Empower healthcare professionals to find and do their best work
Senior IT/Security Engineer – AI-native
Location
Alabama + 30 moreAll locations: Alabama | Arizona | California | Colorado | Connecticut | District Of Columbia | Florida | Idaho | Illinois | Iowa | Nebraska | Nevada | New Jersey | New York | North Carolina | Ohio | Oregon | Maryland | Massachusetts | Michigan | Minnesota | Mississippi | Missouri | Pennsylvania | South Carolina | Tennessee | Texas | Utah | Virginia | Washington | West Virginia
Posted
3 days ago
Salary
0
Seniority
Senior
Job Description
Senior IT/Security Engineer – AI-native
Incredible Health
• Owning our compliance program end to end: driving our annual SOC 2 Type 2 audits from evidence collection through auditor walkthroughs, and running Vanta as our governance home base year-round. • Completing security questionnaires, addendums, and AI risk assessments for the IT and security teams at our hospital clients — and making sure they understand we're doing the right thing. (Health systems ask great, hard questions. You'll have great answers.) • Running real BCDR tests and treating them like live incidents to find the gaps before the gaps find us. • Coordinating annual pen tests and driving remediation of findings within SLA. • Managing security across our stack: AWS, Heroku, Cloudflare, Google Workspace, GitHub, and our communication tools. • Administering our laptop fleet for a fully remote team — imaging, shipping, MDM enrollment, inventory, and end-of-life — so every machine is encrypted, managed, and remotely wipeable. • Running access reviews and enforcing least privilege: pruning admin lists, enforcing SSO and 2FA, and tuning password policies. • Ensuring new employees get access to everything they need on day one, and departing ones are locked out the same day — partnering with HR and Finance on a tight onboarding/offboarding loop through Rippling and Google. • Evaluating and securing AI tooling — from how our team uses Claude and MCP servers to partnering with engineering on customer questions about AI risk, bias testing, and model governance. • Doing vendor management and procurement reviews, and finding savings while you're at it. • Staying on top of the rapidly evolving AI threat landscape and adapting our defenses and team training as fast as the attackers adapt theirs. • Playing professor and educating our team on everything security. • Advising leadership on security matters during project planning, and working with our full stack engineers to ship improvements you identify. • Being the savior in the event of a security incident — leading response, analysis, and the write-up afterward. • Supporting co-workers when they manage to put their computers in a bad place. (They should enjoy talking to you, and you to them!)
Job Requirements
- You've already been doing this kind of thing for at least five years.
- You've owned a SOC 2 Type 2 audit cycle yourself — wrangled the evidence, sat with the auditors, and come out the other side with a clean report.
- Cloud security is one of your strong suits.
- Extra points if you've locked down AWS before, and double extra if you've herded Cloudflare too.
- You've deployed and administered tools for all the big acronyms: IAM, EDR/XDR, SIEM, CSPM, MDM, and GRC platforms like Vanta.
- You've answered security questionnaires from large enterprise or healthcare customers and know how to turn a 200-row spreadsheet into a closed deal.
- You have informed opinions about AI security — securing internal AI tools, evaluating AI vendors, and translating technical AI work into answers enterprise customers trust.
- You have scaled security to fight off the ever-increasing phishers and breachers in a fast and high-tech environment.
Benefits
- We offer a competitive, market based salary aligned with your skills and experience
- Our comprehensive benefits package covers medical, dental and vision coverage with shared premiums
- Our company sponsored 401(k) allows you to save for retirement
- Commission and/or equity may be offered based on the position
- Unlimited vacation, so take a break when you need it!
- We have a generous family leave policy so that you can spend time bonding with new additions to your family.
- We welcome candidates with backgrounds that are commonly underrepresented in our industries.
- We deeply value culture, community, and camaraderie amongst our team - we strive to create a work environment that lets you have fun and celebrate (team events and trivia galore!).
