Security Engineer

About Employer Direct Healthcare

Employer Direct Healthcare is focused on giving access to quality & affordable healthcare for our members. We understand and have experienced the challenges of navigating specialized healthcare and we are dedicated to making a change.

We partner with large self-funded employers to create a benefit program for specialized care. We connect with high-quality providers to give our members peace of mind when going into surgery. And we support our members by helping them navigate the tricky aspects of healthcare; whether that be selecting a doctor, scheduling appointments, or following up after a procedure has been completed to make sure our members are feeling better.

About You:

• You have a drive and AMBITION to tackle big problems. Big problems required big ideas and a team that supports new ideas.
• You CARE deeply for your customers. Your customers aren't just the individuals using your product. They are the driving factor in your motivation to make a change.
• You thrive in a TEAM ENVIRONMENT. Collaboration is key in innovation and creating change.
• A DIVERSE environment is incredibly important to you. You understand and desire to be a part of a diverse team with different experiences and perspectives & you cherish the differences in each individual that you interact with.
• You are DETAIL ORIENTED, but more so, focus on the execution of your content while balancing a fast-paced environment.
• You understand that PROGRESS is critical to making change. You take the time to celebrate the small and big wins. Understanding that each improvement to a process helps move towards a greater change.
• INTEGRITY guides you in life. Focusing on the truth versus just giving people the answers they want to hear.

If this sounds like you, we would love to connect to speak further about career opportunities at Employer Direct Healthcare.

Please apply to our role & someone from our HR Team will reach out to help you navigate our interview process.

Senior Security Engineer

The Security Engineer designs, implements, maintains, and operates Information security (Operations) controls and tools in support of Employer Direct Health's cyber-security program. The Security Engineer implements security strategies and procedures to complement business objectives in alignment with sound cyber-risk management principles and standards. Provides guidance to Junior security staff within the latitude of established policies. Identify gaps and environmental vulnerabilities and recommend enhancements to existing security architecture.

Responsibilities and Duties

• Configure and operate discovery tools and services to enumerate and map enterprise networks and critical data.
• Configure and operate enterprise vulnerability assessment and configuration assessment tools (i.e. Tenable) and integrate their output into downstream systems in a relevant and usable manner
• Validate vulnerability findings for false positives and negatives, and document findings for future use
• Develop repeatable and automated means for identifying the responsible owner for each system affected by a vulnerability and points of contact for remediation
• Works with MSSP to tune and build relevant content and alerting structure within the enterprise SIEM aligned with EDHC threat landscape.
• Follows a standard methodology to identify and/or detect threats to the IT infrastructure, applications, and other information assets.
• Demonstrate sustainability of newly implemented tools and processes across all security domains.
• Identify, contain, mitigate, recover, and report on cyber-security incidents affecting the enterprise and business
• Analyze and investigate adverse events and incidents using an enterprise security information and event monitoring (SIEM), logs from firewalls, IPS, servers, endpoints and other network devices to determine TTPs, identify IOCs, evaluate and communicate impact, and document RCAs appropriately.
• Collaborate and coordinate with peers and business unit teams as needed to analyze and respond to adverse events and incidents.
• Research the latest threat intelligence, vulnerabilities, exploits, and other relevant threat information and trends on various attacks and attack landscapes for the healthcare industry.
• Develop incident reports to include root-cause analysis, incident impact, and remediation tracking. Assist with incident runbook review and modifications.
• Perform endpoint forensic analysis as necessary in the course of incident remediation and root cause analysis reports.

Requirements

• Bachelor's degree in Cyber Security or Network Engineering (or equivalent experience)
• 3-4 Years of experience in Security Operations (or 5 years in lieu of degree)
• 2+ Years working with an enterprise EDR solution (CrowdStrike)
• Demonstrate experience contributing to enterprise security architecture design
• Demonstrable understanding of various security methodologies and processes, and technical security solutions
• Experience with Data access governance, DLP, CVSS, the MITRE ATT&CK framework and the software development lifecycle
• Experience with cloud infrastructure and Azure Security suite.
• Industry certifications such as GCIH, Security+, AZ-500, CYSA, and any Vendor relevant Certifications.

Benefits

• Medical Insurance
• Dental Insurance
• Vision Insurance
• Short & Long Term Disability
• Life Insurance
• 401k with company match
• Paid Time Off
• Paid Parental Leave