Logo for RxBenefits, Inc.

Senior Security Engineer

Role overview

Qualifications

  • Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent work experience required.
  • Cyber-specific certification required (e.g., GCIH, GCFA, CISSP, or a relevant SIEM/vendor certification).
  • Minimum of seven (7) years of IT experience, with at least four (4) years in a security engineering, SOC, or incident response role.
  • Expert-level, hands-on experience with SIEM platforms (Sumo Logic strongly preferred).

Responsibilities

  • Own the SIEM platform end to end, including log source onboarding, correlation rule development, detection tuning, dashboarding, and platform performance and cost management.
  • Lead the full incident response lifecycle, including triage, containment, eradication, recovery, root cause analysis, and post-incident reporting.
  • Build and maintain detection content mapped to MITRE ATTCK; conduct proactive threat hunts across cloud infrastructure, endpoints, identity systems, and network traffic.
  • Define and enforce SOC processes, including alert triage workflows, escalation paths, on-call procedures, and operational metrics such as mean time to detect and mean time to respond.

About the company

RxBenefits, Inc. logo

RxBenefits, Inc.

Pharmaceuticals

Founded in 1995 and headquartered in Birmingham, AL with an office in Towson, MD, RxBenefits is the employee benefit industry’s first and only technology-enabled pharmacy benefits optimizer (PBO). Today, we employ more than 700 pharmacy pricing, data, and clinical experts to deliver prescription benefit savings to employee benefit consultants and their self-funded clients. RxBenefits exists to ensure EBC’s can offer mid-sized employers and their members an affordable pharmacy benefit solution combined with a Fortune 100 service experience. Our unique approach is enabled by our market-leading purchasing power, independent clinical solutions and high-touch superior service, allowing our clients to achieve their pharmacy program objectives. RxBenefits’ unwavering commitment to keeping pharmacy benefits affordable has created a better solution for the ever-changing market. RxBenefits provides equal opportunities for everyone that works for us and everyone that applies to join our team, without regard to sex or gender, gender identity, gender expression, age, race, religious creed, color, national origin, ancestry, pregnancy, physical or mental disability, medical condition, genetic information, marital status, sexual orientation, any service, past, present, or future, in the uniformed services of the United States (military or veteran status), or any other consideration protected by federal, state, or local law.

Company details

Company typeSME
IndustryPharmaceuticals
Company size501 - 1000

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description


RxBenefits is seeking a highly experienced Senior Security Engineer to lead our SIEM platform, security monitoring, and incident response function. This role owns the health and effectiveness of the security operations program end to end: log source architecture, detection engineering, alert triage, threat hunting, and incident response. The Senior Security Engineer operates as the technical authority for detecting and responding to threats across cloud, endpoint, identity, and network environments, and works closely with infrastructure and application security teams to close the loop from detection to remediation. The ideal candidate combines deep SIEM engineering skill with hands-on incident response experience and can operate independently in a HIPAA-regulated environment working toward NIST, ISO, and SOC 2 requirements.

Essential Job Responsibilities Include:

  • SIEM Engineering & Administration: Own the SIEM platform end to end, including log source onboarding, correlation rule development, detection tuning, dashboarding, and platform performance and cost management.
  • Incident Response: Lead the full incident response lifecycle, including triage, containment, eradication, recovery, root cause analysis, and post-incident reporting.
  • Threat Detection & Hunting: Build and maintain detection content mapped to MITRE ATT&CK; conduct proactive threat hunts across cloud infrastructure, endpoints, identity systems, and network traffic.
  • Security Operations: Define and enforce SOC processes, including alert triage workflows, escalation paths, on-call procedures, and operational metrics such as mean time to detect and mean time to respond.
  • Log Source Architecture: Manage ingestion pipelines from cloud audit logs (e.g., AWS CloudTrail), EDR, identity providers, network security platforms, and endpoint management tools into the SIEM.
  • Threat Intelligence Integration: Operationalize threat intelligence feeds into detection rules, enrichment workflows, and hunting hypotheses.
  • Automation & Scripting: Develop automation for detection engineering, alert enrichment, and response playbooks to reduce manual analyst workload and speed response time.
  • Tabletop Exercises: Lead in and support tabletop exercises to assess and continuously improve incident response procedures, crisis management, and disaster recovery plans.
  • Cross-Functional Investigations: Correlate findings across infrastructure, application security, and identity teams during investigations, and drive permanent remediation of identified risks.
  • Reporting: Produce technical incident reports and SOC posture reporting that give leadership clear visibility into detection coverage, response performance, and outstanding risk.
  • Standards & Documentation: Define and enforce detection engineering standards, runbooks, and playbooks used across the security team. 

Required Skills / Experience:

  • Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent work experience required.
  • Cyber-specific certification required (e.g., GCIH, GCFA, CISSP, or a relevant SIEM/vendor certification).
  • Minimum of seven (7) years of IT experience, with at least four (4) years in a security engineering, SOC, or incident response role.
  • Expert-level, hands-on experience with SIEM platforms (Sumo Logic strongly preferred), including log architecture, correlation rule development, and performance tuning.
  • Working knowledge of incident response methodology (e.g., NIST 800-61) and fluency with the MITRE ATT&CK framework.
  • Strong understanding of AWS security logging and detection services (CloudTrail, GuardDuty, Security Hub) and Windows/Linux log sources; Linux required.
  • Hands-on experience investigating alerts and telemetry from EDR (e.g., CrowdStrike), network security platforms (e.g., Zscaler), and O365/identity log sources.
  • Advanced scripting and automation experience with PowerShell, Python, or Bash required.
  • Ability to work fully independently and lead multiple complex investigations and projects to completion.
  • Excellent interpersonal and communication skills (verbal and written) across all levels of the organization.
  • Strong analytical and problem-solving skills, with sound judgment under incident pressure.
  • Ability to deliver on objectives.

Preferred Skills/Experience:

  • Experience participating in tabletop exercises preferred.
  • Healthcare industry experience preferred.


Based on relevant market data and other factors, the anticipated hiring range for this role is $120,000 to $150,000 annually. Final compensation rates will be determined based on various factors, including but not limited to experience, skills, knowledge, and internal equity considerations. This role is also short-term incentive eligible. Incentive amounts will vary by individual and business goals. 


We are committed to fair and equitable compensation practices. The final salary offered to the selected candidate may vary from the posted range due to individual qualifications. Our goal is to ensure that all teammates are compensated fairly and competitively based on their contributions to our organization.


RxBenefits is also committed to providing best in class benefits to our teammates. We offer a robust total rewards package that includes:


  • Remote first work environment
  • Choice of a HDHP or PPO Medical plan, we pay 100% of the premium for the HDHP for you and your eligible family members
  • Dental, Vision, Short- and Long-Term Disability, and Group Life Insurance that we also pay 100% of premiums (for your family too on Dental and Vision)
  • Additional buy-up options for Short- and Long-Term Disability and Life Insurance
  • 401(k) with an employer match up to 3.5% available after 60 days
  • Community Service Day to give back and support what you love in your community
  • 10 company holidays including MLK Day, Juneteenth, and the day after Thanksgiving plus a floating holiday to use as you like
  • Reimbursements for high-speed internet, we’ll send you a computer and monitors to help you do your best work
  • Tuition Reimbursement for accredited degree programs
  • Paid New Parent Leave that can be used for adoption or birth
  • Pet insurance to protect your furbabies
  • A robust mental health benefit and EAP service through Spring Health to support you when you need it most


Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

Security Engineer Related jobs

Other jobs at RxBenefits, Inc.

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.