Senior Engineer, IT Security

Corporate • Regular - Remote - Full Time, Remote

Apree Health Logo

apree health brings together a best-in-class engagement platform with an advanced primary care model to provide a vastly better health and care experience, improve outcomes, and significantly lower the total cost of care for a population.

Senior Engineer, IT Security 
 
About You 
You are an engineer first. You care about our mission of improving healthcare. You are comfortable in a high paced environment where change, innovation, and iteration are constant.
 
You dislike security theater and are a pragmatist interested in achieving more secure systems and information flows.
 
You understand and have worked in highly regulated environments like HITRUST or PCI-DSS and are familiar with the expectations around security practices of large enterprise customers.
 
You automate. You code. You meet these compliance requirements through systems thinking and paved paths instead of long lists of checkmarks.
 
You’ve worked in GCP. You know how to read cloud audit trails and understand what’s normal activity and what smells suspicious. You take these trails and build automated discovery and response flows regularly.
 
You occasionally dream in terraform.
 
You value a team where your thoughts are heard, your ideas are experimented on, things that aren’t working are called out, and new ways are suggested. 
 
You don’t mind getting together a few times a year for a Bsides oriented team offsite, going for a team hike, participating in hands on keyboard tool training.
You want to make a difference. You believe you can.  
 
About Us 
We’re apree health, a Mosaic Health company.
 
We’re transforming US healthcare. Excellent care made easy.
 
We work with health plans and enterprise companies on everything from healthcare navigation, healthcare engagement, private health care clinics, to centralized wrap services.
 
Our bread and butter is advanced primary care which to your grandparents means a doctor who will sit with you for a while, empathize and listen, and a team behind them of health coaches, behavioral health specialists, nutritionists, etc. Whatever is needed to help them be more likely to achieve better health. 
 
We couple this with a deep digital experience: the MyVera web and mobile applications, the VeraConnect engagement and care delivery platform.
 
We’re a unique blend of clinical meets engineering.              
 
As a security team, we’ve been growing in size and maturity over the last several years. We care about each other. We have a sense of ownership of the tools and processes we build. We strive to be present teammates who run alongside our engineering and care delivery teams. We try to make it easy to do the right things and hard to do the wrong ones. We take feedback and try to be better.
 
If this sounds like a place you’d like to do some good at and grow, we’d love to talk with you and see some of the things you’ve built to put a few bricks on that paved path. 
 
About the Role:

  • You’ll help define and ensure a mature security posture
  • You’ll build out and refine security automations related to vulnerability scanning, configuration management, IT integrations and automated incident response
  • You’ll utilize an established set of security tools as well as research and implement new tools to materially affect security maturity.
  • You’ll partner across the organization and regularly communicate security posture, trends, with clear opportunities for teaching and mentorship.
 You’ll be successful with the following qualifications: Education:
  • Bachelor’s Degree: Preferred
 Licenses/Certifications:
Any of the following certifications will help you stand out. 
  • GIAC Security Operations Certified (GSOC)
  • Google Cloud Certified Cloud Security Engineer
  • Certified Kubernetes Security Specialist
  • GAIC Public Cloud Security (GPCS)
 Demonstrated Experience:
  • Experience configuring SIEM ingestion and tuning alerting rules.
  • Understanding of the GCP service catalog and architecture
  • Experience handling security incidents in an GCP environment
  • Experience developing and maintaining serverless cloud resources
  • Demonstrated experience rationalizing, implementing, operating and maintaining security controls in cloud-centric environments
  • Strong organizational skills and ability to prioritize and manage multiple projects simultaneously.
  • Experience within security engineering domains: secure development, cryptography, network security, security operations, systems security, policy, and incident response
  • Experience hardening container based deployments
  • Experience maturing container based monitoring, alerting, and incident response.
  • Experience working in an environment that processes PHI and with applicable standards, such as: NIST CSF, ISO/IEC 27701, ISO 27001, HIPAA, HITRUST, SOC 2, FedRAMP.
 
Send us your resume, a cover letter highlighting one or two projects you’ve accomplished to build a paved path or automated part of a security workstream (incident detection & response, vulnerability management, security hardening, etc), and provide your github repos so we can look at some of your projects.
 
Programming languages which gives +1
  • Python
  • Terraform
 
Tooling which gives +1
  • Google Chronicle SIEM/SecOps
  • Crowdstrike Falcon
  • Sysdig Secure
 
Clouds / Systems which give +1
  • Google Cloud
  • Salesforce Service Cloud / Data Cloud
  • Athena EMR

 

Compensation: $74k-$111k/annual salary & bonus eligible

preloader