Sr Engineer, Security (IT)

Posting Date

06/02/2025

2000 16th Street, Denver, Colorado, 80202, United States of America

Sr. Engineer, Security

General Purpose of the Job

IT Security Engineer with strong experience within a large enterprise environment and possesses both deep and wide expertise in the security space.

The Sr Security engineer will promote and ensure security by protecting system boundaries, keeping computer systems and network devices hardened against attacks and securing highly sensitive data. This individual will also be responsible for implementation and administration of network security hardware and software, enforcing the network security policy and complying with requirements of external security audits and recommendations.

Essential Duties and Responsibilities

• Develops and manages security for more than one IT functional area (e.g., data, systems, network and/or Web) across the enterprise. Wiz/Jira automated remediation system, F5/Cysiv configuration, logging, and alerting. Lead ensuring Cloud Security Firewall requests, Gitlab merge requests, GCP group access requests, and DaVita Temporary Privilege Escalation Tool requests are tracked, worked, and addressed.

• Develop and publish Information Security policies, procedures, standards and guidelines based on knowledge of best practices and compliance requirements. Checkov/Cloud Governance implementation project, expected timelines for security issue remediations, “How-To” docs for accessing and configuring our CSPM and ticketing tools, "Go to Cloud" Security Checklist to be used by teammates across the org that will be assisting with moving apps from on-prem to the cloud.

• Prepares status reports on security matters to develop security risk analysis scenarios and response

  procedures. Provide weekly, bi-weekly and monthly status updates on various cloud security projects including Wizvulnerability and misconfiguration management, the Cloud Governance effort of implementing security checks in the CI/CD pipeline, as well as log ingestion and custom alerting in Cysiv.

• Responsible for the tracking and monitoring of IT security incidents through remediation. Jira ticket tracking and communicating with other teams regarding security issues through remediation.

• Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks. Wiz/Jira automated remediation system, Cloud Governance Security Team approval tagging, as well as reviewing & updating the Terraform resources that the Cloud Security team is required to approve.

• Enforces security policies and procedures by administering and monitoring security profiles, reviews security violation reports and investigates possible security exceptions, updates, and maintains and documents security controls. Review policies and create custom controls in our CSPM to cover a variety of security frameworks. Examples of custom controls are monitoring for active container images with vulnerabilities in our environment and whitelisting designed activity by service accounts. Regarding documenting security controls: Document Cloud Security practices & procedures in Confluence and Administer the Cloud Security DevOps Jira project. Also – understand, grant, maintain and follow-up on soft exceptions for the Cloud Security team.

• Involved in the evaluation of products and/or procedures to enhance productivity and effectiveness. F5 testing, GitLab SAST approval gating, Security Command Center Premium, Checkov, Wiz Code. · Provides direct support to the business and IT staff for security related issues.

• Educates IT and the business about security policies and consults on security issues. Serve as a cloud security point of contact for other teams.

• Represents the security needs of the organization by providing expertise and assistance in all IT projects with regard to security issues. Provide expertise and feedback from a security perspective on operational tasks such as merge request approvals, firewall requests, and AD group assignments. Also provide expertise on larger projects such as WAF configuration for the F5 implementation.

Education and Experience

• 5+ years experience in IT Security
• Bachelor's Degree required, Master's Degree preferred.

Specialized Experience, Education, Training, or Qualifications

• BA or BS in Computer Science, Management Information Systems, or related field

• 6 to 8 years delivering information security infrastructure support and related services with a minimum of 10 years

  IT experience

• 5 years of IT experience ranging from cloud security engineering to big data platform engineering for a SIEM/SOAR solution, to cybersecurity consulting assisting with the creation of SOC runbooks and playbooks, as well as standing up an ELK stack.

• Demonstrated experience in computer security combined with risk analysis, audit, and compliance objectives Align tuning of CSPM controls and issue remediation program to the CIS benchmarks, including CIS GCP v3.0.0 and CIS GKE v1.5.0. Adjust severity of controls as needed, following risk analysis.

