Senior Information Security Engineer

### Who you are
- Bachelor’s degree in Computer Science, Information Security, or equivalent experience
- 5+ years of experience in security engineering or related technical security roles
- Strong knowledge of cloud-native security (AWS, Azure) and modern SaaS architectures
- Hands-on experience with SIEM, EDR/XDR, IAM, vulnerability management, and security automation
- Familiarity with HIPAA, HITRUST, and SOC 2 requirements
- Experience securing containerized and serverless workloads (e.g., EKS, Lambda).
- Certifications such as CISSP, CISM, CCSP, AWS Security Specialty, or GIAC (GSEC, GCIA, GCIH)
- Experience with Terraform, Ansible, or CloudFormation for infrastructure-as-code security
- Experience in DevSecOps pipelines and tools (e.g., Jenkins, Bitbucket)
- Strong scripting skills (Python, PowerShell, or Bash).

Key Competencies
- Analytical and detail-oriented with strong problem-solving skills
- Ability to balance business needs with risk mitigation
- Excellent communication skills, able to translate complex technical topics for non-technical stakeholders
- Collaborative team player with a proactive approach to continuous improvement

### What the job involves
- The Senior Information Security Engineer plays a key role in safeguarding the company’s cloud-based healthcare SaaS platforms, infrastructure, and customer data
- This position is responsible for designing, implementing, and managing enterprise-grade security solutions that align with regulatory frameworks such as HIPAA, HITRUST, SOC 2, and NIST 800-53
- The ideal candidate is a hands-on technologist with deep knowledge of cloud security (AWS/Azure), DevSecOps practices, endpoint protection, identity management, and security automation
- Design and maintain secure architectures across AWS, Azure, and GCP environments
- Implement guardrails and controls using services such as AWS Security Hub, GuardDuty, Config, and IAM
- Conduct regular vulnerability scans, configuration reviews, and remediation tracking for infrastructure and workloads
- Develop and enforce network segmentation, encryption, and key management policies.
- Collaborate with DevOps and Engineering to integrate security into CI/CD pipelines (Snyk, StackHawk, etc.)
- Perform threat modeling, code reviews, and secure design reviews for microservices and APIs
- Support penetration testing and application security validation efforts
- Help ensure PHI/PII is protected across all SaaS platforms.
- Manage and enhance EDR/XDR solutions (e.g., Cortex, Defender for Endpoint)
- Implement and monitor identity security controls through Microsoft Entra ID (Azure AD), Conditional Access, and PIM
- Support Intune and MDM compliance policies for Windows, macOS, and mobile devices.
- Monitor alerts, investigate incidents, and coordinate responses with the SOC
- Develop and improve incident response runbooks, playbooks, and forensic analysis procedures
- Support SIEM integrations and continuous improvement of detection use cases.
- Support audits and evidence collection for HIPAA, HITRUST, SOC 2, and customer security assessments
- Maintain asset inventories, risk registers, and remediation tracking
- Collaborate with Compliance to ensure alignment between security controls and policies
- Contribute to security awareness and training initiatives

### Benefits
- Medical, Dental and Vision benefits
- 401k
- PTO Plan
- Fully stocked breakroom with drinks and snacks
- Dog friendly office
- Social gatherings