Remote Cyber Security Engineer, Application Security

Summary

Join us and let's revolutionize behavioral health software together while making a real difference! We're seeking an experienced and passionate Application-security focused Cyber Security Engineer to join our team of technology enthusiasts.

Requirements

• Bachelor's degree in information security, information technology, computer science, or related field preferred
• 5+ years of experience in application security or related role
• Strong understanding of healthcare regulations (HIPAA, HITECH, HITRUST) and their impact on application security
• Experience working in healthcare or other highly regulated industries is preferred
• Experience with API security, especially for integrations with other healthcare systems
• Familiarity with HL7, or other healthcare data standards is preferred
• Familiarity with the unique threat landscape of the healthcare industry, including ransomware and PHI-targeted attacks
• Demonstrated experience integrating security in CI/CD pipelines in a SaaS environment
• Understanding of secure coding practices for applications that process sensitive data
• Industry certifications such as CISSP, SSCP or Healthcare-specific security certifications (e.g., HCISPP) are ideal
• Prior experience securing cloud environments (Azure, AWS)
• Proven ability to conduct security assessments, vulnerability management, and incident response
• Strong understanding of OS platforms (Windows, Linux) and endpoint security
• Deep understanding and experience in managing and securing cloud infrastructure and cloud-based applications
• Expert in the latest security principles, techniques, and standards
• Proficiency in various security systems: intrusion detection systems, anti-virus software, identity management systems, log management, content filtering, etc

Responsibilities

• Hands-on management of all security solutions across the organization: SIEM, DLP, E/XDR, vulnerability management, security awareness
• Monitor security alerts, respond to incidents, and manage escalations
• Participate in Incident Response on-call rotation
• Conduct threat analysis, vulnerability assessments, and risk evaluations
• Manage and secure identities in Microsoft Entra ID through Conditional Access and Entitlement Management
• Develop and implement strategies for Data Loss Prevention and identify gaps in DLP coverage
• Stay informed about the latest cyber threats, attack methodologies, and vulnerabilities to ensure TherapyNotes remains resilient against evolving risks
• Conduct periodic system and network configuration reviews to ensure compliance with security standards
• Identify and document cyber risks and manage mitigation, follow up on open security risks, and report issues to leadership
• Align Zero Trust principles with organizational security goals to ensure secure access to corporate resources, both on-premises and in the cloud
• Participate in audits and assessments, supporting governance, risk management, and compliance (GRC) efforts
• Collaborate with developmental teams to ensure security is continuously integrated into the Software Development Lifecycle (SDLC) and CI/CD pipeline
• Enforce secure coding standards and best practices to minimize vulnerabilities and to protect the confidentiality, integrity, and availability of our customer's data
• Perform in-depth security assessments, code reviews, and threat modeling on applications to identify potential vulnerabilities and risks
• Ensure application security measures align with healthcare regulations and standards (e.g., HIPAA, HITRUST, and HITECH) and support regular audits
• Collaborate with developers to remediate vulnerabilities, providing actionable guidance and ensuring effective patching or mitigation measures
• Develop, deploy, and manage security tools and technologies (e.g., SAST, DAST, vulnerability management systems) to automate security testing and scanning processes
• Support application security incident response activities, identifying the root cause of security incidents and contributing to resolution strategies
• Contribute to security awareness programs for the development teams, focusing on secure coding practices and proactive security measures

Benefits

• Competitive salary - $90,000-$130,000
• Employer sponsored health, dental, vision, life, and disability insurance
• Retirement plan with company contribution
• Annual company profit sharing
• Personal development/training budget
• Open, collaborative work environment
• Extensive 2-week onboarding plan
• Comprehensive mentorship program