Principal Information Security Engineer

Hi, we’re Gravie. Our mission is to improve the way people purchase and access healthcare through innovative, consumer-centric health benefit solutions that people can actually use. Our industry-changing products and services are developed and delivered by a diverse group of unique people. We encourage you to be your authentic self - we like you that way. We’re looking for a Principal Information Security Engineer (Generalist) who will be responsible for assisting with all aspects of Gravie’s comprehensive Information Security Program. You will be given a great deal of freedom, opportunity, responsibility, and autonomy as an early hire on our growing Information Security Team. You will be involved with evolving multiple security programs such as Governance, Education & Awareness, Vulnerability Management, Incident Response, Security Engineering and Security Operations. You will be a technical, engineering, and operational subject matter expert across the full spectrum of security programs at Gravie, while also having the opportunity to specialize your role and own individual programs. The ideal candidate will possess sufficient technical breadth and depth coupled with an ability to lead, communicate effectively, and build relationships. Additionally, the ideal candidate will be exceptionally motivated, eager to learn and make an impact across multiple security verticals while also being comfortable taking initiative and working through ambiguous situations in an environment where excellence is expected. You will:·       Assist the Chief Information Security Officer with all aspects of Gravie’s Information Security Program (Governance, Education & Awareness, Vulnerability Management, Incident Response, Security Engineering, Security Operations, etc.)·       Develop your expertise and own entire verticals within our Information Security Program·       Build a comprehensive Application Security Program and/or Vulnerability Management Program with a high degree of autonomy and creativity·       Provide strategic input and be a stakeholder in how the security program evolves·       Conduct outreach efforts and present on security topics internally at Gravie·       Build relationships and collaborate with system owners to identify, track and remediate system and/or software vulnerabilities·       Contribute to incident response efforts and support the evolution of our Security Incident Response Plan (SIRP) You bring:·       A track record of execution and delivery showing initiative, creativity and reliability·       Strong verbal and written communication skills with an ability to elegantly convey complex topics and build consensus with stakeholders at all levels·       Deep expertise with at least one of our security verticals with experience in a few Extra credit:·       Experience on a small, high performing team with a wide range of responsibilities·       AWS expertise with a mastery of modern cloud security/engineering topics·       Development/Application Security background with an ability to create and lead an Application Security Program, lead a public Bug Bounty Program and be a go-to resource and security liaison for our Product Team·       Experience building and running a comprehensive Vulnerability Management Program in a modern cloud environment.·       Experience as an Incident Commander responsible for leading incident response efforts ·       Experience with GRC security functions related to HIPAA, SOC 2 and NIST.·       Bachelor’s degree in Computer Science, Engineering, or a related field Competitive pay is standard. Our unique benefits program is the gravy, i.e., the special sauce that sets our compensation package apart. In addition to standard benefits, Gravie’s package includes alternative medicine coverage, flexible PTO, 16 weeks paid parental leave, paid holidays, cell phone reimbursement, education reimbursement, and 1 week of paid paw-ternity leave just to name a few.