Security Engineer

Overview

United Vein & Vascular Centers is a life-changing healthcare innovator that is rapidly expanding access to state-of-the-art, minimally invasive vein and vascular care as we grow our footprint across the country. The unparalleled outcomes we achieve are made possible by dynamic team members like YOU working alongside our exceptional team of skilled physicians and passionate staff.  Join us on our journey to transform lives as we raise the bar for patient service and outcomes! Explore exciting career opportunities with United Vein & Vascular Centers and unlock your potential!

We offer a supportive culture that is driven by deep commitment to the success of our patients and our teams. We invest in YOU and are dedicated to creating individualized opportunities for career advancement. In addition, we invest in our employees by offering:

• Competitive compensation package
• Outstanding work life balance
• Health, vision, and dental benefits
• 401K plan match
• Life insurance (100% company paid)
• PTO and paid holidays
• We invest substantial energy and resources in building a highly-engaged culture where your voice is heard, you are connected to a community of professionals who share your values, and you can thrive.

Responsibilities

As a Security Engineer, you will be responsible for designing, implementing, and maintaining security solutions to protect our healthcare infrastructure. You will work closely with IT, compliance, and risk management teams to enhance security frameworks, automate security processes, and ensure compliance with HIPAA, HITRUST, and other healthcare regulations.

• Work closely with the supervisor on maintenance security and compliance reporting through our GRC platform Vanta.
• Conduct risk assessments, penetration testing, and vulnerability remediation across networks, applications, and cloud environments.
• Ensure security controls align with HIPAA, HITRUST, and PCI frameworks; assist in audits and policy development.
• Configure and manage SIEM (CrowdStrike), responding to security incidents and forensic investigations as an escalation point.
• Develop and maintain automated security workflows using SOAR, Python, or PowerShell to improve threat detection and response.
• Manage and help maintain existing Knowbe4 platform and collaborate with IT and Compliance teams to promote cybersecurity best practices among employees.
• Design and deploy security tools, including firewalls, IDS/IPS, endpoint protection, and cloud security solutions.
• Secure Azure, EDW (Enterprise Data Warehouse) and on-prem infrastructure, ensuring access control and encryption best practices.
• Lead the development and implementation of IT Cybersecurity systems and department processes to prioritize and resolve requests effectively while maintaining compliance.
• Track and advise leadership on IT initiatives, enterprise security strategy, architecture, operations, and privacy policies.
• Assist in Maintaining the design, deployment, performance, and evaluation of UVVC’s enterprise systems.
• Bring new ideas for improvement to meet UVVC IT needs.
• Maintain and administer computer networks and related computing environments including computer hardware, systems software, applications software, and all configurations to align to security best practices.
• Develop, Implement, and Maintain Cybersecurity Policies, procedures, and standards in accordance with industry best practices and regulatory requirements. (e.g., NIST 800-171 Rev 3, ISO 27001, GDPR, etc.).
• Assist in the technology deployment of new clinic builds clinic expansions and acquisitions.
• Ensure the team leverages zero trust concepts, centralized Identity management systems, MDM, cloud automations, and other modern technologies and security best practices for effective and efficient systems administration.
• Identify common hardware, software, network or system problems and research solutions to engineer efficient solutions to recurring issues.
• Act as an escalation point for resolution diagnosis, and resolution of hardware, software, or other network and system problems.
• Collaborate with others to resolve information technology issues.
• Participate in and manage on-call rotation to ensure we have support coverage across our clinic time zones.
• Reporting- Weekly\Monthly on system status, compliance, and security deficiencies, including but not limited to SIEM reports, Cyber training compliance, Microsoft Secure Score, etc.
• Demonstrate and promote a work culture committed to UVVC’s Core Values: Understanding, Nurturing, Ingenuity, Trust, Excellence, and Diversity.
• Demonstrate behaviors that are consistent with UVVC’s Standards of Conduct as outlined in our Employee Handbook. ·
• Maintain the confidentiality and security of Protected Health Information (PHI) in accordance with UVVC policies, the Health Insurance Portability and Accountability Act (HIPAA), and other applicable laws and regulations. PHI is a top priority of our organization.
• Perform other related duties as assigned.

Qualifications

• Bachelor’s degree in Cybersecurity, Computer Science, or related field (or equivalent experience).
• 3+ years of experience in security engineering, network security, or related roles.
• Prior experience with supporting a larger environment (500+ user environments) required.
• Proficient in Windows, Mac, Active Directory, Office 365, and iOS.
• Experience with enterprise Microsoft infrastructure (Active Directory, Office 365, Azure AD, Exchange online, SharePoint, Teams, Intune).
• Experience with cloud environments (Azure).
• Experience with managing and reporting Microsoft Secure Score.
• Experience with CrowdStrike Falcon SIEM\SOAR MDR
• Experience with Knowbe4 Cybersecurity
• Experience with Vanta (GRC Platform)
• Experience with identity & access management (Okta, Azure AD, MFA).
• Strong work ethic and multitasking abilities.
• Excellent written and verbal communication skills.
• Must be self-motivated, dependable, and can meet reliable on-site attendance and punctuality standards
• Strong understanding of firewalls, IDS/IPS, SIEM, and endpoint security solutions.
• Experience with cloud security in Azure.
• Scripting skills in Python, PowerShell, or Bash for automation.
• Familiarity with PCI, HITRUST, HIPAA security controls.
• Healthcare IT security experience (HIPAA compliance) is a plus.
• Certifications (Preferred but not required):
  • CISSP, CISM, CEH, GIAC, or Security+