Security Engineer

Summary

Join SimplePractice's growing security team as a Security Engineer and play a pivotal role in safeguarding our AWS-hosted healthcare SaaS platform. You will collaborate with cross-functional teams to enhance security posture, conduct security assessments, and respond to incidents. Responsibilities include implementing IaC security measures, integrating security best practices into the SDLC, and ensuring compliance with regulations like HIPAA and HITRUST. You will also monitor security alerts, conduct root cause analyses, and generate regular security reports. The ideal candidate possesses strong cybersecurity experience, proficiency in scripting and programming, and a deep understanding of AWS services. This role requires collaboration with various teams and a commitment to delivering secure and reliable healthcare solutions.

Requirements

• Bachelor’s degree in Computer Science, Information Security, or a related field
• Minimum of 5 years of experience in cybersecurity roles, with a focus on application security, infrastructure security, or cloud security within cloud-based environments
• Proficiency in scripting and programming languages such as Python, Go, or JavaScript
• Experience with security tools and frameworks, including but not limited to Burp Suite, OWASP ZAP, Metasploit, and Nmap
• Strong understanding of AWS services and security features, as well as Infrastructure as Code (IaC) tools like Terraform or CloudFormation
• Familiarity with CI/CD processes and integrating security testing into development pipelines
• Excellent analytical and problem-solving abilities
• Strong communication skills, capable of articulating complex security concepts to technical and non-technical stakeholders
• Proven ability to work collaboratively in cross-functional teams and adapt to a fast-paced, agile environment

Responsibilities

• Collaborate with the cloud security engineer and infrastructure team to assess and enhance the security posture of our AWS environment, focusing on IAM policies, network configurations, and service deployments
• Contribute to the implementation and management of Infrastructure as Code (IaC) security measures to ensure consistent and secure infrastructure provisioning
• Assist in monitoring and responding to security events, collaborating with DevOps and IT teams to address potential threats promptly
• Conduct comprehensive security assessments, including static and dynamic code analyses, to identify and remediate vulnerabilities in our applications
• Collaborate with development teams to integrate security best practices throughout the software development lifecycle (SDLC), emphasizing secure coding standards and threat modeling
• Develop and maintain security tools and automation scripts to enhance our CI/CD pipelines, ensuring continuous security validation
• Monitor security alerts and respond to incidents, conducting root cause analyses and implementing corrective actions
• Participate in the development and refinement of incident response plans and playbooks
• Stay informed about emerging threats and vulnerabilities, recommending proactive measures to mitigate risks
• Ensure adherence to healthcare industry regulations and standards, such as HIPAA, HITRUST, and PCI, by implementing appropriate security controls and conducting regular audits
• Security Monitoring & Reporting Generate regular reports on security metrics, incidents, and compliance status for management review
• Stay informed about emerging threats and vulnerabilities, recommending proactive measures to mitigate risks
• Assess and monitor third-party vendors to ensure they meet security and compliance requirements
• Work closely with procurement and legal teams to incorporate security considerations into vendor contracts
• Maintain an up-to-date inventory of third-party vendors and their associated risk profiles
• Utilize security ratings services to continuously evaluate the security posture of third-party vendors
• Participate in risk assessments and contribute to the development of policies and procedures to manage and mitigate security risks

Preferred Qualifications

Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or AWS Certified Security – Specialty are highly desirable

Benefits

• Medical, dental, vision, life & disability insurance
• 401(k) plan with company match
• Flexible Time Off (FTO), wellbeing days, paid holidays, and summer Fridays
• Mental health resources
• Paid parental leave & Backup Care
• Tuition reimbursement
• Employee Resource Groups (ERGs)