This position will work as a key member of the Therigy Technology department, reporting to the Director of Development Operations. The ideal candidate will have existing security certifications or be highly interested in obtaining the CISSP certification (which will be paid-for by Therigy).
We are seeking a security focused senior Security Operations engineer who is not afraid to get their hands dirty with the maintenance, implementation, design, or configuration of security tools (built in house and off the shelf). You will perform a broad range of security focused work including but not limited to threat monitoring, alerting, vulnerability scanning, penetration testing, source code scanning, content filtering, and log analysis. You will be an important member of the DevOps team which is responsible for all technology operations on premise as well as in the AWS cloud.
Essential Skills and Experience
- Drive and build our penetration testing program and toolkit.
- Drive and build our vulnerability scanning program and toolkit
- Vendor management of security related software and services
- Monitor security events and setup reactive and proactive security related notifications
- Build and maintain documentation surrounding our security capabilities
- Research new threats, attack vectors, and risks independently and in coordination with our DevOps and product development teams, and plan inclusion of those into our tooling and development strategy.
- Collaborate with our security officer in shaping the corporate culture surrounding security and delivery of employee security related training, workshops, and presentations.
- Key member of the incidence response team (IRT)
- Working with systems administrators for endpoint protection across the organization
- Ensuring the physical security of ePHI and PHI throughout the organization
- Ensuring facility security through periodic facility audits
- Assisting security officer for performing of 3rd party audits and internal audits relating to annual HIPAA assessments
- Strong interpersonal and communication skills as this job will involve interacting with multiple teams.
- Minimum 5+ years of security experience, with a focus on infrastructure and application level penetration testing and vulnerability scanning.
- Bachelor’s degree in IT or equivalent work or educational experience required
- 4+ years knowledge of security operations - OWASP Top 10 vulnerabilities and corresponding best practices for mitigation of:
- Cross-site scripting, cross site request forgery, SQL injection, DoS attacks, XML/SOAP, API attacks
- Secure configuration for network and OS infrastructure,
- Performing Security Design/Code Reviews
- Building security tool chains that integrate with our deployment tools.
- Familiarity with cloud web development
- 2-3 years of experience with cloud security
- Security certifications: CISSP highly desired
- Therigy willing to fund training and certification
Why you should apply:
- You love working with data in a highly collaborative environment
- You wake up each day excited to solve problems
- You want to make the world a better place for our customers and their patients
- 100% fully paid health and dental insurance for the employee
- Optional dependent coverage available
- Optional vision coverage available
- Company-paid Life Insurance Policy
- Company-paid short term and long-term Disability coverage
- Simple IRA Retirement Savings Plan with match
- Company-contributed HRA and HSA plans
- Up to 22 days Paid Time Off (PTO)
- 7 company-recognized paid holidays
- Flexibility to work from home
- Flexible work schedule, 9-5 EST, 10-6 EST
- Competitive market-based salary, commensurate with experience and education
Position Reports to: Director of Development
ADA: The position requires being seated in front of a computer and utilizing a keyboard in excess of eight hours per day. May require lifting in excess of ten (10) pounds.
Therigy is an Equal Opportunity Employer
DWFP / Background Checks Required