• DDPE experience with a focus on maintenance and upgrade support. Experience with other full disk encryption solutions, such as Microsoft BitLocker both with encrypting and decrypting disks including with supporting in disk recovery.

• Expert knowledge enterprise firewall technologies required. Assist with leading the review & approval of firewall requests from other IT teammates with source/destination of on-prem to cloud, cloud to on-prem and/or cloud to cloud.

• Strong knowledge of DLP. Strong knowledge of data loss prevention concepts and methodologies, as well as practical experience configuring the GCP Cloud Data Loss Prevention (DLP) API.

• Working knowledge of IPS/IDS Configuration. Good familiarity with configuring and tuning IDS solutions.

• Experience with incidence response within a team setting. Experience in validating true positives from Wiz Threat Detections and Cysiv alerts and working with the IR team on remediating, assisted with the creation of SOC runbooks and playbooks, helped lead the Cloud Security.

• Strong experience with Vulnerability Management Scanning and remediation support. Wiz remediation program I’ve helped built out, as well as helping to troubleshoot on-prem Kenna/Tenable vulnerability scanning system.

• Experience with SIEM including adding data source, infrastructure maintenance/ upgrade and software update support. Responsible for managing and providing updates for integrating logs from F5 Distributed Cloud and Wiz into Cysiv. Also responsible for creating custom alerting off those logs, ensuring we are notified of any log stoppages, assisting with technical issues, and working with other teams for actioning on incidents.

• Working knowledge of privileged account management within a large enterprise environment. Security reviews, testing, and operating DaVita’s in-house Temporary Privilege Escalation tool, as well as consistently review and provide feedback on GitLab merge requests created by other IT Teammates related to assigning privileges to users, groups, and service accounts.

• Highly responsive and proven professionalism in communication, interpersonal, analytical, and organizational skills. Responsive to messages and build relationships across teams, highly organized.

• Values-based personality with the ability to work both independently and in a team environment. Take time to assist teammates with security-related and other issues, attend CaSP and other DaVita events to grow and strengthen Village relationships.

Certifications (preferred):

• CISSP

• CISM,

• GIAC

• CEH

• Security+

• SSCP

• CISSP

• CEH

• GCP Professional Cloud Security Engineer

• GCP Professional Cloud Architect

What We’ll Provide:

More than just pay, our DaVita Rewards package connects teammates to what matters most. Teammates are eligible to begin receiving benefits on the first day of the month following or coinciding with one month of continuous employment. Below are some of our benefit offerings.

• Comprehensive benefits: Medical, dental, vision, 401(k) match, paid time off, PTO cash out
• Support for you and your family: Family resources, EAP counseling sessions, access Headspace®, backup child and elder care, maternity/paternity leave and more

• Professional development programs: DaVita offers a variety of programs to help strong performers grow within their career and also offers on-demand virtual leadership and development courses through DaVita’s online training platform StarLearning.

#LI-SM5

At DaVita, we strive to be a community first and a company second.  We want all teammates to experience DaVita as "a place where I belong."  Our goal is to embed belonging into everything we do in our Village, so that it becomes part of who we are. We are proud to be an equal opportunity workplace and comply with state and federal affirmative action requirements. Individuals are recruited, hired, assigned and promoted without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, protected veteran status, or any other protected characteristic.

This position will be open for a minimum of three days.

Salary/ Wage Range

$91,000.00 - $133,700.00 / year

For location-specific minimum wage details, see the following link: DaVita.jobs/WageRates

Compensation for the role will depend on a number of factors, including a candidate’s qualifications, skills, competencies and experience. DaVita offers a competitive total rewards package, which includes a 401k match, healthcare coverage and a broad range of other benefits. Learn more at https://careers.davita.com/benefits  

  

Colorado Residents: Please do not respond to any questions in this initial application that may seek age-identifying information such as age, date of birth, or dates of school attendance or graduation. You may also redact this information from any materials you submit during the application process.  You will not be penalized for redacting or removing this information.