Staff Cybersecurity Analyst

Position Summary
The Staff Cybersecurity Analyst delivers enterprise-critical protection of digital assets, directly impacting business continuity, regulatory compliance, and customer trust across Empower’s 503A/503B operations. This role owns advanced threat detection, incident response, and security engineering outcomes, operating end-to-end across cloud, infrastructure, and applications. Leveraging AI as a force multiplier, it accelerates detection speed, scales defensive coverage, enhances decision-making, and improves control quality. The analyst partners cross-functionally to embed security into systems and processes within a hyper-growth, highly regulated environment. Expectations align to P80–P90 talent: strategic thinking, rigorous execution, continuous learning, and measurable impact at scale. The role anticipates emerging threats, drives automation, and strengthens resilience through intelligence-led programs, ensuring audit-ready controls, rapid response, and sustained risk reduction across the enterprise portfolio while elevating team capability, governance maturity, and stakeholder confidence consistently.
Duties and Responsibilities
Threat Defense

• Threat Detection: Lead real-time monitoring and analysis across SIEM, XDR, and AI-driven security platforms to identify, triage, and mitigate advanced threats, improving detection accuracy, reducing dwell time, and scaling enterprise visibility across cloud and hybrid environments while continuously refining detection logic using machine learning insights and threat intelligence to stay ahead of evolving adversarial tactics and techniques.
• Incident Response: Execute and coordinate complex incident response activities using AI-enabled correlation and automation tools to accelerate containment, investigation, and recovery, ensuring minimal business disruption, preserving forensic integrity, and maintaining compliance with regulatory requirements while continuously improving response playbooks and operational readiness through lessons learned and post-incident analysis.
• Threat Hunting: Conduct proactive, intelligence-led threat hunting leveraging behavioral analytics, MITRE ATT&CK frameworks, and AI-driven anomaly detection to uncover hidden threats, validate security controls, and enhance organizational resilience by identifying patterns, closing detection gaps, and continuously strengthening the enterprise’s defensive posture against emerging risks.

Security Engineering

• Security Architecture: Design, implement, and optimize security controls across cloud platforms including AWS, Azure, and GCP, leveraging AI-driven insights to enforce Zero Trust principles, enhance identity-based protections, and ensure scalable, resilient defenses aligned with enterprise architecture and evolving threat landscapes.
• Automation Engineering: Develop and maintain SOAR-driven automation workflows and AI-enabled orchestration to streamline detection and response processes, increasing operational efficiency, improving consistency, and reducing manual workload while enabling faster, data-driven decision-making across the cybersecurity function.
• Vulnerability Management: Execute risk-based vulnerability management programs using AI-powered prioritization and predictive analytics to identify, assess, and remediate security weaknesses, accelerating remediation timelines, reducing enterprise risk exposure, and ensuring continuous improvement of security posture across systems and applications.

Risk And Compliance

• Regulatory Alignment: Support and maintain alignment with regulatory frameworks such as HIPAA, GDPR, NIST, and ISO by implementing AI-assisted monitoring and validation processes that ensure controls remain effective, audit-ready, and aligned with evolving compliance requirements in a highly regulated environment.
• Risk Assessment: Perform detailed risk assessments leveraging data analytics and AI modeling to evaluate threats, vulnerabilities, and business impact, enabling informed prioritization of mitigation strategies and supporting leadership with actionable insights that strengthen enterprise risk management and decision-making processes.
• Control Validation: Continuously test and validate security controls using automated tools, simulation techniques, and AI-driven analysis to ensure effectiveness, identify gaps, and drive remediation efforts, reinforcing a proactive, resilient cybersecurity posture that supports operational integrity and regulatory compliance.

Knowledge and Skills

• Advanced expertise in SIEM, SOAR, XDR, and AI/ML-driven cybersecurity platforms, with the ability to operationalize automation for enhanced detection, response, and scalability.
• Strong knowledge of cloud security architecture across AWS, Azure, and GCP, including identity management, Zero Trust, and container security frameworks.
• Proficiency in scripting and automation using Python, PowerShell, or similar languages to drive efficiency, analytics, and security orchestration.
• Deep understanding of regulatory frameworks and risk management methodologies, with the ability to align technical controls to compliance and business objectives.

Key Competencies

• Customer Focus: Builds trust through customer-centric solutions
• Strategic AI: Guides responsible AI adoption and adaptation
• Optimizes Work Processes: Drives efficiency with continuous improvement
• Collaborates: Partners effectively to achieve shared goals
• Resourcefulness: Secures and deploys resources efficiently
• Manages Complexity: Simplifies and solves complex challenges
• Ensures Accountability: Delivers on commitments with integrity
• Situational Adaptability: Adjusts approach to shifting conditions
• Communicates Effectively: Tailors messages to diverse audiences

Values

• People: Empowering people defines who we are
• Quality: Excellence in every product, every time
• Service: Serving others is our highest purpose
• Innovation: Advancing care through technology and discovery

Experience And Qualifications

• 8+ years of experience in cybersecurity, including security operations, incident response, and threat detection in cloud and hybrid environments.
• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field (Master’s preferred).
• Experience with DevSecOps practices, CI/CD security integration, and application security tools (SAST, DAST, SCA).
• Familiarity with threat intelligence platforms and adversary tactics, techniques, and procedures (TTPs).
• Knowledge of AI-related security risks, including prompt injection, model poisoning, and data privacy concerns.
• Preferred: CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), GIAC certifications (e.g., GCIA, GCIH), CCSP (Certified Cloud Security Professional) or cloud provider security certifications, CEH or equivalent offensive security certification.

Benefits
Employee Benefits, Health and Wellness:
We offer comprehensive benefits to support your health, well-being, and future, including medical, dental, and vision coverage, paid time off, 401(k) matching, wellness perks, IV therapy, and compounded medications.
Learn more: https://careers.empowerpharmacy.com/benefits/
Physical Requirements
While performing the responsibilities of the job, the employee is required to talk and hear. The employee is often required to remain in a stationary position for a significant amount of the workday and frequently use their hands and fingers to handle or feel in order to access, input, and retrieve information from the computer and other office productivity devices. Employees are regularly required to move about the office and around the corporate campus. The employee is regularly required to stand, walk, reach with arms and hands, climb or balance, and to stoop, kneel, crouch or crawl.