Remote Senior Cyber Security Engineer

Description:

• TherapyNotes is seeking an experienced and passionate Senior Cyber Security Engineer to join their team of technology enthusiasts.
• This role blends deep technical execution with strategic influence, requiring hands-on experience across detection and response, vulnerability and risk management, and secure cloud architecture.
• The ideal candidate will serve as a security thought leader, helping to engineer new solutions, guide secure development practices, and respond to evolving threats.
• Responsibilities include mentoring junior engineers and collaborating across IT, DevOps, and product teams.
• The position involves hands-on management of enterprise-wide security tools and platforms including SIEM, DLP, EDR/XDR, and vulnerability management across hybrid environments (cloud and on-prem).
• The engineer will monitor security alerts, respond to incidents, and manage escalations, as well as participate in Incident Response on-call rotation.
• Conducting threat analysis, vulnerability assessments, and risk evaluations is also a key responsibility.
• The role includes managing and securing identities in Microsoft Entra ID through Conditional Access and Entitlement Management.
• The engineer will develop and implement strategies for Data Loss Prevention and identify gaps in DLP coverage.
• Staying informed about the latest cyber threats, attack methodologies, and vulnerabilities is essential to ensure TherapyNotes remains resilient against evolving risks.
• Conducting periodic system and network configuration reviews to ensure compliance with security standards is required.
• Collaboration with developmental teams to ensure security is continuously integrated into the Software Development Lifecycle (SDLC) and CI/CD pipeline is necessary.
• The engineer will enforce secure coding standards and best practices to minimize vulnerabilities and protect customer data.
• Identifying and documenting cyber risks, managing mitigation, and reporting issues to leadership is part of the role.
• Aligning Zero Trust principles with organizational security goals to ensure secure access to corporate resources is expected.
• Participation in audits and assessments to support governance, risk management, and compliance (GRC) efforts is also required.

Requirements:

• A Bachelor's degree in information security, information technology, computer science, or a related field is preferred.
• Candidates should have 8+ years of experience in cybersecurity engineering or a related role.
• A CISSP or equivalent enterprise security certification is preferred.
• Extensive experience designing and implementing security controls in cloud environments, preferably Azure and AWS, is required.
• Knowledge of security frameworks (NIST, ISO 27001, CIS) and compliance frameworks (HITRUST, PCI DSS) is necessary.
• Proven ability to conduct security assessments, vulnerability management, and incident response is essential.
• Proficiency with network security technologies such as firewalls, IDS/IPS, and VPNs is required.
• A strong understanding of OS platforms (Windows, Linux) and endpoint security is necessary.
• Deep understanding and experience in managing and securing cloud infrastructure and cloud-based applications is required.
• Experience with Application Security (OWASP, SAST, DAST) is necessary.
• Candidates should be experts in the latest security principles, techniques, and standards.
• Proficiency in various security systems, including intrusion detection systems, anti-virus software, identity management systems, log management, and content filtering, is required.

Benefits:

• The position offers a competitive salary ranging from $110,000 to $135,000.
• Employees receive employer-sponsored health, dental, vision, life, and disability insurance.
• A retirement plan with company contribution is provided.
• Annual company profit sharing is included as a benefit.
• There is a personal development/training budget available for employees.
• The work environment is open and collaborative.
• An extensive 2-week onboarding plan is provided for new hires.
• A comprehensive mentorship program is available to support employee growth.