Senior Engineer II, Security

Summary

Join Thirty Madison as our Senior Security Engineer - Incident Response and collaborate with a team of experienced security engineers and technologists. You will build digital health security, protect patients, and embody Thirty Madison's mission of providing healthcare access. Daily tasks involve building a detection engineering program, responding to security incidents, developing innovative detection methods, designing infrastructure security, partnering with various teams to improve cloud security posture, creating solutions for vulnerabilities, researching threats, devising defense-in-depth strategies, mentoring colleagues, and performing other assigned duties. The role requires expertise in incident response, detection engineering, SIEM/EDR/CSPM tools, threat landscape understanding, risk assessment, cloud security (AWS), problem-solving, and collaboration. Coding and Infrastructure as Code (Terraform) experience are also needed. Compensation includes a competitive salary, an annual incentive plan, stock options, robust benefits (medical, dental, vision, 401k), stipends, and a flexible time off policy.

Requirements

• Expertise responding to complex incidents across endpoint, network, and cloud
• Capable of understanding an unfamiliar system enough to successfully respond to an incident involving the system
• Expertise in detection engineering
• Experience with SIEM, EDR, and CSPM tools
• Deep understanding of the threat landscape
• Experience with assessing risks
• Experience in cloud security, especially for AWS, anything to do with IAM, secure configuration of services, AWS native security services like AWS Cloudtrail, SCP’s, AWS Org, Config etc
• Ability to understand the whole solution, not just the technology
• Focus on the end to end lifecycle of solving a problem and solutioning for it and not just implementing a security technology. Have a well-rounded view for problem solving
• Deep care for the patient and your fellow employees experience as you surpass security challenges
• Hunger to drive decision making, collaboration and to have deeper opinions on security design
• You can review different design choices and can understand/discuss pros and cons for each
• Ability to code to automate tedious tasks
• Experience with Infrastructure as Code. We use terraform!
• Strong collaboration skills with the wider security team and engineering at Thirty Madison

Responsibilities

• Build and mature a detection engineering program
• Detect and respond to security incidents and participate in an incident on-call rotation
• Develop innovative ways to detect security incidents
• Design and build the security for the future of our infrastructure
• Partner with the infrastructure team, engineering team, compliance team and within security teams to maintain and further improve our cloud security posture
• Create solutions and processes to identify, resolve and mitigate security vulnerabilities and risks
• Research threats and attack vectors that impact Thirty Madison’s applications and infrastructure
• Devise and bolster defense-in-depth through secure-by-default frameworks, architectures and processes
• Mentor and share security standards and processes with all parts of the organization
• Other duties as assigned

Benefits

• Robust and affordable Medical, Dental, and Vision plan options
• 401(k) with a match, commuter benefits, and FSA
• Annual $750 vacation stipend and $500 happiness stipend
• Flexible time off policy