Senior Security Operations Engineer (with Cloud focus)

About VirtualHealth:

VirtualHealth’s platform, HELIOS®, is the first comprehensive platform purpose-built for integrated value-based care and deployed by some of the most innovative healthcare organizations in the country to manage millions of lives. Through the HELIOS® platform, VirtualHealth empowers healthcare organizations to achieve enhanced outcomes while maximizing efficiency, improving transparency, and lowering costs. For more information, please visit www.virtualhealth.com.

The Position:

VirtualHealth is seeking a Senior Security Operations Engineer and an essential stakeholder across Information Security, IT, and Engineering. We are in an expansion mode for our fast-growing company with ambitious goals to build out best practices in accordance with compliance from HIPAA, HITRUST, and FedRamp.

Responsibilities:

• Oversee the entire SecOps and Cloud Security Operations and be the subject matter expert in relevant verticals
• Conduct threat modeling and risk assessment exercises with DevOps team
• Contribute to the IAM and IT teams at VirtualHealth
• Perform regular security assessments of Virtual Health cloud platforms and software
• Configure systems to comply with industry best practices and hardening standards
• Monitor remediation of vulnerabilities utilizing third-party tools such as Veracode and Orca
• Assist the security team in expanding cybersecurity awareness across the organization through a security review and training sessions with internal staff
• Document security standards and guidelines pertaining to secure cloud management, configuration, and deployment
• Evaluate new technologies, tools, and development techniques that impact security
• Build and maintain security partnership with DevOps and Development leads to remediate vulnerabilities and drive SDLC process improvements 

Requirements:

• 3-5+ years experience in a security technical role
• Comfortable with DevOps-style tools like Ansible, Chef, Terraform, GitHub, Jenkins, Puppet, etc.
• Solid understanding of AWS architecture with secure coding practices and automating security checks in pipelines
• Understands the principle of least privilege and the confidentiality, integrity, and availability triad and will work to enforce those concepts in our environment
• Experience with languages such as Python, Javascript, Java, Node.js
• Understanding of compliance obligations including HITRUST and FedRamp
• Demonstrable knowledge of security concepts and common vulnerabilities like the OWASP Top 10
• Strong understanding of virtual machines, containerization, and cloud architecture
• Proven experience with web application and infrastructure penetration testing
• Ability to multitask and prioritize work effectively
• Attention to detail
• Ability to work independently and as part of a team
• Bonus: Certificates such as AWS Security Specialty, OSCP, ECH

Compensation:

• Competitive salary
• Unlimited PTO 
• Health, dental, and vision insurance
• 401(k) Participation
• Rapidly growing technology company with upside potential
• Work from home within United States 

VirtualHealth is committed to ensuring that information security remains a top priority for everyone. All workers are responsible for the protection of our Information Security and we take the execution of this seriously. Information Security Policies and procedures details and training will be provided during on-boarding.

Each candidate will be subject to a background and reference check before beginning employment.  Please note that this position will require US citizenship and submission and further approval of “Public Trust” federal clearance.