Senior Security Architect

Surescripts serves the nation through simpler, trusted health intelligence sharing, in order to increase patient safety, lower costs and ensure quality care. We deliver insights at critical points of care for better decisions — from streamlining prior authorizations to delivering comprehensive medication histories to facilitating messages between providers.
 

Job Summary

The Senior Security Architect will have responsibility for developing, overseeing, and communicating the security architecture of Surescripts’ systems and infrastructure. The incumbent will work across engineering, operations, data, privacy, and security teams to ensure consistent designs and implementations of our network systems and applications. The incumbent will function as a facilitator of security architecture and design principles working with the engineering teams and product management to surface key issues and solutions for efficient and transparent decision making. The incumbent will leverage extensive design and development experience on multiple platforms with the ability to prototype and/or fully develop or integrate functionality.

The Senior Security Architect also will play a key role with new partners or acquisitions to determine how security infrastructures or services will integrate with Surescripts system architecture and to define a roadmap for integration. The incumbent is expected to represent Surescripts in industry workgroups to address technical and security standards and requirements of Surescripts.

Responsibilities

• Develop and oversee enterprise security architecture, ensuring alignment with organizational goals, industry best practices, and regulations

• Translate security policy and regulations into requirements for teams building solutions

• Provide expert guidance on security controls and best practices for both on-premises and cloud-based solutions

• Accountable to Chief Information Security Officer for ensuring that the services designed and developed support regulations and security posture  

• Advocate Surescripts solutions to the healthcare industry, standards organizations, and government advisory groups

• Communicate the company's security, identity management, and trust strategy to engineers, technical leaders, business teams, executives, and customers

• Design and implement long-term strategic goals and short-term tactical plans for securing corporate systems and software

• Design security for monitoring, logging, IAM, encryption, data protection, detection and preventive controls

• Continuously improve security design and review process across teams to efficiently deliver solutions while enhancing security

• Monitor, analyze and communicate emerging security tools, industry standards, regulations, vulnerabilities, and cybersecurity threats to security and technology teams

• Contribute to technical and business discussions for security strategy with an emerging threat landscape

Qualifications

Basic Requirements:

• Bachelor’s degree in computer science or related field or equivalent experience
• 12+ years of experience in related, progressive roles
• 7 years of cybersecurity experience
• 5 years of software development experience
• 5 years of architecture experience
• Experience with transactional based messaging systems
• Strong ability to utilize integrated development environments, CI/CD pipelines, and DevSecOps methodologies
• Proven experience in large scale systems design and implementation
• Experience performing security reviews for C# and Java languages
• Identity and Access Management (IAM) Standards and Methodology
• Public Key Infrastructure
• Identity Token Management
• Application and Systems Development Security
• Cryptography
• Hardware Security Modules
• Software Requirements development and Threat Modeling
• Guiding teams on vulnerability management and penetration testing remediation
• Experience in the use of threat intelligence services in a production environment
• Experience designing and deploying scalable solutions architectures, with a focus on distributed systems and cloud-native technologies.
• Experience with major cloud platforms (AWS, GCP, Azure) and their core services, including security and cost optimization best practices.
• Experience with cloud migrations, including refactoring existing workloads and designing new cloud-native applications.

Preferred Qualifications:

• Master's degree or equivalent in Computer Science or related field
• Minor or certification in statistics and machine learning
• Certified in Healthcare Privacy and Security, AHIMA (CHPS)
• Certified Professional in Healthcare Information and Management Systems (CPHIMS)
• Certified Information Systems Security Professional - (CISSP)
• Certified Information Security Auditor (CISA)
• Certified Information Security Manager (CISM)
• Software consulting experience
• Experience with Agile methodologies
• Previous experience in Health IT
• Management and leadership experience
• Experience and understanding of various regulatory requirements and laws, including but not limited to: Payment Card Industry (PCI), Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR) and Gramm-Leach-Bliley Act (GLBA). Additionally, experience in one or more of the following: ISO 27001/2, ITIL or NIST.
• AI and machine learning experience
• Distributed Networking Systems experience
• Central logging tools (e.g. Splunk, DataDog)
• SAST Code Security Tools (e.g. Checkmarx, Snyk)
• DAST/IAST Web Application Security tools (e.g. IBM/AppScan, HP/WebInspect, WhiteHat,)
• Experience with containerization and orchestration technologies (e.g., Docker, Kubernetes)
• Highly distributed database security and administration

Surescripts embraces flexibility through its Flexible Hybrid Work model for most positions. This model allows employees to work virtually while still utilizing our offices as collaboration centers. With alignment and agreement from your leadership, you can come and go from the office as needed.
 

To be considered for employment, applicants must have a valid U.S. work authorization allowing work without restrictions with Surecripts in the U.S. At this time, we are unable to provide support or provide sponsorship for immigration benefits such as work visas. Additionally, we do not participate in academic training programs or work-study programs through an academic institution that require employer endorsement of F-1/CPT or F-1/STEM.

What You’re Like 

You’re relentless in getting stuff done. You apply your expertise in an Agile/DevOps world with other talented people. You’re curious about new technology and use your curiosity as fuel to deliver meaningful solutions. And you’re into incremental efforts that ultimately reap huge results.
 

What We’re Like

We’re a smart team that loves to work toward a common goal: delivering innovative, industry-leading solutions that improve patient care. We pride ourselves on quality work grounded in transparency and accountability. Our goal is to make a positive impact on healthcare, be it on quality, cost, or patient safety. 
 

What the Work is Like

Is your thinking cap on? (Do they still make those?) Here, our challenge is to connect disparate, cross-functional skills to create the desired result. We focus on important milestones, work to understand diverse technologies and develop relationships with various groups of people with varied perspectives.    
 

Why Wait? Apply Now

We’re a midsize company. This means you’re not just another employee ID number. Here, you can build real relationships and feel supported by truly awesome people with diverse backgrounds and talents in an innovative and collaborative work culture. We strive to create an environment where you can be yourself, share your ideas and work your way. We offer opportunities for employee development, as well as competitive compensation packages and extensive benefits.
 

At Surescripts, base pay is one part of our Total Rewards Package (which may also include bonus, benefits etc.) and is determined within a range. The base pay range for this position is $202,500 - $247,500 per year. Your base pay may vary within or outside of this range depending on a number of factors, including (but not limited to) your qualifications, skills, experience, and location.

Benefits include, but are not limited to, comprehensive healthcare (including infertility coverage), generous paid time off including paid childbirth and parental leave and mental health days, pet insurance, and 401(k) with company match and immediate vesting. To learn more, review the Keep You and Yours Healthy, Balancing Work and Life, and Where Talent Takes Shape links under the Better Benefits. Better Work. Better Life section of our careers site.
 

Physical and Mental Requirements

While performing duties of this job, an employee may be required to perform any, or all of the following: attend meetings in and out of the office, travel, communicate effectively (both orally and in writing), and be able to effectively use computers and other electronic and standard office equipment with, or without, a reasonable accommodation. Additionally, this job requires certain mental demands, including the ability to use judgement, withstand moderate amounts of stress and maintain attention to detail with, or without, a reasonable accommodation.

Surescripts is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate on the basis of race, color, religion, age, national origin, ancestry, disability, medical condition, marital status, pregnancy, genetic information, gender, sexual orientation, parental status, gender identity, gender expression, veteran status, or any other status protected under federal, state, or local law.