Staff Security Engineer

THE COMPANY

Medely is the largest workforce management platform specializing in delivering healthcare professionals through an on-demand marketplace. As an economic empowerment engine, Medely allows healthcare professionals instant access to high-paying jobs with the freedom and flexibility to work when/where they want while providing healthcare facilities access to the largest on-demand network of ready-to-work healthcare professionals.

We believe that empowering healthcare professionals will bring more open, efficient, and increasingly higher quality to patient care. We are a team of sharp, entrepreneurial individuals who are redefining the way healthcare staffing is done. We are currently looking for candidates to join our growing team who share our enthusiasm for tackling today’s toughest challenges in healthcare.

The Role:

As a key member of the engineering team and reporting to the Vice President of Engineering, you will be primarily responsible for security incident response, security technology implementation, vulnerability management, and giving guidance on best security practices. You will have a unique opportunity to help grow Security at Medely and will be expected to apply your strong engineering, problem solving and leadership skills to prioritize and execute on new initiatives and improvements to the existing processes. This will include working closely with the Leadership team to help prioritize and translate initiatives into clear engineering requirements, collaborating with the team of engineers. 

What you will do:

• Lead the implementation, operation, support and maintenance of the Information Security Management System based on the (SOC2, ISO/IEC 27001) standards, including obtaining our certification against (SOC2, ISO/IEC 27001)

• Understands the trade-offs required to manage the different levels of risk tolerance and risk exposure across the organization and balance this with risk investments

• Coordinates with other groups to assess, implement, and monitor IT-related security risks/hazards

• Responsible for the day-to-day operations of technical security including, but not limited to, IPS/IDS, Vulnerability Scanning & Management, Patch Management, Encryption, Content Filtering, email hygiene, DLP, Identity & Access Management/SSO, and secure file sharing.

• Ensures Identity and Access reviews are performed periodically and follows through on findings and remediation's

• Liaison with and offers strategic direction to related governance functions (such as IT, HR, Legal and Compliance) plus senior and middle managers throughout the organization as necessary, on information security matters such as routine security activities plus emerging security risks and control technologies

What we are seeking:

• Cloud security expertise across major cloud providers such as GCP, AWS, and Azure. Experience securing containers, container orchestrators, and microservices

• Expert knowledge and experience in a broad range of security controls and risk management frameworks (SOC2, ISO 2700x, PCI)

• Scripting experience with Python, Ruby, Bash, or equivalent. Prior software development experience preferred.

• Pragmatic attitude to selecting technologies and designs; conscious of best fit for the organization and total cost of ownership as well as initial outlay; able to effectively prioritize work and triage outstanding issues.

• Strong organizational and interpersonal skills, with experience developing and instilling a culture of security maturity. 

• CISSP, CCSP, or other Cyber Security related certifications preferred

• System administration certifications (CCNA, MCSA, etc.) preferred

The estimated compensation for this role is $175,000 to $215,000.

This position may be eligible for additional compensation and benefits including equity, bonus, health benefits; flexible spending account; retirement benefits; life insurance; paid time off (including PTO, paid sick leave, medical leave, floating holidays, and paid holidays); and benefits. Actual compensation will be determined by experience and other factors permitted by law.

WHY MEDELY: BENEFITS & PERKS

• Competitive Compensation: Based on experience and performance

• Long Term Incentives: 401k

• Healthcare Benefits: Full suite of benefits including medical, dental, and vision insurance

• Flexibility: We believe that work/life balance is important, so we offer twenty days of Paid Time Off and ten paid holidays.

• Paid parental leave

• Energetic team environment

• Purpose: Join a growing mission-oriented startup that is modernizing the healthcare industry on a national scale!

• Ownership: Drive meaningful business impact on a team that you’ll help build and define!

• Remote: Work in a digital environment with all the tools to achieve your work as though you were in the office!

We're an equal opportunity employer to all. We interview and hire applicants of all backgrounds, orientations, expressions, and identities.

Work location is flexible if approved by Medely.

Medely does not accept unsolicited resumes from agencies. We consider any resume (CV) or biography received from an agency or outside recruiter without prior approval from a member of the Medely Human Resources or Recruiting team to be unsolicited and gratuitous, and such submissions will not be recognized by Medely for purposes of “ownership” of the candidate.

We are an E-Verify company.