Senior Security Engineer

GoHealth Intro: GoHealth is a leading health insurance marketplace and Medicare-focused digital health company. Through the efficient, multi-tiered guidance of our highly specialized licensed insurance agents, GoHealth meets Medicare consumers where they are in their enrollment journeys and empowers them to choose the plan and carrier best suited for their healthcare needs. Our extensive industry expertise, including the use of data science and machine learning with key investments in proprietary technology, helps consumers cut through the confusion and enroll confidently.

Learn more about the GoHealth Culture in this video .

Why Apply: As an industry leader in the Medicare marketplace, we are compelled to not only embrace change but to actively be the change to adapt to our consumers' complex needs. We believe in hiring risk-takers, innovators, and collaborators within our industry to create individualized, simplified healthcare solutions for our beneficiaries.

Our #TeamGoHealth employees are at the core of our collective success; that's why we are committed to discovering the best in-class talent and ensuring that each team member receives the development tools and support they need to flourish in their professional endeavors.

We also understand that you may not check every box in our requirements list -- most applicants don’t! In fact, frequently cited statistics show that women and underrepresented groups apply to jobs only if they meet 100% of the qualifications. GoHealth encourages you to break that statistic and to apply today!

About the role:

The Senior Security Engineer & Architect will play an integral role in safeguarding our organization’s identity and access landscape; oversee and delegate to the group major initiatives and be involved in strategy, planning, vendor selection, assessment, and implementation; and have the opportunity to implement infosec strategies with major impact across our organization.

What you'll do:

• Design, implement, and maintain security solutions, including secure access controls.
• Develop and implement security policies and procedures.
• Develop and implement automation processes to streamline IAM/PAM workflows and improve efficiency.
• Develop and maintain documentation for ITAM, vulnerability management, and patching processes.
• Manage privileged accounts and credentials, ensuring secure storage and access.
• Collaborate with other IT teams to ensure security is integrated throughout the organization.
• Collaborate with security team to investigate and remediate DLP violations.
• Respond to security incidents and implement appropriate containment and remediation actions.
• Monitor network activity for suspicious behavior and investigate security incidents.
• Partner with business stakeholders to understand data classification schemes and adjust DLP policies accordingly.
• Conduct security assessments and vulnerability scans to identify and mitigate risks.
• Analyze vulnerability scan results to identify critical vulnerabilities and recommend appropriate remediation actions.
• Work with IT operations teams to ensure successful patching of all systems.
• Participate in security assessments and audits.
• Stay up-to-date on the latest security threats and vulnerabilities.

What we're looking for:

• Bachelors degree in a related field.
• At least 7 years of experience working in cybersecurity or information technology.
• At least 7 years of experience with architecture, software design, networking, and cloud infrastructure.
• At least 7 years of experience with cloud security engineering (AWS, Google Cloud Platform, Azure).
• Proven experience in designing and implementing security solutions (e.g., Vulnerability Management, DLP, PAM, SIEM).
• Experience supporting IAM solutions (e.g., Active Directory, Azure AD, Azure PIM, Okta).
• Strong understanding of authentication protocols (SAML, OAuth, etc.) and authorization models (RBAC, ABAC).
• In-depth knowledge of security best practices, frameworks, and standards (e.g., NIST, CIS Controls).
• Experience with security tools and technologies (e.g., firewalls, intrusion detection/prevention systems, encryption).
• Excellent analytical and problem-solving skills.
• Strong communication and collaboration skills.
• Ability to work independently and as part of a team.
• Experience with Software Security Architecture.
• Experience with Application Security.
• Experience with integrating SaaS products into an Enterprise Environment.
• Experience with securing Container services.
• Experience with Threat Modeling.

Location: Onsite Chicago/Hybrid

Perks/Benefits:

• Happy hours, ping-pong tournaments, and more company-sponsored events.
• Subsidized gym memberships.
• GoHealth is an Equal Opportunity Employer.
• Open vacation policy.
• 401k program with company match.
• Medical, dental, vision, and life insurance benefits.
• Flexible spending accounts.
• Commuter and transit benefits.
• Professional growth opportunities.
• Casual dress code.
• Generous employee referral bonuses.