Remote Cyber Security Engineer (Application Security)

Description:

• TherapyNotes is seeking an experienced and passionate Application-security focused Cyber Security Engineer to join their team.
• The role will focus on threat intelligence development, risk/vulnerability management, and incident response.
• Responsibilities include hands-on management of all security solutions across the organization, such as SIEM, DLP, E/XDR, and vulnerability management.
• The engineer will monitor security alerts, respond to incidents, and manage escalations.
• Participation in Incident Response on-call rotation is required.
• Conducting threat analysis, vulnerability assessments, and risk evaluations is essential.
• The engineer will manage and secure identities in Microsoft Entra ID through Conditional Access and Entitlement Management.
• Developing and implementing strategies for Data Loss Prevention and identifying gaps in DLP coverage is part of the role.
• Staying informed about the latest cyber threats, attack methodologies, and vulnerabilities is crucial to ensure organizational resilience.
• Conducting periodic system and network configuration reviews to ensure compliance with security standards is expected.
• The engineer will identify and document cyber risks, manage mitigation, and report issues to leadership.
• Aligning Zero Trust principles with organizational security goals is necessary for secure access to corporate resources.
• Participation in audits and assessments to support governance, risk management, and compliance efforts is required.
• The engineer will collaborate with developmental teams to ensure security is integrated into the Software Development Lifecycle (SDLC) and CI/CD pipeline.
• Enforcing secure coding standards and best practices to minimize vulnerabilities is essential.
• Performing in-depth security assessments, code reviews, and threat modeling on applications is part of the job.
• Ensuring application security measures align with healthcare regulations and standards is required.
• Collaborating with developers to remediate vulnerabilities and providing actionable guidance is necessary.
• Developing, deploying, and managing security tools and technologies to automate security testing is expected.
• Supporting application security incident response activities and contributing to resolution strategies is part of the role.
• Contributing to security awareness programs for development teams is also required.

Requirements:

• A Bachelor's degree in information security, information technology, computer science, or a related field is preferred.
• A minimum of 5 years of experience in application security or a related role is required.
• A strong understanding of healthcare regulations (HIPAA, HITECH, HITRUST) and their impact on application security is necessary.
• Experience working in healthcare or other highly regulated industries is preferred.
• Experience with API security, especially for integrations with other healthcare systems, is required.
• Familiarity with HL7 or other healthcare data standards is preferred.
• Familiarity with the unique threat landscape of the healthcare industry, including ransomware and PHI-targeted attacks, is necessary.
• Demonstrated experience integrating security in CI/CD pipelines in a SaaS environment is required.
• An understanding of secure coding practices for applications that process sensitive data is essential.
• Industry certifications such as CISSP, SSCP, or healthcare-specific security certifications (e.g., HCISPP) are ideal.
• Prior experience securing cloud environments (Azure, AWS) is required.
• Proven ability to conduct security assessments, vulnerability management, and incident response is necessary.
• A strong understanding of OS platforms (Windows, Linux) and endpoint security is required.
• A deep understanding and experience in managing and securing cloud infrastructure and cloud-based applications is essential.
• Expertise in the latest security principles, techniques, and standards is required.
• Proficiency in various security systems, including intrusion detection systems, anti-virus software, identity management systems, and log management, is necessary.

Benefits:

• The position offers a competitive salary ranging from $90,000 to $130,000.
• Employer-sponsored health, dental, vision, life, and disability insurance is provided.
• A retirement plan with company contribution is included.
• Annual company profit sharing is part of the benefits.
• A personal development/training budget is available for employees.
• The work environment is open and collaborative.
• An extensive 2-week onboarding plan is provided for new hires.
• A comprehensive mentorship program is available to support employee growth.