Security Engineer

COMPANY: HealthMark Group is a leading provider of health IT solutions for healthcare providers across the country. By leveraging technology to reimagine the business of healthcare, HealthMark transforms administrative processes into seamless digital solutions. From HealthMark’s proprietary MedRelease platform for Release of Information, the company is pioneering an efficient, compliant, and patient-centric approach to support the entire spectrum of the patient information journey. HealthMark Group was founded in 2006 with corporate headquarters in Dallas, TX, and has been named to both the Dallas 100 and the Inc. 5000 for multiple years in a row as one of the fastest-growing companies in the region and the country. LOCATION: RemotePOSITION: Security EngineerThe Security Engineer is a member of the Security and IT Operations team focused on ensuring the confidentiality, integrity, and availability of sensitive health information. Given the regulatory landscape (e.g., HIPAA) and the importance of protecting patient data, this position requires deep technical expertise and strong security leadership. PRIMARY ROLE AND RESPONSIBILITIES:Ensure HIPAA compliance by implementing necessary safeguards to protect Protected Health Information entrusted to us by our clients. Implement, and maintain cybersecurity architecture leveraging security framework including HIPAA Security Rule, NIST Cybersecurity Framework, and HITRUSTAnalyze current cloud and corporate security posture and recommend improvements, build and develop secure systems/infrastructure Configure, troubleshoot, and maintain security infrastructure software, tooling, and servicesWork with SecOps leadership, Legal, and Compliance teams to develop, review, and revise Security Policies and ProceduresEstablish Identity and Access guidelines, design and manage authorization and authentication systems, review access requests for approval, perform periodic audits of existing accessSupport security components of audits such as SOC 2 Type 2, HITRUST, and PCISupport response to client security assessments Work with our Managed Service Provider to effectively monitor our systems for threats and triage incidents using best practices methodologyWork with Development and CloudOps to identify, manage and remediate vulnerabilitiesProvide Cyber Security training and mentorship to staffDevelop and maintain documentation around security practices, incident response, and security protocolsProvide metrics-based reporting utilizing cloud and third-party tools to identify and respond to security threatsGreat communicator with the ability to relay critical information to leadership promptlyStay up to date with industry trends and advancements in current attacks and remediationsAbility to solve intricate problems with key source systems (Directory, Database, etc.…)REQUIRED EXPERIENCE AND QUALIFICATIONS:Bachelor’s degree in Computer Science, Engineering, or related fieldRelevant experience for at least 3 years - may substitute for education. Experience with Cloud Service Providers such as AWS, Azure or GCPExperience with Microsoft Entra, Active Directory, and AWS IAM administrationExperience with HIPAA, NIST, SOC2, and HITrust security controlsCurrent information security certification (CISSP, CSSLP, CCFP, CISM)Experience using Agile methodologies including Scrum or KanbanStrong knowledge of operating systems (Windows) and network protocols. Familiarity with cloud security (e.g., AWS, Azure) and DevSecOps practices. ADDITIONAL PREFERRED EXPERIENCE:Assist in planning and developing an information security strategyUnderstanding of trending attack vectors, remediations, and mitigating controlsProficiency with scanning and vulnerability toolsNetworking and Cryptography Experience in PracticeAuthentication Mechanisms and controls within IAM/PAM spacePentest / Adversarial testing of critical systems, components, or servicesCertification in related field or tooling is a plusOriginally posted on Himalayas Apply To this Job