Senior Corporate Security Engineer

We are a series B funded company in the pharmacy benefits space. Every year, half of a trillion dollars flow through pharmacy benefit managers, with more than 90% of that money running through systems designed in the late 80s running Cobol. These archaic systems prevent our competitors from providing innovative healthcare programs or saving their clients money. At SmithRx, we're building a modern pharmacy benefit manager from the bottom up to change this.

• Advise on security best practices to IT personnel on design, implementation, and maintenance of  secure systems and networks, including servers, routers, switches, firewalls, intrusion detection/prevention systems, and other security devices.
• Develop, deploy and manage tools to secure and monitor corporate assets including ownership of Endpoint Detection & Response (EDR) and Data Loss Prevention (DLP).
• Review security measures, policies, and procedures to protect systems and networks against unauthorized access, data breaches, and other security incidents from the Legal and Compliance teams. Monitor and analyze security logs and events, and be available to advise  on security incidents in a timely manner.
• Collaborate with cross-functional teams to ensure that security requirements are incorporated into corporate security processes/procedures/measures.
• Provide technical expertise and guidance to IT teams to ensure that security controls are effectively implemented and maintained.
• Stay updated on the latest security threats, technologies, and industry trends, and provide recommendations for improving security posture.
• Participate in incident response activities, including investigation, containment, and recovery efforts, as needed. (During business hours: this is not an on-call position.)
• Provide training and awareness programs to educate employees and users about CorpSec security best practices and procedures.

• • Strong knowledge of CorpSec principles, best practices, and industry standards, such as CIS Critical Security Controls.
  • Hands-on experience with some corporate security tooling, such as firewalls, IDS/IPS, SIEM, DLP, antivirus, vulnerability scanning tools, etc.
  • Excellent analytical, problem-solving, and troubleshooting skills.
  • Strong communication and interpersonal skills, with the ability to effectively communicate complex security concepts to technical and non-technical stakeholders.A risk-based approach to prioritization, rather than checkbox ticking
  • Experience with identity management: TKTK and current identity management best practices