Senior Cybersecurity Engineer

Summary

Join Evergreen Nephrology as a Senior Cybersecurity Engineer and become the primary custodian of our critical assets and information systems. Partner with the Sr. Director of Information Systems to support and enhance our Information Security program. You will oversee the protection and monitoring of our cloud-based systems, network devices, and endpoints, addressing security incidents and vulnerabilities. Develop and implement security strategies, ensuring the confidentiality, integrity, and availability of our cloud infrastructure. Excel in a dynamic environment, taking full responsibility for your role while mentoring junior team members. This role requires strong technical skills, experience in healthcare security regulations, and excellent communication abilities.

Requirements

• Demonstrated ability to lead and mentor security team members, fostering continuous improvement and collaboration
• Highly entrepreneurial spirit with a "make it happen" attitude
• High degree of emotional intelligence, competence, maturity, adaptability, resilience, integrity, and initiative
• Exceptional interpersonal skills and the ability to collaborate effectively with executives, managers, and team members across various departments, fostering a positive and productive work environment
• Ability to communicate a security strategy to both technical and non-technical audiences
• Bachelor's Degree in Computer Science, Information Security, or a related field
• A minimum of 7 years of experience in cybersecurity
• Proven understanding of healthcare privacy and security practices, with knowledge of regulations such as HIPAA, HITECH, HITRUST, NIST, and PCI DSS (ideal)
• Certification in one or more of the following: CompTIA Sec+, CYSA, CEH, CISSP, CISM, CISA, CCSP, Azure Fundamentals, GCIH, GCFA
• Strong technical foundation in security technologies and tools, such as DLP, SIEM, Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) solutions, Azure Cloud Security, Intune, Defender, Entra, Conditional Access Policies, and Endpoint Controls, with the ability to design, implement, and manage robust security solutions
• Demonstrated proficiency in leveraging the security capabilities of Microsoft Azure and Office 365 to protect sensitive data, ensure compliance, and mitigate risks
• Knowledge of cybersecurity frameworks such as NIST, HITRUST, CIS, HIPAA, PCI
• Experience creating scripts and automating processes
• Strong incident response skills, including computer intrusion investigations and digital forensics in enterprise environments
• Excellent organization, planning, time management, project coordination, and project management skills
• Strong analytical and problem-solving skills
• Intermediate skills with MS Office Suite of products including Outlook and Teams
• You have the ability to work effectively in a primarily remote environment: At minimum, a download speed of 25 Mbps and an upload speed of 10 Mbps is required; wired to the house internet (Cable, Fiber, or DSL) and hardwired to the internet device is recommended
• Team Members must work from a dedicated space lacking ongoing interruptions to protect member PHI / HIPAA information

Responsibilities

• Work within our security team to develop, engineer, and maintain comprehensive security solutions for Evergreen’s Azure and Office 365 environments. This includes protecting sensitive data, PII, and PHI in strict compliance with HIPAA and HITRUST regulations
• Lead the strategy and ongoing enhancement of the configuration and management of Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) solutions
• Develop and harmonize sustainable security strategies that significantly strengthen Evergreen’s overall security posture and ensure compliance with all relevant regulatory and industry requirements leveraging in-depth expertise in the features and functionalities of Microsoft 365 security solutions, including but not limited to Entra, Defender XDR, Defender for Cloud Apps, Purview, Defender for Endpoints, and Information Protection and Governance
• Implement and manage a comprehensive suite of technical security controls and tools, including but not limited to Azure monitoring and alerts, endpoint protection, firewalls, routers, switches, Azure AD, group policies, and conditional access policies. Ensure that proper monitoring, logging, and automated notification mechanisms are in place for all critical systems, applications, network devices, and processes
• Continuously monitor Evergreen's cloud environments, with support of the SOC, for security threats and vulnerabilities. Promptly respond to and remediate any incidents, minimizing potential impact and ensuring the ongoing security and integrity of Evergreen’s information systems and assets
• Collaborate with the Security Team and Sr. Information Security Director to develop incident response playbooks. Ensure that these playbooks provide clear guidance for properly investigating, documenting, and resolving security incidents
• Take a proactive role in all phases of security incident response activities, including triage, containment, eradication, and recovery, when necessary
• Collaborate closely with the Sr. Director of Information Security and key business units to develop and maintain a comprehensive Data Loss Prevention (DLP) strategy. This strategy must provide robust protection against unauthorized access or exfiltration of PII, ePHI, and other sensitive business information without hindering Evergreen’s ability to conduct day-to-day operations
• Develop and implement standardized, secure configurations for all endpoints, network devices, and applications. Ensure that unnecessary ports, services, and features are properly disabled or removed before deployment to production environments
• Ensure that all security tools, including but not limited to Zscaler, Sentinel One, SIEM, O365, Abnormal, and Absolute, are properly configured and aligned with the policies and standards outlined in Evergreen's Information Security Policy
• Perform periodic vulnerability scans to ensure all endpoints, firewalls, and network devices are running the latest security patches. Prioritize the remediation of high and critical vulnerabilities within acceptable remediation timelines. Confirm that default-deny rules are in place, allowing traffic only for the necessary services and ports that have been explicitly approved. Ensure that all configuration changes are properly documented, reviewed, and approved through Evergreen's formal change control process
• Work closely with the Sr. Director of Information Security to pinpoint security loopholes, vulnerabilities, inefficiencies, and areas for enhancement. Integrate advanced security tools, AI, and automation strategies to enhance Evergreen's ability to effectively detect, respond, and recover from security incidents
• Collaborate with the Sr. Director of Information Security to make strategic decisions regarding the procurement, consolidation, and implementation of new security tools and technologies. Conduct thorough proof-of-concept evaluations to ensure selected solutions effectively address Evergreen's security requirements and integrate seamlessly with existing infrastructure
• Develop, maintain, and regularly update all relevant documentation, including security policies, procedures, standards, and diagrams. Ensure that all documentation is stored in a secure, centralized repository, with proper version control and easy accessibility for authorized team members
• Proactively stay informed about the latest security threats, vulnerabilities, and industry trends. Leverage this knowledge to identify, recommend, and implement improvements to Evergreen's security strategy and operations

Preferred Qualifications

• You reviewed the Who You Are section of this job posting and immediately felt the need to read on. That makes you a match for our innovative culture
• You accept that things change quickly in a start up environment and are willing to pivot rapidly on priorities
• You can navigate ambiguity in an environment where full scope of information might not be available or might be delayed in coming
• You align with Evergreen’s purpose, principles, and practices, encapsulated in our Culture Code

Benefits

• Competitive base pay with bonuses
• Paid time off starting at four weeks for full-time employees
• 12 paid holidays per year
• Reimbursement for continuing medical education
• 401k with match
• Health, dental, and vision insurance
• Paid parental leave
• Flexible work arrangements
• Robust training and development program
• Evergreen will provide Remote or Hybrid Home/Office employees with telephony applications and equipment to meet the business requirements for their position/job