Unified Women’s Healthcare is a company dedicated to caring for OB-GYN providers who care for others, be they physicians or their support staff. A team of like-minded professionals with significant business and healthcare experience, we operate with a singular mindset – great care needs great care. We take great pride in not just speaking about this but executing on it.
As a company, our mission is to be an indispensable source of business knowledge, innovation and support to the practices in our network. We are advocates for our OB-GYN medical affiliates – enabling them to focus solely on the practice of medicine while we focus on the business of medicine.
We are action oriented. We strategize, implement and execute – on behalf of the practices we serve.
We are seeking a passionate Sr. Security Engineer to help us identify risks, analyze data, and collaborate on the right strategic risk mitigation measures. Our top priority is reducing risk, fortifying defenses, and protecting information systems while supporting our providers and practices.
Reporting to the Director, Information Security, you will assess and respond to adversarial attacks, execute against a security strategy and roadmap for Unified Women’s Healthcare, partner with internal teams and affiliates to mitigate risk, provide coaching and support to more junior security engineers, and drive both secure operational processes as well as security awareness across the business.
Responsibilities
- Design and support a scalable enterprise-wide vulnerability management program.
- Manage Endpoint Detection and Response (EDR) technologies and proactively investigate atypical traffic, logs, and supporting data to recommend new and improved security mitigations.
- Lead incident response, remediation and mitigation activities while supporting detection capabilities and analysis/response of security-related events and alerts.
- Define a simplified security-metrics approach that enables Unified leadership and affiliates to quickly mitigate risks.
- Drive cloud (Azure) hardening, secure configuration, and monitoring efforts.
- Support the review, selection, and implementation process of new security technologies and third party service providers, to manage risk as needed.
- Partner with development teams to ensure a secure SDLC process with security controls built into the CI/CD pipelines.
- Partner with IT Audit and Assurance to translate technical requirements into auditable controls to help drive alignment with security frameworks.
- Trusted advisor to IT, supporting architecture reviews and design recommendations.
- Provide excellent white-glove service across teams and stakeholders (especially our care centers) – resolving security support requests, delivering on initiatives, and managing day-to-day business operations.
- Manage third party risk and various vendor assessments.
- Provide targeted coaching to more junior team members, and champion security awareness by establishing relationships across the business.
- Attend periodic training sessions and keep up to date on recent security trends.
- Clearly document processes, procedures, and runbooks.
- Other duties as assigned.
Qualifications
- 5+ years of experience with security operations, security engineering, security architecture, DevOps, or operations experience.
- Bachelor’s degree in information security, Information Systems, Computer Science, or related field or equivalent.
- Ability to communicate well with both technical and non-technical stakeholders and teams within the business.
- Experiencing developing and leading incident response, remediation, and mitigation activities as well as comfort providing status updates and reports.
- Experience with scripting (Python, Bash, PowerShell), development (Python, .NET, etc.), or Infrastructure-as-Code (Terraform, Bicep, etc.) preferred.
- Experience defining and implementing security controls within cloud architectures (Azure, AWS) preferred.