Senior Information Security Engineer

Nomad Health is the first digital marketplace for healthcare jobs, efficiently connecting quality clinicians with rewarding career opportunities. Forbes recognized Nomad as one of the “Best Startup Employers”, Newsweek included Nomad on its "Most Loved Workplaces" list and Built In NYC named Nomad one of the “Best Mid-Sized Companies To Work For.” Our technology takes the busywork out of finding clinical work. We are a well-funded Series D startup backed by First Round Capital, RRE Ventures, .406 Ventures, Polaris Partners, Icon Ventures, Adams Street Partners, and Kevin Ryan (founder of MongoDB, Zola, Gilt, and DoubleClick).

The U.S. healthcare system is experiencing a staffing crisis. Employers spend $20 billion per year recruiting clinicians to care for the rapidly aging U.S. population. Nomad replaces antiquated staffing agencies with modern technology to efficiently source, qualify, and hire medical talent on demand. Clinicians find better jobs with higher pay. Employers fill roles faster with higher quality care.

Nomad is a fast-growing team of technologists, creators, and industry experts passionate about modernizing healthcare staffing, so clinicians can get back to the work they do best: caring for others.

The Senior Security Engineer will be responsible for identifying potential threats to the IT infrastructure, recommending enhancements accordingly and implementing those technologies. The senior security engineer provides support to ensure applicable information protection policies, procedures, guidelines, best practices are followed. Performs Security Risk Assessments and performs compliance reviews to ensure applications and assets are operating in accordance with established policies and procedures. Educates stakeholders in the assessment process and leads both pre- and post-assessment meetings. The role focuses on security architecture and engineering, and works with the Operations, IT, and Business Applications teams to implement security improvements.

• Act as SME for new IT security tool deployment and configuration.
• Research, architect, and deploy systems and processes to improve our security posture.
• Evaluate vendor security tools and solutions to provide purchase recommendations that meet current and emerging requirements.
• Use threat intelligence to improve our ability to react to new threats.
• Lead the security incident response process from a technical viewpoint.
• Create processes and procedures for incident remediation.
• Conduct regular root cause analysis exercises to diagnose and address fundamental and root issues.
• Configure and manage endpoint security platform.
• Assist with the implementation and maintenance of the enterprise IAM solution.
• Assist with testing of work flows for IAM solution.
• Ensure system accounts are compliant for roles and authorizations; Central POC for systems access requests through enterprise IAM Solution.
• Use a variety of methods to discover security issues and vulnerabilities on a continuous basis.
• Keep up with security vulnerabilities related to the applications, software and devices used in the organization.
• Review security requests submitted by other teams in the organization and determine if they can be implemented securely and what security controls are needed to reduce the risk to the organization.
• Help conduct risk and security assessments and oversee remediation throughout the organization.
• Assist in the evaluation of dev sec ops and cloud security.
• Assist with security awareness activities.

• BS Degree in Information Systems Security, Computer Science, related field, or equivalent experience
• 10+ years of combined experience in information technology engineering, administration, operations and technology with at least 5 years of experience focusing on information security.
• Certifications such as CISSP, GSEC, CEH, or Security+ are a plus. 
• Extensive knowledge of current and emerging IT security technologies and techniques, covering all levels of cloud architecture.
• Experience with researching, recommending, configuring, and managing enterprise security tools.
• Experience with incident management and threat remediation including threat analysis, isolation, identification, eradication, and mitigation.
• Deep understanding of cloud computing concepts, services and related controls.
• Ability to work with engineering teams to weigh business risks and enforce appropriate security measures.
• Ability to work both independently and collaboratively with peers, across teams and with management.
• Knowledge and experience with control frameworks such as ISO, NIST CSF, and PCI.
• Understanding of current encryption standards and implementation procedures.
• Demonstrate exceptional teamwork and foster collaboration within the organization.
• Excellent problem-solving abilities.
• Ability to document and explain technical details in a concise and understandable manner.
• Demonstrated ability to be flexible, positive, and creative in a dynamic, fast-paced and changing environment.
• Demonstrated aptitude and the desire to learn new technologies and services.

#LI-LR1

#Remote