Information Security Engineer
Bamboo Health is a leader in cloud-based care coordination software and analytics solutions focused on patients with complex needs, including those suffering from physical health and mental health issues and substance use disorders. We are driven by our mission of enabling better care for patients across the continuum. Our software solutions help healthcare professionals collaborate on shared patients across the spectrum of care. Join us in improving healthcare for all!
Bamboo Health Security implements forward thinking security architectures across a wide variety of platforms and technologies including cloud services, identity and access management, virtualization, and third-party service providers. We strive to implement innovative solutions that support dynamic growth within complex regulatory environments. The Bamboo Health Security Team is highly collaborative and committed to each team member’s growth along with the business.
The Bamboo Health Security Team is seeking an experienced and highly motivated Information Security Engineer to join our team. As an Information Security Engineer, you will play a critical role in ensuring that our services operate securely. You will be responsible for analyzing the security of services, discover and address security issues, and quickly react to emerging security threats. The Information Security Engineer will work with seasoned security experts with extensive knowledge across security domains.
What You’ll Do:
· The Information Security Engineer will participate in daily incident response stand ups and provide ongoing operational support.
· Apply analytical and creative skills while consuming the output of the security tools and logs generated by systems throughout the enterprise.
· Lead multiple tasks related to annual security initiatives and investigations.
- Monitor developments within the field of penetration testing, continually assess the Bamboo Health environment, validate findings and work with stakeholders to drive remediation to completion.
- Document and review operational procedures and lead incident response investigations.
What Success Looks Like…
You will be responsible for designing and implementing workflows that cover multiple services and technology stacks. Develop an understanding of system relationships and dependencies and relay this knowledge to junior team members. Implement security measures across multiple layers to maintain an overall secure environment.
In 3 months…
- You are participating and actively working investigations with the ops team.
- You can pick up on-call rotations and backup team members.
- Perform advanced web application security testing utilizing automated methods.
- Understand and be able to describe the function of all products and services.
In 6 months…
- Review security scan results and determining the risk and impact of vulnerabilities.
- Perform advanced vulnerability analysis and mitigation planning/operations.
- Perform advanced cloud container testing, threat modeling and analysis.
- Describe the organization layout in detail and identify key stakeholders
In 12 months…
- Make recommendations improving advanced security controls within the environment.
- Independently hunt and remediate behavioral anomalies, unauthorized access, misconfigurations, or reconnaissance activity.
- Perform web application security testing utilizing advanced manual methods.
- Partner with engineering teams to coordinate and prioritize work.
What You Need:
- At least 5 years experience in information security analysis and implementation of security controls.
- At least 5 years experience utilizing information security best practices, compliance frameworks, and security tooling and processes.
- At least 5 years operational experience with security incident response and operational processes and procedures.
· Domain expertise in at least 3 of: security architecture and engineering, NIST or HITRUST control review, identity and access management (IAM), security assessment and testing, and software development security.
- Familiarity with scripting languages and process automation
- Excellent written and verbal communication skills.
- Ability to learn quickly and work independently.
- Proficient knowledge of Linux, MacOS, Windows Server/Client, and cloud architecture.
· A work environment that is conducive to high quality virtual interactions. This includes but is not limited to being able to work from a quiet space with minimal interruptions or distractions, and a strong internet connection.
· A high level of judgment, analytical ability and creativity in investigating problems that require original and innovative solutions.
· Experience working a fast-paced, high-growth, rapidly changing work environments.
What You Get:
· Join one of the most innovative healthcare technology companies in the country.
· Have the autonomy to build something with an enthusiastically supportive team.
· Learn from working at the highest levels and on the most strategic priorities of the company, including from world class investors and advisors.
· Receive competitive compensation, including equity, with health, dental, vision and other benefits.
Bamboo Health is proud to be an Equal Employment Opportunity and affirmative action employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.