Security Engineer

about revology

revology is a technology-enabled healthcare revenue cycle management (RCM) firm providing outsourced services to hospitals, health systems, and physician groups. Our tech smart-from-the-start strategy enables us to break through conventional barriers and empower each revologist to drive a higher standard of revenue cycle performance. This is possible because we spend our lives in the sweet spot where smart tech and good humans reach their highest potential and maximize outcomes.

At revology, we are committed to stewarding and empowering an inclusive environment within our company and our communities. While we believe in “culture” - we don’t believe in “culture fit”. We encourage every single revologist to bring their unique perspective, lived experience and authentic selves to the table. revology is an equal opportunity employer and we encourage everyone to apply for our available positions - including women, people of color, individuals with disabilities and those in the LGBTQIA+ community. 

 

Role: Security Engineer 

Location: Remote. Must work in a location within the United States

Travel: Up to 10%

Classification: Exempt

Reports to: Director of Security and Compliance

Salary Range: Commensurate with experience 

about the role

The Security Engineer is responsible for designing, implementing, and maintaining our company's security systems to protect our sensitive data and infrastructure from cyber attacks. You’ll spend your days identifying, designing and architecting security solutions for our company to address security risks within the organization. This work includes evaluating new capabilities and emerging technologies and how they best fit within the organization’s operational structure. 

responsibilities

• Monitor and analyze security event logs from various sources (e.g., SIEM, firewalls, IDS/IPS, antivirus, and other security tools). Identify, investigate, and respond to potential security risks in a timely manner. Assist in the tuning, management, and configuration of cybersecurity tooling. 
• Help evaluate and monitor cybersecurity controls to protect revology’s information systems and regulated data. Manage and maintain security tools and technologies, ensuring they are updated and configured correctly.
• Conduct security reviews of applications and third-party vendors to ensure compliance with security requirements. Collaborate with development and procurement teams to integrate security into the software development lifecycle and vendor selection process.
• Assist in the review, development, implementation, and maintenance of cybersecurity policies, procedures, and guidelines. Help educate and train staff on cybersecurity policies and procedures.
• Implement and manage protective measures for endpoint devices, ensuring they are monitored, configured securely, and updated regularly to prevent and respond to security threats.
• Assess, negotiate, and manage vendor security practices and contracts, ensuring ongoing compliance and addressing any security issues that arise.
• Develop and execute response plans for security incidents, including detection, containment, eradication, recovery, and post-incident analysis.
• Identify, assess, and mitigate security risks, ensuring effective controls are in place and compliance with relevant standards and regulations. Includes conducting risk assessments and providing recommendations to ensure appropriate organizational risk management is being implemented. 
• Stay current with the latest cybersecurity trends, threats, and technology solutions.
• Participate in security audits and assessments as required.
• Collaborate with other IT, development, and security team members to navigate and address security challenges and enhance overall security posture.
• Prepare regular reports on security activities, incidents, and metrics for management review.

• Stay curious, kind and contribute positively to the revology culture. The health + harmony of the team is everybody’s responsibility at revology.

The statements stated in this job description reflect the general duties as necessary to describe the basic function, essential job duties/responsibilities, job requirements, physical requirements and working conditions typically required, and should not be considered an all-inclusive listing of the job.  Individuals may perform other duties as assigned, including work in other functional areas to cover absences or relief, to equalize peak work periods or otherwise balance the workload.

requirements

• Bachelor's degree in Computer Science, Information Technology, or a related field, or commensurate experience, and/or training. 
• Industry certifications such as CISSP, GSEC, CEH or CISM are a plus
• Minimum of 3 years of experience in information security, preferably in  application security and/or cloud computing environments
• In-depth knowledge of security principles, technologies, and protocols (e.g., TCP/IP, SSL/TLS, DNS, HTTP, HTTPS, etc.)
• Experience with security tools such as firewalls, intrusion detection/prevention systems, SIEM, and vulnerability scanners
• Experience with cloud security and DevSecOps practices
• Strong problem-solving and analytical skills
• Excellent communication and collaboration skills
• Experience in Identity and Access Management
• Familiarity with regulatory requirements such as GDPR, HIPAA, or PCI-DSS
• Strong understanding of relevant cybersecurity frameworks and standards (e.g., NIST CSF, SOC, ISO 27001) 

remote work requirements

Internet capability must be a high-speed internet connection.

physical requirements

Must be able to perform physical activities, such as, but not limited to: moving or handling (lifting, pushing, pulling and reaching overhead) office equipment and supplies weighing 1 to 25 lbs. unassisted.  Frequently required to sit for extended periods during the workday.  Manual dexterity and visual acuity required.  Must be able to communicate effectively on the telephone and in person.

working conditions

Work will generally be performed indoors in an office environment.  Must maintain a professional appearance and manner.  

employment eligibility

Candidates must be legally authorized to work in the United States without sponsorship.