Sr. Security Engineer at Bright Health
Back to Career Site
Our Mission is to Make Healthcare Right. Together. Built upon the belief that by connecting and aligning the best local resources in healthcare delivery with the financing of care, we can deliver a superior consumer experience, lower costs, and optimized clinical outcomes.
What drives our mission? The company values we live and breathe every day. We keep it simple: Be Brave. Be Brilliant. Be Accountable. Be Inclusive. Be Collaborative.
If you share our passion for changing healthcare so all people can live healthy, brighter lives – apply to join our team.
SCOPE OF ROLE
The Security Engineer is a member of the Bright Health Information Security Organization and involved in building, maintaining, and supporting public cloud security and engineering initiatives. This person will be required to work effectively and seamlessly with our engineering organization’s existing security, engineering, and cloud operations.
- Advise technology teams in secure engineering practices and communicate risks effectively
- Work closely with engineering & technology teams to build Azure public cloud security controls based upon policies and standards
- Communicate security risks and support incident response/remediation activities
- Prioritize and take appropriate action and response
- Integrate cloud security solutions with security tools
- Document and communicate existing and new cloud security standards
- Serve as a trusted advisor in evaluating and recommending existing and future security tools
- Design and implement cloud native applications and platform security controls
EDUCATION, TRAINING, EXPERIENCE
- Five (5) or more years of experience in information security, preferably in a medium to large software product company; Four (4) or more years with a bachelor's degree or higher in a technical field such as computer science.
- Strong experience with cloud technologies, web application security and containerization, preferably Azure and Kubernetes
- Strong understanding of CI/CD pipeline and Policy as a Code framework (Terraform, Azure DevOps)
- Prior experience with maintaining and utilizing an enterprise vulnerability management system (Tenable, Qualys, etc.)
- Prior experience with maintaining and utilizing logging, monitoring and security analytics solutions such as SIEM solutions, IDS/IPS solutions, Azure Security Center, etc.
- Prior experience with a scripting language such as Python, Bash, Perl, Go etc.
- Strong understanding of OWASP top 10
- Strong understanding of vulnerability management
- Strong understanding of cloud architecture and infrastructure
- Foundational understanding of OWASP framework and web application security
- Strong familiarity with SSO and IAM technologies (Azure Active Directory)
- Competency in cloud environments (preferably Azure)
- Strong understanding of enterprise networking concepts
- Strong understanding of encryption systems and algorithms
- Vendor neutral cloud, offensive security and web application security certifications preferred, including one or more of the following: CCSP, CSSLP, OSCP, OSWE, OSCE, Azure AZ-500, eJPT, eWPT, eWPTx, eCPPT, eWDP, relevant SANS certifications, or other related certifications preferred.
We understand patient pain points, eliminating complexity while increasing transparency, for greater access and easier navigation.
We integrate and align individual incentives at all levels, from financing to optimization to delivery of care.