Remote Cyber Security Engineer

Description:

• TherapyNotes is seeking an experienced and passionate Cyber Security Engineer to join their team of technology enthusiasts.
• The right candidate will possess both deep and wide expertise in the security space and will focus on threat intelligence development, risk/vulnerability management, and incident response.
• Responsibilities include hands-on management of all security solutions across the organization, such as SIEM, DLP, E/XDR, vulnerability management, and security awareness.
• The role involves monitoring security alerts, responding to incidents, and managing escalations.
• Participation in Incident Response on-call rotation is required.
• The engineer will conduct threat analysis, vulnerability assessments, and risk evaluations.
• Management and security of identities in Microsoft Entra ID through Conditional Access and Entitlement Management is essential.
• The candidate will develop and implement strategies for Data Loss Prevention and identify gaps in DLP coverage.
• Staying informed about the latest cyber threats, attack methodologies, and vulnerabilities is crucial to ensure TherapyNotes remains resilient against evolving risks.
• Conducting periodic system and network configuration reviews to ensure compliance with security standards is part of the job.
• Collaboration with developmental teams to ensure security is continuously integrated into the Software Development Lifecycle (SDLC) and CI/CD pipeline is expected.
• The engineer will enforce secure coding standards and best practices to minimize vulnerabilities and protect customer data.
• Identifying and documenting cyber risks, managing mitigation, and reporting issues to leadership is required.
• Aligning Zero Trust principles with organizational security goals to ensure secure access to corporate resources, both on-premises and in the cloud, is necessary.
• Participation in audits and assessments to support governance, risk management, and compliance (GRC) efforts is also part of the role.

Requirements:

• A Bachelor's degree in information security, information technology, computer science, or a related field is preferred.
• The candidate must have 5+ years of experience in cybersecurity engineering or a related role.
• Industry certifications such as CISSP, SSCP, or Security+ are highly preferred.
• Prior experience securing cloud environments (Azure, AWS) is required.
• Knowledge of security frameworks (NIST, ISO 27001, CIS) and compliance frameworks (HITRUST, PCI DSS) is necessary.
• The candidate must have a proven ability to conduct security assessments, vulnerability management, and incident response.
• Proficiency with network security technologies (firewalls, IDS/IPS, VPNs) is essential.
• A strong understanding of OS platforms (Windows, Linux) and endpoint security is required.
• The candidate should have a deep understanding and experience in managing and securing cloud infrastructure and cloud-based applications.
• Experience with Application Security (OWASP, SAST, DAST) is necessary.
• The candidate must be an expert in the latest security principles, techniques, and standards.
• Proficiency in various security systems, including intrusion detection systems, anti-virus software, identity management systems, log management, and content filtering, is required.

Benefits:

• The position offers a competitive salary ranging from $90,000 to $140,000.
• Employees receive employer-sponsored health, dental, vision, life, and disability insurance.
• A retirement plan with company contribution is provided.
• Annual company profit sharing is included as a benefit.
• There is a personal development/training budget available for employees.
• The work environment is open and collaborative.
• An extensive 2-week onboarding plan is provided for new hires.
• A comprehensive mentorship program is available to support employee growth.