[Remote] Security Engineer

Remote Full-time
Note: The job is a remote job and is open to candidates in USA. Birdi is a company focused on cybersecurity within the healthcare sector, and they are seeking a Security Engineer. This role involves designing and implementing a comprehensive cybersecurity program, focusing on software supply chain security, IAM, and compliance readiness for SOC 2 Type II and HIPAA.ResponsibilitiesResearch, develop, and implement comprehensive cybersecurity policies and procedures from the ground up to achieve and maintain SOC 2 Type II certification, including defining controls, gathering evidence, and coordinating with external auditorsConduct regular risk assessments and vulnerability analyses to identify potential security threats and develop mitigation strategies aligned with HIPAA requirements and industry best practicesDesign, implement, and manage Identity and Access Management (IAM) strategies, including role-based access control (RBAC), least privilege principles, multi-factor authentication (MFA), and single sign-on (SSO) solutionsEstablish and enforce software supply chain security practices, including Software Bill of Materials (SBOM) management, dependency scanning, vulnerability assessment, container security, and secure CI/CD pipeline integrationDevelop and maintain permissions governance frameworks, conducting regular access reviews and ensuring appropriate authorization levels across all systems handling PHI and sensitive dataMaintain incident response procedures, including breach notification processes compliant with HIPAA requirements, and lead security incident investigations and remediation effortsDesign, implement, and manage a comprehensive Security Awareness Training program for all workforce members, covering HIPAA requirements, phishing awareness, social engineering defense, and secure data handling practicesTrack and document training completion for all employees, maintaining records for audit purposes and ensuring ongoing education as cyberthreats evolveCollaborate with Development and DevOps teams to integrate security practices into the software development lifecycle (SDLC), including secure coding standards, code review processes, and automated security testingEvaluate and manage third-party vendor security risks, conducting security assessments and ensuring business associates comply with HIPAA and organizational security requirementsParticipate in an on-call rotation schedule for critical security incidents and support incident management processes for security-related eventsSkillsProven experience in Information Security, Cybersecurity Engineering, or a similar role with hands-on experience implementing security programs and compliance frameworksStrong knowledge of compliance frameworks including SOC 2, HIPAA Security Rule, NIST Cybersecurity Framework, and CIS Controls, with experience preparing for and supporting auditsDeep expertise in Identity and Access Management (IAM), including experience with IAM platforms, RBAC implementation, MFA, SSO, and privileged access managementExperience with software supply chain security tools and practices, including SBOM generation, dependency scanning (e.g., Dependabot, Snyk), and secure CI/CD pipeline configurationProficiency with endpoint protection solutions including EDR platforms, firewalls, and network security toolsStrong understanding of cloud security principles and experience securing AWSExcellent written and verbal communication skills, with the ability to translate complex security concepts for technical and non-technical audiencesStrong analytical, problem-solving, and incident response skills with attention to detailSelf-directed individual capable of working independently to build programs from the ground up with minimal supervisionBachelor's degree in information security, Computer Science, or related field; or equivalent combination of education and experience with at least 3-5 years of relevant cybersecurity experienceDemonstrated experience implementing security compliance programs (SOC 2, HIPAA, ISO 27001, or similar)Experience conducting risk assessments and developing security policies and proceduresExperience working within the Healthcare industry with direct knowledge of HIPAA compliance requirements and ePHI protectionIndustry certifications such as CISSP, CISM, Security+, CCSP, AWS Security Specialty, or HCISPP (Healthcare Information Security and Privacy Practitioner)Experience with zero trust architecture design and implementationFamiliarity with healthcare data standards (HL7, FHIR) and healthcare IT systems including EHR platformsExperience with policy-as-code tools (e.g., OPA, Checkov) and infrastructure-as-code security scanningScripting and automation skills in Python, PowerShell, or Bash for security automationExperience with container security, Kubernetes security, and DevSecOps practicesExperience with Security Awareness Training platforms (e.g., KnowBe4, Proofpoint) and phishing simulation toolsBenefitsCompetitive health coverage (medical, dental, vision)Paid time off and holidaysRetirement savings optionsWellness and support programsOpportunities for career growthCompany OverviewBirdi provides online pharmacy services. It was founded in 2021, and is headquartered in Novi, Michigan, USA, with a workforce of 201-500 employees. Its website is https://www.birdirx.com.Company H1B SponsorshipBirdi has a track record of offering H1B sponsorships, with 1 in 2023. Please note that this does not guarantee sponsorship for this specific role.

Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

[Remote] Technical Support Engineer | 100% Remote | Perfect Engilsh Required | Construction SaaS | CLUE (getclue.com)

Remote

Financial Analyst, Senior Associate - Velocity Black (Remote) - Unlock Your Potential in a Fast-Paced, Dynamic Environment

Remote

Territory Sales Officer

Remote

Senior Java Software Engineer

Remote

Walmart Work From Home (Remote Jobs) Salary - VacancyGlobal

Remote

Online Automotive Sales Chat Specialist

Remote

**Experienced Part-Time Remote Data Entry Associate – Flexible Hours for a Balanced Work-Life Schedule**

Remote

[PART_TIME Remote] Remote Jobs With Netflix $25/Hour

Remote

Human Resources Business Partner - Mason, OH

Remote

Hiring Now: Postal Processing Clerk

Remote
← Back