis and written RCA, coordinating with the team inside our 24/7 response SLAs.
- Operate encryption and BAA controls — configure and validate encryption for HIPAA Gmail, O365, Fax, and file transfer; manage BAAs as living controls, not a spreadsheet.
- Assist customers with audits and security questionnaires — a weekly, customer-facing activity: help clients accurately complete HIPAA audits, third-party security assessments, and vendor risk questionnaires, and get them submitted on time.
- Run risk assessments and audits and maintain HIPAA / SOC 2 / NIST / HITECH evidence drawn directly from the systems we manage.
- Deliver security awareness training (including phishing simulations) and answer daily customer compliance questions.
- Build repeatable process — log every finding in our tracking system, create and manage tasks, document runbooks, and turn recurring manual checks into automation.
What Success Looks Like (First 90 Days)
- Vulnerabilities are triaged, remediated, and verified closed on a predictable cadence with the process documented.
- Every security observation lives in the central tracking system, not in chats or memory.
- At least one recurring manual check is automated or captured in a runbook a teammate can follow.
Must-Have Qualifications
- 5+ years in a security/compliance role with direct, hands-on remediation experience on production systems (not purely advisory, audit-observer, or policy-writing).
- Strong working command of Linux (command line, hardening, least privilege) and familiarity with Windows server administration.
- Experience with vulnerability scanners (Rapid7, Nessus, or equivalent) — including interpreting failed-asset/authentication results and acting on them.
- Demonstrated experience taking a security incident from detection to a written RCA and verified remediation.
- Working knowledge of HIPAA (Security Rule / technical safeguards); familiarity with SOC 2, NIST, or HITECH.
- Strong documentation and process discipline — clear runbooks, and a ticketing/task system kept as the source of truth. Non-negotiable.
- Client-facing communication skills — comfortable working directly with customers to guide them through audits, security questionnaires, and compliance questions, clearly and professionally (written and verbal).
- Availability for a rotating on-call schedule in our 24/7 environment.
- Reliable high-speed internet (min. 100 Mbps down / 10 Mbps up) for remote work.
Preferred (Not Required)
- CompTIA Security+ (or willing to earn it early — we sponsor certifications).
- CISSP or CISM — or CISSP-eligible and on track to earn it (we support this path).
- Google Cloud Platform security experience (IAM, Cloud Armor/WAF); AWS a plus.
- WordPress security/patching at scale; cPanel hardening; managed-hosting background.
- Scripting/automation (Bash, Python, Salt, or config management).
- Experience with email/data encryption (O365, Google Workspace) or secure fax/file transfer.
- Residence in a federal HUBZone (supports our government-contract eligibility).
Benefits
- Medical insurance, holiday pay, and accrued paid time off
- 401(k) with 4% employer match (5% employee contribution, after 12 months)
- Fully remote, work-from-home
- Training and certification support to grow your security career (Security+, CISSP, and more)
- A small, close-knit team where you'll talk directly to the people doing the work
Etica, Inc. is an equal opportunity employer in accordance with U.S. law.
Pay: $38.00 - $48.00 per hour
Education:
Experience:
- hands-on Linux: 3 years (Required)
- personally performing incident response and remediation: 2 years (Required)
- penetration testing or offensive security: 1 year (Required)
Work Location: Remote