Senior Security Engineer

COMPANY: HealthMark Group is a leading provider of health IT solutions for healthcare providers across the country. By leveraging technology to reimagine the business of healthcare, HealthMark transforms administrative processes into seamless digital solutions. From HealthMark’s proprietary MedRelease platform for Release of Information, the company is pioneering an efficient, compliant, and patient-centric approach to support the entire spectrum of the patient information journey. HealthMark Group was founded in 2006 with corporate headquarters in Dallas, TX, and has been named to both the Dallas 100 and the Inc. 5000 for multiple years in a row as one of the fastest-growing companies in the region and the country.

LOCATION: Remote

POSITION: Sr. Security Engineer

The Sr. Security Engineer is a member of the Security and IT Operations team focused on ensuring the confidentiality, integrity, and availability of sensitive health information. Given the regulatory landscape (e.g., HIPAA) and the importance of protecting patient data, this position requires deep technical expertise and strong security leadership.

PRIMARY ROLE AND RESPONSIBILITIES:

• Ensure HIPAA compliance by implementing necessary safeguards to protect Protected Health Information entrusted to us by our clients.
• Design, implement, and maintain cybersecurity architecture leveraging security framework including HIPAA Security Rule, NIST Cybersecurity Framework, and NIST 800-53
• Analyze current cloud and corporate security posture and recommend improvements, build and develop secure systems/infrastructure 
• Configure, troubleshoot, and maintain security infrastructure software, tooling, and services
• Work with SecOps leadership, Legal, and Compliance teams to develop, review, and revise Security Policies and Procedures
• Establish Identity and Access guidelines, design and manage authorization and authentication systems, review access requests for approval, perform periodic audits of existing access
• Lead security components of audits such as SOC 2 Type 2, HITrust, and PCI
• Lead response to client security assessments 
• Work with our Managed Service Provider to effectively monitor our systems for threats, and triage incidents using best practices methodology
• Work with Development and CloudOps to identify, manage and remediate vulnerabilities
• Provide Cyber Security training and mentorship to staff
• Develop and maintain documentation around security practices, incident response, and security protocols
• Provide metrics-based reporting utilizing cloud and third-party tools to identify and respond to security threats
• Great communicator with the ability to relay critical information to leadership promptly
• Stay up to date with industry trends and advancements in current attacks and remediations
• Ability to solve intricate problems with key source systems (Directory, Database, etc…)

REQUIRED EXPERIENCE AND QUALIFICATIONS:

• Bachelor’s degree in Computer Science, Engineering, or related field
• Relevant experience at a senior engineering level for at least 5 years - may substitute for education.
• Experience with Cloud Service Providers such as AWS, Azure or GCP
• Experience with Microsoft Entra, Active Directory, and AWS IAM administration
• Experience with HIPAA, NIST, SOC2, and HITrust security controls
• Current information security certification (CISSP, CSSLP, CCFP, CISM)
• Experience using Agile methodologies including Scrum or Kanban
• Strong knowledge of operating systems (Windows) and network protocols.
• Familiarity with cloud security (e.g., AWS, Azure) and DevSecOps practices.

ADDITIONAL PREFERRED EXPERIENCE:

• Assist in planning and developing an information security strategy
• Understanding of trending attack vectors, remediations, and mitigating controls
• Proficiency with scanning and vulnerability tools
• Networking and Cryptography Experience in Practice
• Authentication Mechanisms and controls within IAM/PAM space
• Pentest / Adversarial testing of critical systems, components, or services