[Remote] Security Engineer
Note: The job is a remote job and is open to candidates in USA. HFD is on a mission to make healthcare more affordable by providing better payment solutions. They are seeking a Security Engineer to join their IT Security function, focusing on cloud security, compliance, incident response, and security architecture. The role involves applying risk management principles, conducting security assessments, and collaborating with teams to enhance the organization's security posture.ResponsibilitiesApply risk management principles to identify, assess, and reduce security risks across cloud, endpoint, identity, network, and application environmentsMaintain working knowledge of approved cybersecurity standards, frameworks, policies, procedures, and industry best practicesPerform security control reviews, gap assessments, and remediation planning to strengthen the organization’s security postureSupport vulnerability management activities, including vulnerability analysis, risk prioritization, remediation tracking, and validation of completed fixesMonitor alerts, logs, and threat indicators from SIEM, EDR, cloud, identity, and other security platforms to identify suspicious or anomalous activityTriage and investigate security events, support containment actions, document findings, and assist with incident response effortsReview system, application, cloud, and identity configurations to identify security risks, misconfigurations, and hardening opportunitiesAssist with compliance and audit readiness activities, including evidence collection, control validation, and documentation of security practicesSupport access reviews and identity security efforts, including privileged access validation, account hygiene, and review of high-risk permissionsAssist with defining and documenting security requirements for new systems, integrations, applications, and business processesHelp maintain and improve security policies, operational procedures, runbooks, and post-incident documentationContribute to detection engineering efforts by helping refine alerts, reduce false positives, and improve visibility across security platformsIdentify opportunities to improve automation, monitoring, response workflows, and overall security operations maturityCollaborate with IT, engineering, and business teams to communicate risks, recommend practical security improvements, and support remediation effortsParticipate in lessons learned, incident reviews, and continuous improvement activities to reduce future security riskProactive threat hunting across multiple landscapesSkills2–5 years of hands-on experience in an IT security, cloud security, or security operations rolePractical experience with Microsoft Azure security services (Defender, Entra ID, Secure Score, Sentinel, or equivalent)Foundational knowledge of PCI DSS or similar compliance frameworks (HIPAA, SOC 2, NIST)Strong written communication skills — you will write runbooks, RCAs, and compliance documentationAbility to work independently and manage your own workload with minimal oversightRobust conceptual and practical understanding of IT infrastructure designs, technologies, products, and servicesExperience formulating and/or interpreting cyber threat analysis of adversary techniques, tactics, and procedures used to disrupt computer networksAbility to pay close attention to detail and be self-motivatedAbility to multitask and excel in a fast-paced environmentBeginner / Intermediate proficiency in Microsoft excelSecurity certification such as CompTIA Security+, AZ-500, SC-200, PJPT, PNPT, or CISSP AssociateExperience in healthcare, fintech, or financial services environmentFamiliarity with MITRE ATT&CK framework and threat modelingScripting or automation skills (PowerShell, Python, KQL/Kusto for Azure)Exposure to DevSecOps practices or pipeline security toolingRobust conceptual and practical understanding of IT infrastructure designs, technologies, products, and servicesExcellent written and verbal communication skills, analytical ability, judgment, and the ability to work effectively with the DevOps and Engineering Support TeamBenefitsMedical, Dental, Vision Insurance401k with 4% company match.Time off: Unlimited PTO , 6 days of paid sick time, plus 6 paid holidays and 1 floating holiday (from the HFD approved list).EPIC company cultureCompany OverviewHFD (Healthcare Finance Direct) is a fintech platform that helps healthcare providers offer flexible, affordable pay-over-time financing solutions to every patient, regardless of credit score. It was founded in 2009, and is headquartered in Southlake, Texas, US, with a workforce of 51-200 employees. Its website is http://gohfd.com.