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Role Description We are seeking an AI Security Architect - Data Security & DSPM to own the end-to-end security architecture for our Agentic AI platform and lead the data security mandate for AI. This senior role consolidates two critical scopes - agentic AI security architecture and Data Security Posture Management (DSPM) - into a single accountable owner who designs secure platforms and protects the data flowing through them. - Define and own the agentic AI reference security architecture (v1 and beyond) including Platform 1.0 hardening - Stand up and operate Microsoft Purview DSPM for AI accelerated via Microsoft FastTrack - Establish the sensitivity-label and ML auto-classification baseline - Map and govern data flows into and out of agents - Set architecture standards for agent-to-API and agent-to-data access patterns - Design and secure agentic AI workloads across a multi-cloud estate spanning Azure and AWS - Ensure consistent controls regardless of where agents are built and run - Partner with identity, AppSec and GRC functions to ensure controls are designed in, not bolted on Qualifications - 8+ years of experience in security architecture with deep expertise in Azure and M365 environments - Proficiency in Microsoft Sentinel, Entra and Defender for Cloud - Hands-on experience building and securing agents in multi-cloud setups including AWS Bedrock Agents, AWS Lambda and IAM alongside Azure - Hands-on expertise in Microsoft Purview DSPM for AI, sensitivity labels, data-flow mapping and ML-based auto-classification - Knowledge of API and agent architecture security with familiarity with Copilot Studio and agent platforms - Proven track record designing enterprise-scale secure architectures in regulated environments - English proficiency at B2 level or higher Requirements - Nice to have: Background in life sciences, medical devices or other regulated manufacturing - Relevant certifications (e.g. CISSP, Azure Security Engineer, SC-100)
Role Description We are seeking a Senior Security and Networking Engineer to join our team and strengthen the security and reliability of our network infrastructure. The ideal candidate will bring deep expertise in network and web application security, combined with a strong technical foundation in networking, to protect high-traffic platforms and collaborate closely with cross-functional teams. - Investigate security incidents and optimize security configurations across the platform - Collaborate with Security, DevOps, Infrastructure and Application teams to strengthen protection - Configure and manage DDoS protection, bot mitigation and web application firewall solutions - Analyze HTTP/HTTPS traffic to detect and mitigate potential threats - Maintain and enhance edge security solutions on the Akamai platform - Troubleshoot networking issues related to TCP/IP, DNS, CDN and TLS/SSL - Build expertise in Akamai security products to support platform operations - Ensure high availability of infrastructure through load balancing and proxy configurations Qualifications - 5+ years of experience in network security and web application security with proficiency in HTTP/HTTPS traffic analysis - Solid knowledge of networking fundamentals including TCP/IP, DNS and CDN as well as TLS/SSL, load balancing and proxies - Understanding of WAF concepts and experience with security technologies such as DDoS protection, bot mitigation and web application firewalls or edge security solutions - Flexibility to quickly gain expertise in the Akamai platform (mandatory for the role) - Strong analytical and troubleshooting skills with the capability to investigate security incidents and optimize security configurations - Experience collaborating with Security, DevOps, Infrastructure and Application teams - English proficiency at B2 level or higher Requirements - Nice to have hands-on experience with Akamai technologies or similar CDN/security platforms such as Cloudflare, Fastly, Imperva or F5 - Experience supporting high-traffic eCommerce or customer-facing applications - Familiarity with PCI-DSS, GDPR or other security compliance standards - Akamai certifications or equivalent experience
Role Description Our Information Security team protects Revolut's systems, data, and people. They combine technical expertise with a proactive, risk-based mindset to stay ahead of threats and keep our technology and customers secure at every step. We're looking for an Information Security Manager to collaborate with regulators, management, and the Risk and Compliance team to oversee all things related to information security. You'll ensure proper documentation and reports are accurate and compliant. Up to shape what's next in finance? Let's get in touch. What you'll be doing - Managing information security policies and advising on and/or implementing these policies into practical, actionable procedures to ensure compliance - Reporting and communicating InfoSec risk and compliance matters to both internal and external stakeholders - Acting as an advisory function on cross-functional security risk and compliance topics - Drafting, supporting, and peer-reviewing responses to regulatory RFIs - Ensuring InfoSec services are delivered consistently and to a high standard across functions - Identifying gaps in policies or processes by assessing risk, compliance, control management, and service quality, and driving process or control improvements to remediate them Qualifications - 3+ years of information security management experience in financial services, banking, and/or payments - Fundamental knowledge of information security governance, risk management, and compliance management - An understanding of information security controls across domains and how they operate - Excellent analytical, problem-solving, and decision-making skills - Impressive communication, negotiation, and stakeholder management skills Nice to have - Relevant information security certifications (CISSP, CISM, CRISC, CISA) - Knowledge of building SQL queries for business intelligence/management information Compensation range - US: $224,100 - $249,000 gross annually* - Other locations: Compensation will be discussed during the interview process - *Final compensation will be determined based on the candidate's qualifications, skills, and previous experience Important notice for candidates - Only apply through official Revolut channels. We don't use any third-party services or platforms for our recruitment. - Always double-check the emails you receive. Make sure all communications are being done through official Revolut emails, with an @revolut.com domain. - We won't ask for payment or personal financial information during the hiring process. If anyone does ask you for this, it's a scam. Report it immediately.
