Staff Information Security Engineer

N-Power Medicine aims to establish a new paradigm in drug development by reinventing the ‘how’ and transforming clinical trials through better integration with clinical practice, ensuring broader participation by physicians and patients.  We are building an exceptional multi-disciplinary team with diverse expertise spanning healthcare, engineering, technology and regulatory, and with people who share our core value of Empowering Community through generosity, curiosity and humility.  We are working with urgency to bring better therapies to patients faster. 

N-Power Medicine is hiring a Staff Information Security Engineer reporting to the Senior Manager, Security & Privacy. This position will be responsible for designing, implementing, and optimizing security solutions to protect critical systems and sensitive patient data, ensure compliance with industry regulations, and mitigate cybersecurity risks. The ideal candidate has deep expertise in cloud security, security architecture, risk management, and hands-on experience implementing security technologies within a healthcare environment.

-Design, implement, and manage security controls in accordance with HIPAA, HITRUST, ISO 27001, NIST, and other industry -standard security frameworks to protect N-Power systems and sensitive data.

-Conduct periodic threat modeling and security risk assessments to identify and remediate security risks.

-Perform vulnerability scans for N-Power Medicine systems and software and apply patches and upgrades as required. 

-Coordinate and oversee the execution of regular third-party penetration testing efforts and lead remediation for identified findings.

-Support N-Power’s security audits through preparation of evidence, participation in interviews with auditors, and remediation of audit findings.

-Lead security incident response efforts, including detection, containment, investigation, root cause analysis, and remediation of security incidents.

-Implement continuous monitoring, threat intelligence and alerting through implementation and oversight of log aggregation and security information and event management (SIEM) solutions.

-Collaborate with Data & Technology, Quality, and IT teams to integrate security requirements and best practices into in-house developed software products, data platforms, and proof of concept initiatives.

-Integrate security best practices into CI/CD pipelines and conduct secure code reviews.

-Develop and maintain security policies, procedures, and technical documentation.

-Evaluate and recommend security technologies, tools, and practices to continuously enhance the organization’s security posture.

-Assess and monitor the security posture of third-party vendors and partners.

-Provide guidance and training to internal teams to promote a strong security culture.

-Develop and enforce security configurations for firewalls, IDS/IPS, SIEM, and endpoint protection platforms.

-Develop and test strategies to support high availability, business continuity, and disaster recovery of key platforms, tools and sensitive data.

-8+ years experience in Information Security with a focus on healthcare security solutions 

-BS/BA, Computer Science, Cybersecurity, or equivalent relevant experience.

-Relevant certifications such as CISSP, CISM, CISA, CEH, etc. preferred.

-Strong knowledge of HIPAA, HITRUST, ISO 27001, NIST, and other healthcare security regulations.

-Experience configuring and managing security technologies such as SIEM, EDR, firewalls, IDS/IPS, and cloud security tools.

-Strong understanding of cryptographic principles, IAM, and endpoint security.

-Expertise in securing cloud environments (AWS preferred) and in-house developed software applications. 

-Hands-on experience with DevSecOps practices and secure SDLC methodologies.

-Strong interpersonal and communication skills with ability to effectively collaborate with cross-functional teams is a must.

-Generous, Curious, and Humble.

This position is mostly a remote position, however, ability to travel to Redwood City, CA for periodic meetings may be required. 

The expected salary range for this position is $145,000 and $183,000. Actual pay will be determined based on experience, qualifications, geographic location, and other job-related factors permitted by law. N-Power Medicine (NPM) offers equity at hire as well as a discretionary annual bonus which may be available based on Company performance. This position is eligible for company benefits. 

We are a mission-driven, well-funded, rapidly growing company, eager to attract passionate professionals offering a highly attractive compensation package with a balanced and flexible work environment, competitive industry benefits as well as a 401K plan and other great company “perks.”

We are an Equal Opportunity Employer and value diversity at our company. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.

Covid-19 Policy –  The Company is committed to providing and maintaining a safe workplace, and to safeguard the health and well-being of our employees, families, visitors, and the community. While vaccination remains one of the most important tools in advancing the health and safety of employees and promoting the efficiency of workplaces, we are now in a different phase of our response when these measures are no longer necessary. We currently do not have mandatory COVID-19 vaccination requirements for our employees and contractors, as the COVID-19 public health emergency has ended. However, there are certain N-Power Medicine employees and contractors who, based on their role, will be required to continue to follow our 2021 COVID-19 vaccination and other requirements as mandated by N-Power Medicine’s partners they serve. We reserve the right to modify or amend our corporate policy at any time.

Applicants must be currently authorized to work in the U.S. on a full-time basis. The Company will not sponsor applicants for work visas.