Function Health

Function Health provides lab testing services to aid in the early detection of thousands of diseases. Focused on empowering patients to take charge of their hea

Senior Security Engineer

Location

United States

Posted

2 days ago

Salary

0

Seniority

Senior

Job Description

Senior Security Engineer

Function Health

Role Description We’re looking for a pragmatic Security Engineer with a strong focus on Identity and Access Management (IAM) to join our lean, fast-paced Security Operations team. In this hands-on role, you will lead the design and management of critical IAM systems protecting our clients’ health data—the foundation of our business. With nearly 1 million users and growing rapidly, you will be leading efforts for Okta and ConductorOne, responsible for: - Application integrations - Enabling provisioning - Building out our Okta organizational structure - Enforcing security policies around user access Beyond IAM, there’s room to expand into security operations, IT automation, and compliance as our team grows. This is a unique opportunity to own one of the strongest security controls in the company and directly reduce organizational risk at scale. Key Responsibilities - Administer and optimize Okta, including: - Integrating new applications for SSO - Implementing and enhancing provisioning and revocation workflows - Building and maintaining Okta organizational structure and role mappings - Administer ConductorOne to: - Integrate it with all relevant applications - Conduct User Access Reviews (UARs) - Enforce time-based access controls - Enable and improve automated provisioning and revocation - Collaborate with cross-functional teams to ensure secure onboarding/offboarding and least privilege enforcement - Support ongoing IAM policy development, documentation, and audit readiness - Monitor and respond to IAM-related alerts and incidents, escalating as needed - Identify opportunities to automate IAM workflows and enhance security operations - Participate in broader security initiatives including vulnerability management, IT automation, and compliance support Qualifications - 3–5 years of hands-on experience administering IAM platforms, ideally Okta and/or ConductorOne - Strong knowledge of SSO protocols (SAML, OIDC), provisioning standards (SCIM), and IAM best practices - Experience integrating multiple SaaS applications into centralized IAM systems - Familiarity with user lifecycle management, role-based access control (RBAC), and access review processes - Solid understanding of cloud infrastructure identity models (GCP preferred) and security operations fundamentals - Experience using Terraform for infrastructure as code, particularly for managing IAM resources and integrations - Comfortable working independently in a fast-moving environment with minimal supervision - Strong organizational skills and a detail-oriented mindset Core Values - Ruthless Prioritization: We don’t let perfect get in the way of progress. We move quickly to drive value, not perfection. We prioritize what drives impact. We never compromise on standards of excellence. - Member-First, Always: We design and deliver like we’re caring for someone we love. We create calendar, actionable, human experience. We prioritize responsiveness, peace of mind, and outcomes. We empower members with truth, clarity, and care. - One Team, Moving Fast: We are aligned in purpose, prioritization, and speed. We gather diverse perspectives to make informed decisions. We clear paths for each other and move fast together. We communicate clearly and respectfully, rallying around shared goals. - Radical Ownership, Relentless Execution: We don’t just ship– we own outcomes and drive results. We act with urgency and precision. We anticipate, initiate, and follow through. We meet challenges with grit and pragmatism. We embrace new tech to deliver better outcomes. - Mission Over Ego: We are ruthlessly aligned to our mission - and leave ego at the door. We disagree and commit. We don't tolerate politics or withholding information. We operate with honesty, transparency, and respect. - Sustained Integrity in Every Detail: We earn trust by obsessing over accuracy, quality, and clarity in everything we do. We prioritize clinical precision - data must be right. We sweat the details because outcomes depend on them. Benefits - Competitive salary and benefits package - Flexible working hours - Dynamic work environment where creativity and innovation are encouraged Important Notice Legitimate communication from the Function Health team will always come from an email address ending in @functionhealth.com. Function Health will never request personal information such as banking details or payment during the hiring process. Please be cautious of communications or job offers that come from other email domains, instant messaging platforms, or unsolicited calls. If you ever have doubts about the legitimacy of a communication, please reach out to us directly at talent@functionhealth.com.

Related Categories

Related Job Pages

More Security Engineer Jobs

GuidePoint Security logo

Security Consultant – Threat & Attack Simulation

GuidePoint Security

We help organizations make smarter cybersecurity decisions that minimize risk.

Full TimeRemoteTeam 201-500H1B Sponsor

• Deliver Threat & Attack Simulation's professional services, including but not limited to Vulnerability Assessments, Internal and External Penetration Tests, Wireless Security Assessments, Onsite and Remote Social Engineering, and a variety of custom assessments • Author comprehensive assessment deliverables that are proficiently tailored to both technical and managerial audiences and fully detail the technical execution, core deficiencies, business impact, and realistic remediation strategies • Utilize automation, orchestration, and scripting to reduce manual processes, improving overall efficiency while also enabling new capabilities to meet the rapidly changing needs of our clients • Contribute to marketing initiatives via activities such as publishing research, speaking at industry conferences, authoring blog articles and whitepapers, hosting webinars, and developing security tools • Assist with Practice development, including improving existing offerings • Perpetually strengthen relevant skills, knowledge, and abilities to stay at the forefront of the information security industry. • Foster client relationships by providing support, information, and guidance • Configure, operate, and manage a Breach and Attack Simulation (BAS) or continuous penetration testing platform and report results to relevant stakeholders promptly • Maintain a strong desire to learn, adapt, and improve along with a rapidly-growing company • Perform other duties as assigned

