Security Engineer - Incident & Threat Management

At NRC Health, we promise to help our customers bring Human Understanding to healthcare for their patients and communities. Our associates are at the heart of delivering that promise, so we promise that same Human Understanding to each other. Come where culture is everything.

Our associates. . .

Have Purpose – we do work that matters for our partners, the community, and the healthcare industry.

  Innovate with us to move healthcare forward.

  Give back to the community with paid volunteer time off.

Think Boldly – we have big ideas and are empowered to “think like an owner.”

  Fit your role and do what you love.

  Grow and develop along a career path designed by you.

Feel Connected – our favorite thing about our workday is each other.

  Support one another – no one says, “That’s not my job.”

  Celebrate with each other at beer:30, virtual events, and company gatherings.

Be Understood – we are each unique and want to live our best lives at work and home.

Let life happen with My Time Off, a form of unlimited vacation, and up to 12 weeks paid for parental and emergency leave.

Live healthy with complimentary lifestyle and financial coaches, a wellness program, and a comprehensive insurance plan.

Who we want

• Do you handle high pressure situations calmly and maintain focus during times of stress?
• Are you acutely aware of minor details, knowing they can make a big difference in identifying threats?
• Do you devise effective solutions quickly when faced with emerging threats?

What you will do

As Security Engineer, you will focus on incident management, threat management, and insider threat detection and response. You will play a key critical role in strengthening our security posture by leading the design and execution of comprehensive incident response strategies, threat detection initiatives, and insider threat programs. This role also actively participates in Business Continuity Planning (BCP) and Disaster Recovery (DR) exercises and is responsible for developing and conducting monthly tabletop exercises.

Key Responsibilities:

• Incident Management:
  • Lead the incident response process, including detection, investigation, containment, remediation, and post-incident analysis.
  • Collaborate with cross-functional teams to develop and refine incident response playbooks and procedures.
  • Maintain an incident response log and provide detailed post-incident reports and recommendations.

• Threat Management:
  • Identify, analyze, and respond to cybersecurity threats using advanced threat intelligence, monitoring, and detection tools.
  • Implement and manage threat hunting initiatives to proactively identify potential threats and vulnerabilities within the environment.
  • Collaborate with threat intelligence teams to understand emerging threats and implement preventive measures.
• Insider Threat Management:
  • Develop and execute an insider threat detection and prevention program, including identifying anomalous behavior, monitoring access, and responding to potential insider threats.
  • Partner with HR, Legal, and other internal stakeholders to investigate and address insider threat concerns.
  • Regularly update the insider threat program to reflect changes in the organizational structure and risk profile.
• BCP & DR Exercises:
  • Actively participate in Business Continuity Planning (BCP) and Disaster Recovery (DR) planning and exercises to ensure organizational resilience.
  • Support the development of recovery strategies and coordinate with relevant stakeholders to ensure seamless integration of security measures into BCP and DR plans.
• Tabletop Exercises:
  • Design, develop, and conduct monthly tabletop exercises to simulate various incident scenarios, including cyberattacks, insider threats, and disaster recovery situations.
  • Document and analyze the results of tabletop exercises, identifying gaps and areas for improvement.
  • Collaborate with various business units to ensure participation and improve preparedness across the organization.
• Continuous Improvement:
  • Stay updated on the latest cybersecurity trends, tools, and technologies.
  • Provide security awareness training and education to employees to strengthen the organization's overall security posture.
  • Collaborate with security leadership to implement continuous improvement initiatives for security operations and threat management programs.

What you need

• Bachelor’s degree in computer science, information security, or a related field, or equivalent experience
• 3-5 years of experience in incident response, threat management, and insider threat programs.
• Experience in conducting BCP and DR exercises, as well as developing and leading tabletop exercises.
• Familiarity with cybersecurity frameworks and standards (e.g., NIST, ISO, CIS).
• Proficiency in security monitoring tools (SIEM, IDS/IPS), incident response platforms, and threat intelligence tools.
• Strong understanding of network security, endpoint security, and cloud security concepts.
• Experience with scripting and automation tools to improve incident response and threat detection capabilities.
• Knowledge of forensic analysis techniques and tools is a plus.
• Excellent communication and collaboration skills, with the ability to work across different business units.
• Strong problem-solving skills and the ability to remain calm under pressure.
• Attention to detail and a commitment to maintaining the highest standards of security.

Compensation

In the spirit of pay transparency, we are excited to share the base salary range for this position is $96,000-$129,600 exclusive of fringe benefits or potential bonuses. If you are hired at NRC Health, your final base salary compensation will be determined based on factors such as geographic location, skills, education, and/or experience. In addition to those factors – we believe in the importance of pay equity and consider internal equity of our current team members as a part of any final offer. Please keep in mind that the range mentioned above is the full base salary range for the role. Hiring at the maximum of the range would not be typical in order to allow for future and continued salary growth. We also offer a generous compensation and benefits package. For more information on specific benefits, please refer to our Careers Page.

NRC Health is not currently hiring in DE, HI, LA, MD, NJ, RI, D.C.

In general, NRC Health’s positions are closed within 30 days. However, factors such as candidate flow and business necessity may require NRC Health to shorten or extend the application window. We encourage our prospective candidates to submit their application expediently so as not to miss out on our opportunities.

Diversity, Equity, Inclusion & Belonging

At NRC Health, Diversity, Equity, Inclusion & Belonging are essential to our mission as a company devoted to greater Human Understanding. For information about our efforts in this area, please refer to our DEI&B webpage and our Equal Employment Opportunity policy.

Have Purpose. Think Boldly. Feel Connected. Be Understood.