Senior Security Engineer

Summary

Join Manifold, a health research infrastructure company, as a Security Engineer specializing in Vulnerability Management. You will identify, assess, and mitigate security risks across our systems and networks. This role involves proactive security programs, threat modeling, and strategic security planning. Key responsibilities include managing the vulnerability lifecycle, driving automation initiatives, and ensuring alignment with industry standards. You will collaborate with engineering and IT teams to enhance our security posture. The position offers fully supported remote work (North American time zones) and a comprehensive benefits package.

Requirements

• Strong understanding of security principles, network architecture, and operating systems
• Experience with various vulnerability scanning tools and techniques
• Experience patching cloud infrastructure and code dependencies
• Familiarity with security standards and frameworks like NIST 800-53, FedRAMP, ISO27001, HIPAA
• Ability to perform root cause analysis and develop effective remediation plans
• Strong analytical and problem-solving skills
• Good communication and collaboration skills

Responsibilities

• Identifying and Discovering Vulnerabilities: Use various techniques like vulnerability scanning, penetration testing, and bug bounties to uncover weaknesses in systems, applications, and networks
• Analyzing and Assessing Vulnerabilities: Analyze the potential impact of vulnerabilities, consider the likelihood of exploitation, and assess the overall risk
• Prioritizing Risks: Prioritize vulnerabilities for remediation, focusing on those that pose the greatest threat to the organization's assets and data
• Remediating and Mitigating Vulnerabilities: Work with engineering, IT, and other teams to implement patches, fix vulnerabilities, and implement mitigation strategies
• Validating and Monitoring: Validate that vulnerabilities have been successfully addressed and continue to monitor the system for new or re-emerging vulnerabilities
• Driving Automation and DevSecOps: Automate vulnerability scanning, assessment, and reporting processes to improve efficiency and scalability, and to integrate security practices into the software development lifecycle
• Managing Sensitive Data: Maintain security controls and compliance requirements for handling sensitive customer data, including clinical records, HIPAA-protected health information, and Federal data sets
• Collaborating with Other Teams: Collaborate with Engineering and Corporate IT to enhance overall security posture
• Continuous Learning: Stay updated on the latest security threats, vulnerabilities, and best practices to effectively manage and mitigate risks

Benefits

• Fully supported remote work (North American time zones)
• Comprehensive healthcare, dental, and vision plans
• Life insurance and disability coverage
• 401(k) with company match
• Company equity
• 12 weeks of paid parental leave
• Commuter benefits (for those who elect to work from our Newton, MA office)