United States
Full TimeRemoteTeam 51-200

Role Description The IT IAM Engineer acts as a business enabler, proactively identifying and building solutions that help the company scale securely. The role owns the day-to-day administration of Lumistry's identity, access, and endpoint infrastructure and serves as the technical escalation point above our managed service provider for IT support. This is a role for someone who is comfortable working autonomously and taking ownership of their work, with support from the team. We are looking for a candidate who enjoys pragmatic optimization: automate the repetitive work and remediate what matters. The role reports to the Senior Director of IT & Information Security. - Administer the corporate identity provider: SSO configuration, application integrations, directory hygiene, and authentication policy - Build and maintain SCIM provisioning and deprovisioning so that joining, moving, and leaving the company drives access automatically from the HR system of record - Develop zero-touch employee lifecycle from initial provisioning through teardown in disparate systems. - Design and operate privilege escalation workflows so elevated access is requested, approved, time-bound, and logged rather than standing - Manage the lifecycle of service, shared, and machine accounts, including ownership assignment, credential vaulting, and rotation - Administer the productivity and collaboration suites (Google Workspace, Microsoft 365), including organizational units, delegation, security settings, and license hygiene - Execute identity consolidation across legacy product domains, working toward a single directory of record - Manage business request intake and routing so that requests for access, software, and purchases are approved by the appropriate owners before fulfillment - Conduct recurring user-access reviews and SSO hygiene checks across the SaaS application estate, producing audit-ready evidence - Manage software and hardware assets, including inventory tracking, procurement support, and administration of the macOS and Windows fleet through MDM - Maintain endpoint security by enforcing patching, triaging endpoint security alerts and vulnerabilities, and driving remediation to completion - Serve as the escalation point for the outsourced helpdesk, resolving escalated tickets and identifying opportunities to automate recurring requests - Automate repetitive tasks by integrating and scripting across the IT and security toolchain to scale the team's impact as the company grows - Support SOC 2 and enterprise customer security reviews with access evidence, controls, and documentation - Other duties as assigned Qualifications - 5+ years of hands-on IT or identity experience in a production environment - Direct experience configuring an identity provider and SSO integrations (SAML/OIDC) - Experience building SCIM provisioning and deprovisioning against a real application estate - Experience with Mobile Device Management for macOS and Windows - Practical scripting ability (Python, PowerShell, or similar) and comfort working with application and directory APIs - Detail and process-oriented mindset with the willingness to be a generalist and dig into things you have not done before - Excellent written communication and an inclination to document your work - Ability to operate semi-autonomously, sorting immediate priorities out of the shifting needs of a growing company Preferred - Experience in a regulated space such as SOC 2, HIPAA, or PCI compliance environments - Experience with identity workflow and automation platforms - Experience consolidating identity across acquired or legacy products - Experience coordinating with a managed service provider - Prior experience at a SaaS company or startup - Experience in secure systems for healthcare or financial industries Compensation The salary range for this role is $100,000-120,000, commensurate with experience. Work Location This is a remote position for candidates based out of the U.S. Applicants must currently reside in and be legally authorized to work in the United States. We are currently unable to provide visa sponsorship or relocation assistance for this role. Diversity & Inclusion at Lumistry Lumistry is an equal opportunity employer dedicated to an inclusive workplace. We prohibit discrimination and harassment based on race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, pregnancy, or any other characteristic protected by law. This commitment applies to all aspects of employment, from recruiting and hiring to compensation and promotion. Our decisions are based solely on qualifications, merit, and current business needs. Accessibility We provide reasonable accommodations for qualified individuals with disabilities during the application and interview process. If you require assistance, please don't hesitate to reach out.

United States
$100K - $120K / year
Full TimeRemoteTeam 51-200Since 2013H1B No Sponsor

• Partner closely with internal Blue Teams, SOC Analysts, and client IT leaders to identify vulnerabilities, map attack paths, and validate remediations. • Configure, deploy, and manage the Horizon3.ai NodeZero platform across diverse multi-tenant client environments, covering internal, external, cloud, and hybrid infrastructures. • Schedule and execute continuous or on-demand autonomous penetration tests based on client risk profiles, compliance mandates, or zero-day threats. • Analyze complex NodeZero testing outputs to differentiate between theoretical vulnerabilities and actual, exploitable attack vectors. • Translate highly technical attack data into clear, risk-prioritized remediation strategies for client IT and security leaders. • Conduct strategic Quarterly Business Reviews (QBRs) to visually demonstrate client security posture improvements and measurable security outcomes over time.

United States
Sabel Systems Technology Solutions, LLC logo

Information System Security Manager – ISSM

Sabel Systems Technology Solutions, LLC

Providing digital solutions for software, requirements, systems design, integration, and testing - digital engineering.

Full TimeRemoteTeam 201-500Since 2001H1B No Sponsor

• Cyber Risk Assessments and Implement security protocols • Provide in-person and/or remote/hybrid technical security engineering solutions to meet customer’s cybersecurity requirements • Participate in change control boards as a voting member and Evaluate security impacts with design changes • Validate software integrity and acquisition • Develop appropriate policy in accordance with DoD regulations and industry best practices • Oversee security tool efficacy as dictated by the customer (i.e. ACAS, ESS, STIG, SIEM, Back-up/Restoral, ICAM) • Conduct vulnerability scans on a weekly basis in accordance with DAF TASKORDS and DoD regulations • Stay updated with the latest DoD regulations, emerging cybersecurity trends • Develop and implement custom detection techniques to identify new and emerging threats • Report findings to stakeholders and assist in the creation of actionable security recommendations • Collaborate with SOC analysts and incident response teams to investigate, remediate, and escalate security incidents • On-call and/or evening or weekend hours may be required, as needed, for emergent issues • SCA and ATO engagement and eMass package creation and management • Up to 10% domestic travel could be required

Ohio