Security Engineer

What you’ll do

In a few words…

Abarca is igniting a revolution in healthcare. We built our company on the belief that with smarter technology we are redefining pharmacy benefits, but this is just the beginning…

Our Infrastructure Operations team is critical for success at Abarca Health. They handle the days in and days out of the entire architecture of our systems from data processing to server updates and stability. The Information Security team's focus is to monitor, detect, investigate and respond to events that could lead to incidents. They are involved in planning and implementing preventative security measures and oversee the security operations as a whole, which includes protecting IT infrastructure, networks, data, edge devices and identify any exploitation, whether accidental or intentional.

The Security Engineer is a key member of the security team, which is instrumental in ensuring the security of our cloud infrastructure and protection of our sensitive data: PHI & PII data, per our information security policy. In this role, you shall help identify security gaps and drive remediation activities to close those gaps. You’ll play an integral role in defining and assessing the organization's security strategy, architecture, and practices as well as contributes to maturing the company's infrastructure security architecture and technology frameworks.

The fundamentals for the job…

• Drive security related initiatives including but not limited to the creation and maintenance of security policies, implementation of security procedures and controls, and monitoring in conformance to the policy.
• Deploy and manage applications to monitor cloud infrastructure security and intrusions.
• Perform initial incident triage, determine scope, urgency, and potential impact of security incidents.
• Provide guidance external auditors on compliance and to Engineering teams on security measures.
• Perform security gap assessments and implement remediations.
• Run periodic infrastructure vulnerability scans and pen testing and work with engineering teams on identified vulnerabilities for resolution.
• Collaborate with network and infrastructure teams on securing and best practices for all our Azure, IBM Cloud, and on premises environments, as well as OS hardening, access logging, and patching.
• Own the overall cloud infrastructure security program including driving incident response and resolution and adjust procedures as applicable.
• Monitor industry security updates, changes, technologies, emerging threats, and best practices for continuous improvement.

What we expect of you

The bold requirements…

• Bachelors Degree in Computer Science, Information Security, or a related area. (In lieu of a degree, equivalent relevant experience may be considered.)
• 5+ years working on Azure or AWS running multiple production workloads.
• 3+ years of experience in Infrastructure and Information Security.
• Experience with OS hardening techniques for Windows environments.
• Experience with access logging, centralized logging, and monitoring/alerting of security log events.
• Experience with applications for monitoring infrastructure security and detecting intrusions.
• Experience designing and implementing access control models for privileged access in fast-paced cloud environments.
• Knowledge of incident response, threat modeling, and mitigation.
• Knowledge of common information security management frameworks such as ISO27001.
• Knowledge of Azure security best practices and security controls using Azure services (AWS experience will be considered).
• Strong understanding of common internet protocols such as DNS, DHCP, SMTP, LDAP, etc.
• Excellent oral and written communication skills.

Nice to haves…

• Masters' degree in Computer Science, Information Security, or a related area.
• Security-related certification such as CISSP, CCSP, CEH, CISM, etc.
• Experience with HCI technology is a plus.
• Experience with OS hardening techniques for Linux is a plus.

That something extra we´d love to see…

1. Action for Bias
2. Problem Solver
3. Teamwork

Physical requirements…

• Must be able to access and navigate each department at the organization’s facilities.
• Sedentary work that primarily involves sitting/standing.

The above description is not intended to limit the scope of the job or to exclude other duties not mentioned. It is not a final set of specifications for the position. It’s simply meant to give readers an idea of what the role entails.

Abarca Health LLC is an equal employment opportunity employer and participates in E-Verify.  “Applicant must be a United States’ citizen. Abarca Health LLC does not sponsor employment visas at this time”

All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of gender, race/ethnicity, gender identity, sexual orientation, protected veteran status, disability, or other protected group status.

#LI-REMOTE #LI-VP1