Senior Security Engineer

Protenus is paving the way in healthcare with a leading, comprehensive approach to compliance analytics. Providing healthcare leaders full insight into how health data is being used, and alerting privacy, security and compliance teams to inappropriate activity, Protenus helps our partner hospitals make decisions about how to better protect their data, their patients, and their institutions. This year, Protenus was named one of Forbes' Best Startup Employers, one of the Best Places to Work in Healthcare and Family Friendliest Companies by Modern Healthcare, and certified as a Great Place to Work.

As a member of the Information Security Team, the Senior Security Engineer at Protenus is responsible for the technical security and privacy of the Protenus platform.  The scope involves both the Protenus Platform (our customer-facing product), as well as internal Protenus tools and data.

Senior Security Engineers are responsible for the design, implementation, maintenance and improvement of the technical security systems at Protenus.  They help maintain the security posture of Protenus through vulnerability scanning and management, software security assessments, incident response planning and testing, and working with our third-party partners on external scans and penetration testing.

Senior Security Engineers also assist the CISO on process and procedure improvements, third-party audits, and comprehensive risk assessments.  Senior Security Engineers also help support our sales and customer success teams by answering security questionnaires and participating in meetings with customer security teams.

Finally, Senior Security Engineers are internally recognized as technical experts and leaders, having through the course of their career developed significant depth of knowledge in the information security domain. They have the heart of a teacher, and are eager to share their knowledge and expertise. This person will mentor Security Engineers, inform and enlighten management, and are a champion for the ongoing improvement of our security posture. They eagerly collaborate with Engineering and IT on security safeguards, system design, and implementation best practices.

Responsibilities

• Tackles large security projects, both of a technical and compliance nature.  Senior engineers are expected to tackle difficult technical issues, features and changes with minimal oversight, providing training and documentation for the rest of the team to follow and understand.
• Maintains technical ownership and responsibility for a major subsystem or component in the Protenus Security Platform or security infrastructure. Responsibilities include:
  • Leading the development of complex features, solutions and prototypes while owning the technical health and staying abreast of technical debt.
  • Key contributor in roadmap development for Security Tooling, Security Policy and Compliance and/or Product Security.
  • Acts as the final point of escalation for defects and operational issues and is a defacto expert on the respective component or system.
• Continues to develop in their area of technical expertise, demonstrating this commitment by socializing what they have learned, incorporating it into best practices and mentoring other technical professionals at Protenus (specifically other security engineers, as well as software and infrastructure engineers as appropriate)
• Is familiar with and can work with in a Agile Development Framework.  Can fill in, as needed, as scrum-master or other scrum/agile responsibilities.  Can be counted upon to remain flexible and willing to assist with these roles.

Key Qualifications, Skills, Competencies

• Substantial work history in relevant security roles.  Typical candidates will have an academic background and years of experience as follows:
  • Bachelor’s Degree with 7+ years experience
  • Master’s Degree or PhD with 4+ years experience
• Has developed other technical staff via mentoring, reviewing work products, removing impediments and/or propagating best practices in the setting discussed above. 
• Has taken responsibility for the technical health of cybersecurity systems by ensuring uptime requirements are met, remediating vulnerabilities and bugs, and identifying useful improvements.  
• Expertise with multiple technologies in the Protenus Security System and our infrastructure as required:
  • Cloud-based IaaS Systems (such as AWS, Azure)
  • Vulnerability Scanning (such as Nessus, OpenVAS)
  • SIEM and logging technology (such as Splunk, Elastic, LogRhythm, SolarWinds)
  • Enterprise VPN (such as Cisco AnyConnect, Fortinet VPN, Palo Alto Global Protect)
  • Host-based security tools (such as Sophos, ClamAV, Wazuh/OSSEC, Tripwire)
  • Linux command line and scripting experience (BASH, Python preferred)
• Strong communication skills - written and verbal - that demonstrate an ability to relay complex concepts to a range of audiences from junior technical employees to executives. 
• Professional security accreditations such as Security+, or equivalent evidence of formal training and continuous education.
• Preference for candidates with knowledge of security frameworks such as the NIST CyberSecurity Framework and evidence of having applied these frameworks successfully.

We value diversity on our team and firmly believe Protenus is stronger when we hire people who make their own unique contributions to our culture. We welcome all applicants and encourage candidates from underrepresented backgrounds to apply. Join our team to see how you can learn and grow with us.