TherapyNotes is seeking an experienced and passionate Senior Cyber Security Engineer to join their team of technology enthusiasts.
This role blends deep technical execution with strategic influence, requiring hands-on experience across detection and response, vulnerability and risk management, and secure cloud architecture.
The ideal candidate will serve as a security thought leader, helping to engineer new solutions, guide secure development practices, and respond to evolving threats.
Responsibilities include hands-on management of enterprise-wide security tools and platforms, monitoring security alerts, responding to incidents, and managing escalations.
The role involves participating in Incident Response on-call rotation, conducting threat analysis, vulnerability assessments, and risk evaluations.
The engineer will manage and secure identities in Microsoft Entra ID, develop strategies for Data Loss Prevention, and stay informed about the latest cyber threats.
Additional tasks include conducting periodic system and network configuration reviews, collaborating with developmental teams to integrate security into the Software Development Lifecycle, and enforcing secure coding standards.
The engineer will identify and document cyber risks, manage mitigation, and report issues to leadership while aligning Zero Trust principles with organizational security goals.
Participation in audits and assessments to support governance, risk management, and compliance efforts is also required.
Requirements:
A Bachelor's degree in information security, information technology, computer science, or a related field is preferred.
Candidates should have 8+ years of experience in cybersecurity engineering or a related role.
A CISSP or equivalent enterprise security certification is preferred.
Extensive experience designing and implementing security controls in cloud environments, preferably Azure and AWS, is required.
Knowledge of security frameworks (NIST, ISO 27001, CIS) and compliance frameworks (HITRUST, PCI DSS) is necessary.
Proven ability to conduct security assessments, vulnerability management, and incident response is essential.
Proficiency with network security technologies such as firewalls, IDS/IPS, and VPNs is required.
A strong understanding of OS platforms (Windows, Linux) and endpoint security is necessary.
Candidates must have deep understanding and experience in managing and securing cloud infrastructure and cloud-based applications.
Experience with Application Security (OWASP, SAST, DAST) is required.
Expertise in the latest security principles, techniques, and standards is essential.
Proficiency in various security systems, including intrusion detection systems, anti-virus software, identity management systems, and log management, is necessary.
Benefits:
The position offers a competitive salary ranging from $110,000 to $135,000.
Employees receive employer-sponsored health, dental, vision, life, and disability insurance.
A retirement plan with company contribution is provided.
Annual company profit sharing is included as a benefit.
There is a personal development/training budget available for employees.
The work environment is open and collaborative.
An extensive 2-week onboarding plan is provided for new hires.
A comprehensive mentorship program is available to support employee growth.
