Staff Security Engineer

The Company

Medely is a high-growth, profitable, series-C technology start-up reimagining the future of healthcare work by providing an on-demand marketplace and workforce management tools. With the support of top-tier investors, Medely has quickly become a go-to platform for healthcare professionals to instantly access high-paying jobs with the freedom and flexibility to work when and where they want. 

As a fully remote team of sharp, collaborative, and entrepreneurial individuals, we are dedicated to redefining the way healthcare workers and facilities work together to provide for patients. We are looking for passionate and skilled professionals to join our team and help us take on tough challenges in this fast-expanding healthcare industry segment.

Join us in our mission to transform the healthcare staffing industry and improve patient lives!

The Role:

As a key member of the engineering team and reporting to the Vice President of Engineering, you will be primarily responsible for security incident response, security technology implementation, vulnerability management, and giving guidance on best security practices. You will have a unique opportunity to help grow Security at Medely and will be expected to apply your strong engineering, problem solving and leadership skills to prioritize and execute on new initiatives and improvements to the existing processes. This will include working closely with the Leadership team to help prioritize and translate initiatives into clear engineering requirements, collaborating with the team of engineers. 

What you will do:

• Lead the implementation, operation, support and maintenance of the Information Security Management System based on the SOC2 standards, including obtaining our certification against SOC2.

• Understands the trade-offs required to manage the different levels of risk tolerance and risk exposure across the organization and balance this with risk investments

• Coordinates with other groups to assess, implement, and monitor IT-related security risks/hazards

• Responsible for the day-to-day operations of technical security including, but not limited to, IPS/IDS, Vulnerability Scanning & Management, Patch Management, Encryption, Content Filtering, email hygiene, DLP, Identity & Access Management/SSO, and secure file sharing.

• Ensures Identity and Access reviews are performed periodically and follows through on findings and remediation's

• Liaison with and offers strategic direction to related governance functions (such as IT, HR, Legal and Compliance) plus senior and middle managers throughout the organization as necessary, on information security matters such as routine security activities plus emerging security risks and control technologies

What we are seeking:

• Cloud security expertise across major cloud providers such as GCP, AWS, and Azure. Experience securing containers, container orchestrators, and microservices

• Expert knowledge and experience in a broad range of security controls and risk management frameworks (SOC2, ISO 2700x, PCI)

• Scripting experience with Python, Ruby, Bash, or equivalent. Prior software development experience preferred.

• Pragmatic attitude to selecting technologies and designs; conscious of best fit for the organization and total cost of ownership as well as initial outlay; able to effectively prioritize work and triage outstanding issues.

• Strong organizational and interpersonal skills, with experience developing and instilling a culture of security maturity. 

• CISSP, CCSP, or other Cyber Security related certifications preferred

• System administration certifications (CCNA, MCSA, etc.) preferred

The estimated compensation for this role is $175,000 to $215,000.

This position may be eligible for additional compensation and benefits including equity, bonus, health benefits; flexible spending account; retirement benefits; life insurance; paid time off (including PTO, paid sick leave, medical leave, floating holidays, and paid holidays); and benefits. Actual compensation will be determined by experience and other factors permitted by law.

Why Medely: Benefits & Perks

• Competitive Compensation: Based on experience and performance

• Long-term Incentives: 401k

• Healthcare Benefits: Full suite of benefits including medical, dental, and vision insurance

• Flexibility: We believe that work/life balance is important, so we offer twenty days of Paid Time Off and ten paid holidays.

• Paid parental leave

• Purpose: Join a growing mission-oriented startup that is modernizing the healthcare industry nationally!

• Ownership: Drive meaningful business impact on a team you’ll help build and define!

• Remote: Work in a digital environment with all the tools to achieve your work as though you were in the office!

We're an equal-opportunity employer to all. We interview and hire applicants of all backgrounds, orientations, expressions, and identities.

Work location is flexible if approved by Medely.

Medely does not accept unsolicited resumes from agencies. We consider any resume (CV) or biography received from an agency or outside recruiter without prior approval from a member of the Medely Human Resources or Recruiting team to be unsolicited and gratuitous, and such submissions will not be recognized by Medely for purposes of “ownership” of the candidate.

We are an E-Verify company.