Senior Cyber Security Engineer

Summary

Join TherapyNotes as a Senior Cyber Security Engineer and become a security thought leader, contributing to the development of new solutions and secure development practices. You will manage enterprise-wide security tools and platforms, respond to security incidents, conduct threat analysis and vulnerability assessments, and collaborate with various teams. This role requires hands-on experience in detection and response, vulnerability and risk management, and secure cloud architecture. You will also mentor junior engineers and ensure security is integrated into the SDLC and CI/CD pipeline. The ideal candidate possesses extensive experience in cybersecurity engineering, cloud security, and security frameworks, along with strong collaboration skills.

Requirements

• Bachelor's degree in information security, information technology, computer science, or related field preferred
• 8+ years of experience in cybersecurity engineering or related role
• Extensive experience designing and implementing security controls in cloud environments (preferably Azure and AWS)
• Knowledge of security frameworks (NIST, ISO 27001, CIS) and compliance frameworks (HITRUST, PCI DSS)
• Proven ability to conduct security assessments, vulnerability, management, and incident response
• Proficiency with network security technologies (firewalls, IDS/IPS, VPNs)
• Strong understanding of OS platforms (Windows, Linux) and endpoint security
• Deep understanding and experience in managing and securing cloud infrastructure and cloud-based applications
• Experience with Application Security (OWASP, SAST, DAST)
• Expert in the latest security principles, techniques, and standards
• Proficiency in various security systems: intrusion detection systems, anti-virus software, identity management systems, log management, content filtering, etc

Responsibilities

• Hands-on management of enterprise-wide security tools and platforms including SIEM, DLP, EDR/XDR, and vulnerability management across hybrid environments (cloud and on-prem)
• Monitor security alerts, respond to incidents, and manage escalations
• Participate in Incident Response on-call rotation
• Conduct threat analysis, vulnerability assessments, and risk evaluations
• Manage and secure identities in Microsoft Entra ID through Conditional Access and Entitlement Management
• Develop and implement strategies for Data Loss Prevention and identify gaps in DLP coverage
• Stay informed about the latest cyber threats, attack methodologies, and vulnerabilities to ensure TherapyNotes remains resilient against evolving risks
• Conduct periodic system and network configuration reviews to ensure compliance with security standards
• Collaborate with developmental teams to ensure security is continuously integrated into the Software Development Lifecycle (SDLC) and CI/CD pipeline
• Enforce secure coding standards and best practices to minimize vulnerabilities and to protect the confidentiality, integrity, and availability of our customer's data
• Identify and document cyber risks and manage mitigation, follow up on open security risks, and report issues to leadership
• Align Zero Trust principles with organizational security goals to ensure secure access to corporate resources, both on-premises and in the cloud
• Participate in audits and assessments, supporting governance, risk management, and compliance (GRC) efforts

Preferred Qualifications

• CISSP or equivalent enterprise security certification preferred
• Network or Systems Engineering background a huge plus!
• Passion for continuous learning and professional development, with a commitment to staying updated and trained on the latest trends and technologies
• Eagerness to engage in new challenges and adapt quickly
• Strong work ethic and drive to take ownership of projects and see them through to completion
• Strong collaboration skills, able to work effectively with cross functional teams

Benefits

• Competitive salary - $110,000-$135,000
• Employer sponsored health, dental, vision, life, and disability insurance
• Retirement plan with company contribution
• Annual company profit sharing
• Personal development/training budget
• Open, collaborative work environment
• Extensive 2-week onboarding plan
• Comprehensive mentorship program