Job Specifications
Summary
The Senior Security Engineer is a key contributor to the overall cybersecurity program, with a primary focus on strengthening Risk Management and Incident Response capabilities. This role supports these objectives by performing risk assessments for third parties, on-premise systems, network-connected equipment, and cloud-based environments.
Incident Response responsibilities include planning and facilitating tabletop exercises and collaborating with cross-functional teams to remediate identified gaps. On a day-to-day basis, this position works closely with stakeholders at all levels of the organization to support security initiatives and continuous improvement.
Responsibilities
Support the implementation, execution, and ongoing enhancement of the Information Security Program, including policy and documentation maintenance, risk assessments, security controls, and technical oversight.
Maintain and update information security policies, procedures, and standards.
Conduct periodic risk analyses and risk management assessments.
Develop and coordinate application security reviews; manage vulnerability and incident response activities.
Evaluate, select, and support the implementation of information security tools and technologies.
Troubleshoot and remediate security issues in complex, matrixed environments.
Work effectively in fast-paced settings with diverse personalities and work styles.
Perform well under pressure, managing tight deadlines with a strong sense of urgency.
Demonstrate strong written, verbal, and active listening communication skills.
Perform additional duties as required.
Technical Expertise & Qualifications
Experience with security and compliance frameworks such as HIPAA, HITECH, PCI, NIST, and similar standards.
Hands-on experience securing information systems and related technologies.
Background in both Technical Security Engineering and Governance, Risk, and Compliance (GRC) is strongly preferred.
Proven ability to work effectively with stakeholders at all organizational levels.
Experience in regulated industries is preferred.
Proficiency with productivity tools such as Microsoft Outlook, Excel, Word, Visio, and SharePoint (or equivalent).
Strong understanding of security concepts, including cyber threats, attack techniques, threat vectors, risk management, and incident response.
Experience supporting privacy and security due diligence for third-party relationships or mergers and acquisitions is a plus.
Knowledge of multiple operating systems (e.g., Windows, Linux, Unix).
Familiarity with application, database, and middleware security concepts.
Skilled in preparing reports, dashboards, and formal documentation.
Excellent communication, leadership, analytical, and problem-solving skills.
Ability to manage high-pressure situations involving key stakeholders.
Strong organizational skills with the ability to work independently and collaboratively.
Adaptable and effective in dynamic work environments.
Education and Experience
Bachelor’s degree in a related field required.
One or more security certifications required (e.g., CEH, CISSP, GCIH, GSEC, or equivalent).
2–3 years of leadership or supervisory experience preferred.
About the Company
Delivering technology solutions that scale with your vision for healthcare — and your organization. We believe technology is only as impactful as the people and partnerships behind it. For over 20 years, we’ve focused exclusively on healthcare, gaining a deep understanding of the challenges you’re facing, the latest best practices, and evolving industry demands. With our proven track record with organizations like yours, you can trust us to help you turn complexity into clarity by aligning your clinical and operational goals...
Know more