Senior Security Engineer

Please note:  This is a hybrid role requiring 3 days in office at our Philadelphia HQ - 1818 Market Street.

How you will help

As a part of our Security team, working alongside our R&D and other teams, you will be at the front line of security engineering and security operations. Security is paramount at HealthVerity and is critical in every business decision. You will own and implement security solutions across several security domains. You will know where the gotchas for security are and will implement or assist in implementing solutions that meet the strict demands of the healthcare data processing industry. Your team will support you and vice versa. Peer review of solutions and implementations is expected. 

What you will do

• Stay abreast of threats and advise leadership on how to mitigate against those threats as applicable to HealthVerity.
• Investigate, contain, and remediate security threats. Conduct event / incident post-mortem and ensure actionable lessons are incorporated into policies and procedures. 
• Take ownership of multiple security domains, e.g., IAM, vulnerability management, SIEM/SOAR, application security, and implement/mature solutions and automation.
• Develop automated run-books for dealing with security events / incidents.
• Manage multiple security tools and vendors.
• Collaborate with engineering teams to develop safe, robust, and scalable platforms and workflows, and improve security posture of existing products. 
• Perform security architecture reviews and assessment of applications and environments.
• Implement and assist in implementing solutions against the evolving requirements of FedRAMP.
• Work collaboratively with all teams at HealthVerity including IT, engineering, and customer focused teams.
• Mentor junior team members.
• Develop and roll out CTFs.
• Fill in leadership on a temporary basis.

How success is defined

• Your ability to work across different areas of security such as IAM, vulnerability management, SDLC, security architecture, threat modeling, incident response, forensics.
• Strong problem-solving skills, ability to think critically and act decisively under pressure, while managing multiple priorities and timelines.
• Prior experience dealing with security incidents, developing run-books, and training the organization.
• Experience with a wide range of incident response tools, such as AWS security services, EDR (Crowdstrike), SIEM, log analysis, vulnerability management, and malware analysis platforms.
• Work independently and as well as collaboratively with other stakeholders.
• Mentoring junior team members
• Keep up to date on the latest trends and topics in security.
• Automating everything.
• Fluent in shell scripting, Python, Go, Java, JavaScript, Perl or similar languages, as well as SlackOps.

Desired skills and experience

• Expert level experience in two or more security domains such as IAM, vulnerability management, SDLC, security architecture, threat modeling, incident response, forensics.
• Expert level Linux system administration experience, and strong knowledge of AWS.
• Strong experience in meeting security certification requirements (FedRAMP, HIPAA, SOC 2, etc)
• Experience designing and supporting scalable applications on distributed architectures.
• Hands on experience with automated infrastructure configuration management.
• Experience with data storage encryption implementations.
• 7+ years of IT and business/industry work experience.
• Added bonus: understanding of Healthcare IT standards.

Base salary for the role is commensurate with experience and can range between $110,000 - 160,000 + annual bonus opportunity.

Hiring Locations

Our main office is located in Center City, Philadelphia, where we operate on a hybrid model with in-office work required three days a week for local employees. We believe collaboration is most effective when teams come together, which is why we prioritize hiring in the Philadelphia area.

For certain roles, we also hire from hub locations—regions where we have an established presence with multiple team members working remotely. While these employees primarily work from home, we bring them together in person at lease once a year for team-building, collaboration, and strategic planning.

Due to tax and labor regulations, we can only hire from specific states. Remote work is supported in the following key hub locations and approved states:

Hub Locations:

• Philadelphia, Pennsylvania
• Boston, Massachusetts
• New York City, New York
• Baltimore, Maryland
• Washington, D.C.
• Charlotte, North Carolina
• Raleigh-Durham, North Carolina
• Atlanta, Georgia
• Chicago, Illinois

Approved States for Remote Work:
CT, DE, FL, GA, IL, IN, MA, MD, MI, NC, NJ, NY, OH, PA, TN, and VA.

About HealthVerity

HealthVerity is the leader in privacy-protected real-world data exchange, transforming how healthcare and life sciences organizations connect and analyze disparate healthcare and consumer data. We continue to innovate HealthVerity Marketplace, the nation's first and largest real-world data ecosystem comprising more than 75 leading data providers and over 340 million US patients.  Combined with Identity Manager, the industry's most accurate and efficient solution for patient identity, privacy and governance, we support critical applications in clinical development, commercial strategy, regulatory decision-making, population health, underwriting and more.  HealthVerity has raised more than $140 million to date and works closely with its data providers, partners and clients to Synchronize the Science.  To learn more about HealthVerity, visit healthverity.com.

Why you'll love working here

We are making a difference – Our technology is at the forefront of some of the biggest healthcare challenges in the world. 

We are one team – Our people define our culture and always will. We take time out to celebrate each other, and acknowledge the value that each of us adds towards our greater mission. Come share all you have to offer.

We are learners – Every team member is continually learning, no matter if we've been in a role for one year or much longer. We are committed to learning and implementing what is best for our clients, partners, and each other.

Benefits & Perks

Our benefits package is thoughtfully designed to support and enrich the experience of our full-time employees, with eligibility limited to those in permanent positions.

• Compensation: competitive base salary & annual bonus opportunity (for non-commissioned roles)
• Benefits: We offer a 401(k) plan and stock options. Health, dental, and vision coverage start on day 1, while 401(k) eligibility and stock options follow soon after.
• Flexible location: Remote workdays and 3 days a week of in-office collaboration for team members in the Philadelphia area. Check location requirements with the recruiting team.
• Generous PTO: Take time off as needed, targeted at 4 weeks per year, including vacation, personal and sick time, plus paid parental leave.
• Parental Leave: 12 weeks paid leave for childbearing, surrogacy, and adoption; 6 weeks for non-childbearing parents.
• Comprehensive and individualized onboarding: mentorship program, departmental talks, and a library of resources are available beginning day 1 for each new team member to minimize the stress of starting a new job
• Professional development: biweekly 1:1s, hands-on leadership that is goal-and growth-oriented for each team member, and an annual budget to support professional development pursuits

We believe incorporating different ideas, perspectives and backgrounds make us stronger and encourages an environment where ageism, racism, sexism, ableism, homophobia, transphobia or any other form of discrimination are not tolerated. All qualified job applicants will be given consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability. At HealthVerity, we’re working towards an innovative and connected future for healthcare data and believe the future is better together. We can only do that if everyone has a seat at the table. 

If you require a reasonable accommodation in completing this application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please direct your inquiries to careers@healthverity.com

Remote opportunities are not available in all areas and require team members to work from a fixed location due to tax and labor law implications - specific questions about remote positions can be discussed during the interview process with your recruiter.