Information Security Engineer

Bamboo Health is the leader in Real-Time Care Intelligence™ solutions aimed at improving lives for everyone experiencing physical and behavioral health challenges. We are driven by our mission to empower clients to deliver seamless, high-quality and cost-effective care during pivotal moments to improve health outcomes. From coast to coast, Bamboo Health partners with all major retail pharmacy chains, 52 states and territories, 100% of the top 10 best hospitals and more than half of the country’s largest health plans to improve more than 1 billion patient encounters annually. Join us in improving lives during pivotal care moments! 

Summary:

Bamboo Health is seeking an Information Security Engineer to join its Security Operations team. This role focuses on securing cloud-based enterprise and customer-facing applications, monitoring and responding to security alerts, and investigating vulnerabilities and incidents. You will apply analytical and creative skills while consuming the output of the security tools and logs generated by applications and systems throughout the enterprise – hunting for behavioral anomalies, unauthorized access, misconfigurations, or reconnaissance activity. Working with minimal supervision, you'll collaborate with security, IT, and development teams to analyze risks, detect anomalies, and support remediation efforts. The ideal candidate is someone with a heavy focus on cloud and/or application security and excited about expanding their skillsets into knowledge of application architecture or automation. You will also participate in an incident response rotation

What You’ll Do:

• Secure enterprise systems and customer-facing applications hosted in cloud and highly automated Kubernetes environments.
• Daily response and monitoring of system security alerts, 
• Participate in the discovery, analysis, and remediation efforts of security related issues or system, web, and container vulnerabilities discovered via automated or manual processes. 
• Configure cloud security systems to prevent or alert on unauthorized access.
• Manage infrastructure, container, web, API, and mobile application vulnerabilities through dynamic application security testing (DAST), penetration testing, and threat modeling and analysis.
• Engage in incident response processes including event monitoring, forensics, and incident remediation.
• Assist with detection engineering – help identify process automation opportunities or opportunistic use of AI to streamline security operations.
• Assist with the team's efforts with our internal security awareness program and security best practices.
• Participate in the on-call rotation to escalate and remediate security incidents as they arise.

What Success Looks Like…

In 3 months…

• Develop foundational expertise in Bamboo Health’s security operations by learning and applying our tools, systems, policies, and procedures, with an emphasis on cloud and application security controls.
• Participate in security operations by assisting with vulnerability scans, supervised application penetration testing, and engaging in the on-call rotation for incident response activities.
• Support the delivery of phishing simulations and help track engagement metrics to strengthen security awareness across the organization.

In 6 months…

• Advance projects to automate or further mature cloud security controls.
• Independently perform comprehensive web application testing (DAST) and web application penetration testing activities.
• Assist in processing access control requests.
• Start developing basic automation scripts for routine security tasks.
• Contribute to enhancing the software development life cycle with tailored security best practices.
• Understand key cloud security and compliance toolsets.

In 12 months…

• Propose, project manage, and implement cloud and application security control advancement projects.
• Lead comprehensive system and web application vulnerability management—including regular penetration testing programs—and escalate findings to internal teams.
• Identify areas where automation of security operations could improve existing procedures and implement the changes.

What You Need:

• Bachelor’s degree in Computer Science, Information Security, IT, or related discipline, or equivalent experience
• 5+years professional experience in Information Security
• Intermediate knowledge of Linux, macOS, and Windows
• Intermediate knowledge of cloud services such as AWS, Azure, or GCP
• Intermediate understanding of scripting languages or infrastructure-as-code (IAC) such asPython, PowerShell, bash, or Terraform
• Knowledge of incident response best practices and common endpoint protection and/or SIEM tools
• Domain familiarity in fields such as endpoint security, access control, vulnerability management, or securing remote cloud-centric enterprises and Kubernetes application environments
• Understanding of fundamentals of security audits and compliance frameworks
• Security or cloud certifications or other evidence of security-related achievements
• Hands-on vulnerability management experience
• Strong analytical and problem-solving skills, with a high level of judgment and creativity in designing innovative solutions. 
• Demonstrated ability to thrive in fast-paced, high-growth, and rapidly evolving environments.
• Excellent written and verbal communication skills, with ability to build and communicate business rationale
• Ability to work effectively in a remote-first environment, ensuring high-quality virtual interactions with minimal distractions.

What You Get: 

• Join one of the most innovative healthcare technology companies in the country.
• Have the autonomy to build something with an enthusiastically supportive team.
• Learn from working at the highest levels and on the most strategic priorities of the company, including from world class investors and advisors.
• Receive competitive compensation including health, dental, vision and other benefits.

Belonging at Bamboo

We Care. #BambooHealthValuesCare

Every human being has the right to the best possible healthcare. Our Real-Time Care Intelligence™solutions enable healthcare professionals to see and treat every individual as a whole person by providing the right information, at the right time – regardless of physical, behavioral or social barriers.   

We’re a great place to work because we care. We continually seek to learn about our differences and ensure the unique perspectives and contributions of all employees are welcome, valued and celebrated.   

Our commitment to making a positive impact starts by recognizing and leveraging our differences, building inclusive teams and cultivating a sense of belonging.

Bamboo Health is proud to provide equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. 

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

To protect our applicants from fraudulent recruitment activity, we recommend that all applicants verify the validity of an interview and hiring process by visiting our website www.bamboohealth.com. All valid job postings will be listed on our careers page. Bamboo Health does not conduct interviews via text and will not request sensitive information such as banking details during the application process.

#LI-Remote