Senior Security Engineer
Abarca HealthPlans and employers deserve intelligent, flexible and user-friendly PBM services. We built a platform with infinite possibilities.
What you’ll do
In a few words…
Abarca is igniting a revolution in healthcare. We built our company on the belief that with smarter technology we are redefining pharmacy benefits, but this is just the beginning…
Our Information Security team handles the organization’s security strategies, architecture, and practices to ensure the security of our cloud architecture, security policies, and sensitive information including PII and PHI data. This team focuses on identifying, monitoring, investigating, and responding to events that could lead to an incident or breach. The Information Security team is involved in planning, implementing preventative security measures, and overseeing the security operations to include protecting IT Infrastructure, Networks, Data, by identifying any exploitations.
As Senior Security Engineer you’ll be a key member of the security team, the security engineer will be instrumental in ensuring the security of our cloud infrastructure and protection of our sensitive and highly valued treasure: PHI & PII data, per our information security policy. You’ll help identify security gaps and drive remediation activities to close those gaps. This position plays an integral role in defining and assessing the organization's security strategy, architecture, and practices as well as contributes to maturing the company's infrastructure security architecture and technology frameworks.
The fundamentals for the job…
- Be part of security team to drive security related initiatives including but not limited to creating/maintenance of security policies, implementation of security procedures/controls, and monitoring in conformance to the policy.
- Deploy and manage applications to monitor cloud infrastructure security and intrusions.
- Perform initial incident triage, determine scope, urgency, and potential impact of security incidents.
- Drive incident response and resolution and adjust procedures as applicable.
- Provide guidance to the infrastructure team on security best practices around OS hardening, access logging, and patching.
- Provide security guidance to Engineering teams in the company.
- Perform security gap assessments and implement remediations as well as collaborate external auditors on compliance.
- Run infrastructure vulnerability scans and pen testing and work with engineering teams on identified vulnerabilities for resolution.
- Work with the network and infrastructure teams on securing and best practices for all our Azure and on premises environments.
- Monitor industry security updates, changes, technologies, emerging threats, and best practices for continuous improvement.
- Perform other duties and special projects as assigned.
What we expect of you
The bold requirements…
- Bachelors or Masters' degree in Computer Science, Information Security or a related field (In lieu of a degree, equivalent
- relevant experience may be considered.)
- Experience with internet protocols such as DNS, DHCP, SMTP, LDAP, etc…
- 6+ years of experience within a role related to Infrastructure and Information Security.
- 6+ years working on Azure or AWS running multiple production workloads.
- Experience with OS hardening techniques for Windows environments.
- Experience with access logging, centralized logging, monitoring security log events, applications for monitoring infrastructure security and detecting intrusions.
- Experience with incident response, threat modeling, and mitigation.
- Experience common information security management frameworks such as NIST, CSF, or ISO27001.
- Experience designing and implementing access control models for privileged access in fast-paced cloud environments.
- Experience with Azure security best practices and security controls using Azure services (AWS experience will be considered).
- Availability to work rotating or irregular shifts, including weekends and certain holidays, per business or operational needs.
- Excellent oral and written communication skills.
- We are proud to offer a flexible hybrid work model which will require certain on-site work days (Puerto Rico Location Only)
Nice to haves…
- Security-related certification such as CISSP, CCSP, CEH, CISM, etc...
- Experience with OS hardening techniques for Linux environments.
- Must be able to access and navigate each department at the organization’s facilities.
- Sedentary work that primarily involves sitting/standing.
At Abarca we value and celebrate diversity. Diversity, equity, inclusion, and belonging are guiding principles of Abarca and ensure Abarca’s workforce reflects the communities it serves. We are proud to provide equal employment opportunities to all employees and applicants for employment and prohibit discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, medical condition, genetic information, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.
Abarca Health LLC is an equal employment opportunity employer and participates in E-Verify. “Applicant must be a United States’ citizen. Abarca Health LLC does not sponsor employment visas at this time”
The above description is not intended to limit the scope of the job or to exclude other duties not mentioned. It is not a final set of specifications for the position. It’s simply meant to give readers an idea of what the role entails.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: AWS Azure CCSP CEH CISM CISSP Cloud Compliance Computer Science DNS Incident response ISO 27001 IT infrastructure LDAP Linux Monitoring NIST Pentesting Security strategy SMTP Strategy Vulnerabilities Vulnerability scans Windows
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Information Security Officer jobs
- Open Chief Information Security Officer jobs
- Open Security Operations Engineer jobs
- Open Ingénieur DevSecops H/F jobs
- Open Staff Security Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Senior Security Architect jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Consultant jobs
- Open Senior Security Analyst jobs
- Open o365 Security Architect jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Security Researcher jobs
- Open Product Security Engineer jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Governance-related jobs
- Open Risk assessment-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Analytics-related jobs
- Open ISO 27001-related jobs
- Open CISM-related jobs
- Open IAM-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Security assessment-related jobs
- Open DoD-related jobs
- Open APIs-related jobs
- Open Forensics-related jobs
- Open Splunk-related jobs
- Open EDR-related jobs