Staff Security Automation & Observability Engineer
Posted on Wednesday, October 25, 2023
Kyruus' mission is to connect people to the right care, in pursuit of our vision: a better healthcare system- one that's transparent and accessible- where everyone gets the care they need. At Kyruus, our values are at the heart of everything we do:
We care deeply – We do the right thing even if it’s the harder thing.
We are fiercely driven – We harness our curiosity to pursue continuous improvement and create simple solutions to complex problems.
We lead with respect – We celebrate the individual traits that make each of us unique and seek out diverse voices to listen and learn.
We are accountable – We do what we promise for each other and our customers.
Here’s what that would mean for you in the Senior Staff Security Automation and Observability Engineer role.
Care: You care about our patients, our customers, our employees and our company. You want to do everything you can to keep them and their data safe.
Driven: You want to build the best Information Security program possible.
Respect: You respect the other departments at Kyruus. Security should be an enabler of their success.
Accountable: You value our compliance certifications and look to improve with each assessment cycle.
What you will do in a Staff Security Automation and Observability Engineer role at Kyruus:
- Integrate and Automate Security Tools: Identify processes that can be improved by automation and integration of our security tools. Identify gaps in our tools and recommend solutions to fill those gaps.
- Improve Visibility Into the State of Security: Take information from our security tools and create relevant and actionable dashboards and reports for the InfoSec team and key stakeholders like engineering and IT. Improve the transparency of InfoSec to all levels of the organization.
- Oversee and Improve our Vulnerability Management Program: Develop processes and automation to support our vulnerability management program. Work with stakeholders to prioritize and manage exceptions.
- Monitor and Manage Cloud Security Tools: Utilize and manage tools to monitor and protect our cloud infrastructure, implementing best practices for cloud security.
- Collaborate with Engineering and Ops Teams: Work closely with development, operations, and other teams to integrate security into the infrastructure design and deployment process, fostering a culture of security awareness.
- Incident Response Activities: Collaborate in incident response activities, from detection to resolution, ensuring a coordinated reaction to security incidents impacting the infrastructure.
- Develop Security Policies and Procedures: Contribute to the development and maintenance of collaborative security policies and procedures specific to infrastructure security, encouraging input from various stakeholders.
- Stay Informed and Share Trends: Monitor emerging security threats, technologies, and trends, and share insights that may impact the organization's infrastructure with relevant stakeholders.
- Contribute to a Collaborative Security Strategy: Engage with various teams in defining and implementing the overall security strategy related to infrastructure, ensuring that security is an enabler for our business.
- Help Us Achieve our Certification Goals: Participate in our journey to HITRUST or FedRamp certification.
- You’ll report to the Information Security Officer in the InfoSec Department within the Technology Division.
- Kyruus will bring you through an onboarding process that is both structured and self-guided, designed to enable connection and productivity as you learn more about our company, functions and products. Additionally, we have a culture of feedback, inclusive of our performance review process that provides you with the coaching, resources and opportunities to help you learn and grow with us.
- Kyruuvians in the Staff Security Automation and Observability Engineer role can move in a more linear career path to a Senior Staff position. From there, you could move into an even more senior level role or explore a management position within the Information Security vertical.
- Kyruus also loves to see an internal transfer. If a linear career path is not what you’re looking for, you can work with your manager and HR to explore lateral moves to other parts of the organization as you continue to grow with us.
How You Can Grow
What you will bring:
- 10+ years in an information security role.
- Experience with scripting languages, integration and automation tools to streamline security processes.
- Experience developing and managing a vulnerability management program, including working with engineering and product teams on prioritization and managing exceptions.
- Proficiency in SEIM configuration and the construction of actionable dashboards.
- Ability to turn SEIM dashboards into security metrics for communication to all levels of the organization.
- Experience in efficiently and effectively working with a team to handle security incidents.
- Experience with a variety of infrastructure security tools including several of the following:
- Experience with web application firewalls and an understanding of common web vulnerabilities.
- Proficiency in securing AWS and GCP cloud environments with hands-on experience with cloud and server security tools like IDS and server/container scanning.
- Strong understanding of network security principles, including experience with tools like VPNs and firewalls.
- Experience with environment and code scanning tools.
- Knowledge of endpoint tools like endpoint detection and response, anti-malware, MDM tools.
- Experience with Governance, Risk Management, and Compliance (GRC) tools facilitating efficient monitoring and management of organizational governance, risk, and compliance with privacy and healthcare related regulations.
- Experience engaging with stakeholders to develop policies, document procedures and facilitate gathering of evidence of compliance.
- Good written and verbal communication skills.
- Proactive problem solving and team collaboration skills.
- Experience with SOC 2, HITRUST, FedRamp or other compliance frameworks is a plus.
- Experience in a HIPAA regulated environment is a plus.
- Experience in a Mac environment is a plus.
Equal Opportunity Employer
Kyruus is dedicated to providing equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, gender, national origin, citizenship, age, disability, sexual orientation, genetic information. We will not discriminate, in any employment decision, against any individual or group on the basis of race, color, religion, sex, gender, national origin, citizenship, age, disability, sexual orientation, genetic information, or veterans/national guard/military reserve status. This shall be done in compliance with all applicable federal, state, and local laws in every location in which Kyruus has facilities.