Senior Staff Infrastructure Security Engineer
Kyruus' mission is to connect people to the right care, in pursuit of our vision: a better healthcare system- one that's transparent and accessible- where everyone gets the care they need. At Kyruus, our values are at the heart of everything we do:
We care deeply – We do the right thing even if it’s the harder thing.
We are fiercely driven – We harness our curiosity to pursue continuous improvement and create simple solutions to complex problems.
We lead with respect – We celebrate the individual traits that make each of us unique and seek out diverse voices to listen and learn.
We are accountable – We do what we promise for each other and our customers.
Here’s what that would mean for you in the Staff Infrastructure Security Engineer role.
Care: You care about our patients, our customers, our employees and our company. You want to do everything you can to keep them and their data safe.
Driven: You want to build the best Information Security program possible.
Respect: You respect the other departments at Kyruus. Security should be an enabler of their success.
Accountable: You value our compliance certifications and look to improve with each assessment cycle.
What you will do in a Staff Infrastructure Security Engineer role at Kyruus:
- Architect and Design Security Solutions: Collaborate with the team in the design and implementation of cutting-edge security solutions tailored to our cloud infrastructure and business goals, ensuring robust defense against potential threats.
- Monitor and Manage Cloud Security Tools: Utilize and manage tools to monitor and protect our cloud infrastructure, implementing best practices for cloud security.
- Integrate and Automate Security Tools: Identify processes that can be improved by automation and integration of our security tools. Identify gaps in our tools and recommend solutions to fill those gaps.
- Collaborate with Engineering and Ops Teams: Work closely with development, operations, and other teams to integrate security into the infrastructure design and deployment process, fostering a culture of security awareness.
- Incident Response Activities: Collaborate in incident response activities, from detection to resolution, ensuring a coordinated reaction to security incidents impacting the infrastructure.
- Develop Security Policies and Procedures: Contribute to the development and maintenance of collaborative security policies and procedures specific to infrastructure security, encouraging input from various stakeholders.
- Stay Informed and Share Trends: Monitor emerging security threats, technologies, and trends, and share insights that may impact the organization's infrastructure with relevant stakeholders.
- Contribute to a Collaborative Security Strategy: Engage with various teams in defining and implementing the overall security strategy related to infrastructure, ensuring that security is an enabler for our business.
- Help Us Achieve our Certification Goals: Participate in our journey to HITRUST or FedRamp certification.
- You’ll report to the Information Security Officer in the InfoSec Department within the Technology Division.
How You Can Grow
- Kyruus will bring you through an onboarding process that is both structured and self-guided, designed to enable connection and productivity as you learn more about our company, functions and products. Additionally, we have a culture of feedback, inclusive of our performance review process that provides you with the coaching, resources and opportunities to help you learn and grow with us.
- Kyruuvians in the Staff Infrastructure Security Engineer role can move in a more linear career path to a Senior Staff position. From there, you could move into an even more senior level role or explore a management position within the Information Security vertical.
- Kyruus also loves to see an internal transfer. If a linear career path is not what you’re looking for, you can work with your manager and HR to explore lateral moves to other parts of the organization as you continue to grow with us.
What you will bring:
- 8+ years in an information security role
- Experience with a variety of infrastructure security tools including:
- Experience with web application firewalls and an understanding of common web vulnerabilities.
- Proficiency in securing AWS and GCP cloud environments with hands-on experience with cloud and server security tools like IDS and server/container scanning.
- Strong understanding of network security principles, including experience with tools like VPNs and firewalls.
- Skills in vulnerability assessment and remediation, including experience with environment and code scanning tools.
- Experience in efficiently and effectively working with a team to handle security incidents.
- Knowledge of endpoint tools like endpoint detection and response, anti-malware, MDM tools.
- Proficiency in managing and utilizing Security Information and Event Management (SIEM) tools.
- Experience with Governance, Risk Management, and Compliance (GRC) tools facilitating efficient monitoring and management of organizational governance, risk, and compliance with privacy and healthcare related regulations.
- Experience with scripting languages, integration and automation tools to streamline security processes.
- Experience engaging with stakeholders to develop policies, document procedures and facilitate gathering of evidence of compliance.
- Good written and verbal communication skills.
- Proactive problem solving and team collaboration skills
- Experience with SOC 2, HITRUST, FedRamp or other compliance frameworks is a plus.
- Experience in a HIPAA regulated environment is a plus.
- Experience in a Mac environment is a plus
Equal Opportunity Employer
Kyruus is dedicated to providing equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, gender, national origin, citizenship, age, disability, sexual orientation, genetic information. We will not discriminate, in any employment decision, against any individual or group on the basis of race, color, religion, sex, gender, national origin, citizenship, age, disability, sexual orientation, genetic information, or veterans/national guard/military reserve status. This shall be done in compliance with all applicable federal, state, and local laws in every location in which Kyruus has facilities.