Information System Security Officer / Information System Security Engineer
LeidosLeidos is an innovation company rapidly addressing the world’s most vexing challenges in national security and health.
Role Description The DoW Healthcare Management System Modernization (DHMSM) Program is looking for an experienced ISSO/ISSE to join our cyber team in support of the continued development, sustainment, and deployment of the Military Health System (MHS) GENESIS system. MHS GENESIS is deployed globally to over 3700 locations at 138 Medical Treatment Facilities (MTFs), serving 190K users, providing 1100+ clinical workflows delivering medical electronic health record (EHR) capabilities for nearly 10M beneficiaries. The ISSO supports the Cybersecurity Leads with all Risk Management Framework (RMF) Authorization and Sustainment related functions to include: - Maintaining RMF Authorizations for all assigned ATOs including any required IATT, ATO, ASR, RA and ConMon related activities. - Primary cybersecurity review of system architecture and technical artifacts (to include PPSM, diagrams, STIGs, compliance evidence, and policy documentation). - Developing, updating and working with Cybersecurity Leads and LPDH partners to ensure implementation of cybersecurity policies and procedures. - Ensuring assigned systems meet requirements to obtain required authorizations and approvals including IATT, ATO, and ASRs from the assigned Authorizing Official (AO). - Understanding all DOW and DHA RMF policies, procedures, and guidance and keeping up with all changes. - Ensuring eMASS record is maintained in accordance with DHMHSM and DHA requirements. - Assisting with the development of templates and recommending other tools to support risk management and ATO activities, as needed. - Working with CyberOps to ensure all assets are scanned properly and that any scan issues are resolved in a timely manner. - Tracking all issues. - Developing and Maintaining Plans of Action and Milestones (POA&Ms) and Risk Acceptances for all assigned ATOs. - Tracking vulnerability remediation statuses and POA&M closures on a weekly basis for metrics reporting. - Periodically evaluating the effectiveness of all Assessment Procedures for RMF security controls to ensure operational security posture is maintained. - Supporting cybersecurity compliance assessment efforts by providing systems engineering and documentation support. - Ensuring all DoW and DHA cybersecurity-related documentation is current and accessible to properly authorized individuals. - Assisting Cybersecurity Leads in ensuring the project meets identified milestones and requirements. - Contributing to the development of cyber strategies and any associated documentation. - Ensure all users have requisite security clearances and access authorization. - Provide Subject Matter Expertise for customer inquiries. Qualifications - BS degree and 8-12 years of prior relevant experience. - US Citizen with Active Secret Clearance or higher – required. - Minimum of 5 years’ hands-on experience on Defense Health Agency projects in a cybersecurity role. - DoW 8570 Certification. - Proficiency in eMASS. - Prior experience with DoW Accreditation and tools such as eMASS, ACAS, CMRS and HBSS. - Knowledge of networks, cyber defense toolsets and processes. - Strong understanding of related technologies and significant knowledge of networking technologies, operating systems, and security tools, tactics, techniques, and procedures. - Attention to detail. - Excellent written and verbal communication skills. - Experience with network and network security assessments and documenting the results using NIST SP 800-53A (Rev 5). - Strong ability to document recommendations to correct security weaknesses resulting from security assessments. - Experience developing network and network security policies and system security documentation and procedures. - Experience with DoW Information Assurance Vulnerability Management (IAVM) Program. - Experience with Cloud. - Experience with Containers. - Scripting knowledge: PowerShell, Python, Shell Scripting. Requirements - PMP Certification. - A high degree of proficiency in eMASS. - DHA A&A Experience. - Proficiency in ACAS/NESSUS, SCAP. - Experience with Cloud. - Experience with Containers. - Experience with the DoW Information Assurance Vulnerability Management (IAVM) Program. Benefits - Pay Range: $107,900.00 - $195,050.00. - The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. - Additional factors considered in extending an offer include responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

