Security Engineer - Commercial Infrastructure Engineering

The Nuna Security team is responsible for protecting the confidentiality, integrity, and availability of all healthcare data, client information, intellectual property, and employee data entrusted to our organization. The Nuna Security Team covers the gamut of security across the corporate and production environments. We secure the web applications, the product infrastructure, and the corporate infrastructure. We work closely with the Compliance Team to ensure that we are meeting security standards and providing our customers with the utmost assurance that we will keep their data safe. We stay ahead of the constantly evolving threat landscape by building and maintaining automated solutions, fostering a security-aware culture across teams, and constantly challenging assumptions. We flourish with our ability to participate and give back to the healthcare industry and security community through leadership, education, and code.

As a Senior Security Engineer, you will protect the data of tens of millions of Americans by working closely with our distributed compliance, privacy, and engineering teams to audit and harden our products and internal tooling.

• Help Nuna achieve HITRUST accreditation by collaborating with our Compliance, Infrastructure, and Development teams
• Lead the development of a Vulnerability Management Program, define remediation workflows, and automate reports on a regular cadence
• Collaborate with engineering and product partners to build threat models and design controls to ensure that our nation-scale healthcare data is protected.
• Partner with other teams to identify and evaluate risk and provide recommendations for mitigation and remediation.
• Encourage adoption of security methodologies and architecture changes throughout the company via evangelism and education.
• Lead the design and development of security capabilities such as static analysis, threat modeling, security requirements enforcement, and security linting as part of a CI/CD development process.
• Mentor and educate other security engineers about best practices, scalable security tooling, secure AWS development, etc.

• Experience and understanding of security audits and accreditations
• Experience building out security scanning and remediation programs
• 5+ years of security experience with a clear understanding of industry best practices and a shown ability to respond to evolving risks.
• Shown leadership, organization, and communication skills. Possessing the ability to effectively prioritize tasks across multiple partners.
• Capable of analyzing requirements, designing system-level threat models, and defining and running resultant security requirements.
• Proficient at configuring and hardening Linux and ancillary services using cloud orchestration and infrastructure-as-code.
• Proficient with authentication and authorization technologies such as Active Directory, LDAP, and SSO/SAML.
• Proficient with log analysis and auditing platforms such as Splunk.
• Proficient with Python or related scripting languages with experience applying fundamental computer science & software engineering practices.

• Experience with healthcare and government regulatory requirements.
• Willingness to conduct research, write white papers, and present technical content at local events and conferences.

• AWS cloud environment: EC2, S3, RDS, ELB, ECS, ECR, AWS VPCs and networking
• Operating systems: Linux, OS X and Windows
• Languages: Python, Go, Bash (knowledge of Java and Javascript a plus)
• Cloud orchestration framework: Packer, Puppet, Terraform
• Metrics and reporting: Splunk, AWS Config, AWS SNS, AWS CloudWatch, Prometheus
• Coordination & collaboration tools: Jira, Confluence, Slack, GSuite, Git

We take into account an individual’s qualifications, skillset, and experience in determining final salary. This role is eligible for health insurance, life insurance, retirement benefits, participation in the company’s equity program, paid time off, including vacation and sick leave. The expected salary range for this position is $151,000 to $180,000. The actual offer will be at the company’s sole discretion and determined by relevant business considerations, including the final candidate’s qualifications, years of experience, and skillset.