COMPANY : HealthMark Group is a leading provider of health IT solutions for healthcare providers across the country. By leveraging technology to reimagine the business of healthcare, HealthMark transforms administrative processes into seamless digital solutions. From HealthMark’s proprietary MedRelease platform for Release of Information, the company is pioneering an efficient, compliant, and patient-centric approach to support the entire spectrum of the patient information journey. HealthMark Group was founded in 2006 with corporate headquarters in Dallas, TX, and has been named to both the Dallas 100 and the Inc. 5000 for multiple years in a row as one of the fastest-growing companies in the region and the country.
LOCATION : Remote
POSITION : Sr. Security Engineer
The Sr. Security Engineer is a member of the Security and IT Operations team focused on ensuring the confidentiality, integrity, and availability of sensitive health information. Given the regulatory landscape (e.g., HIPAA) and the importance of protecting patient data, this position requires deep technical expertise and strong security leadership.
PRIMARY ROLE AND RESPONSIBILITIES :
- Ensure HIPAA compliance by implementing necessary safeguards to protect Protected Health Information entrusted to us by our clients.
- Design, implement, and maintain cybersecurity architecture leveraging security framework including HIPAA Security Rule, NIST Cybersecurity Framework, and NIST 800-53
- Analyze current cloud and corporate security posture and recommend improvements, build and develop secure systems / infrastructure
- Configure, troubleshoot, and maintain security infrastructure software, tooling, and services
- Work with SecOps leadership, Legal, and Compliance teams to develop, review, and revise Security Policies and Procedures
- Establish Identity and Access guidelines, design and manage authorization and authentication systems, review access requests for approval, perform periodic audits of existing access
- Lead security components of audits such as SOC 2 Type 2, HITrust, and PCI
- Lead response to client security assessments
- Work with our Managed Service Provider to effectively monitor our systems for threats, and triage incidents using best practices methodology
- Work with Development and CloudOps to identify, manage and remediate vulnerabilities
- Provide Cyber Security training and mentorship to staff
- Develop and maintain documentation around security practices, incident response, and security protocols
- Provide metrics-based reporting utilizing cloud and third-party tools to identify and respond to security threats
- Great communicator with the ability to relay critical information to leadership promptly
- Stay up to date with industry trends and advancements in current attacks and remediations
- Ability to solve intricate problems with key source systems (Directory, Database, etc…)
REQUIRED EXPERIENCE AND QUALIFICATIONS :
Bachelor’s degree in Computer Science, Engineering, or related fieldRelevant experience at a senior engineering level for at least 5 years - may substitute for education.Experience with Cloud Service Providers such as AWS, Azure or GCPExperience with Microsoft Entra, Active Directory, and AWS IAM administrationExperience with HIPAA, NIST, SOC2, and HITrust security controlsCurrent information security certification (CISSP, CSSLP, CCFP, CISM)Experience using Agile methodologies including Scrum or KanbanStrong knowledge of operating systems (Windows) and network protocols.Familiarity with cloud security (e.g., AWS, Azure) and DevSecOps practices.ADDITIONAL PREFERRED EXPERIENCE :
Assist in planning and developing an information security strategyUnderstanding of trending attack vectors, remediations, and mitigating controlsProficiency with scanning and vulnerability toolsNetworking and Cryptography Experience in PracticeAuthentication Mechanisms and controls within IAM / PAM spacePentest / Adversarial testing of critical systems, components, or servicesPI259512772