Location: New York,NY, USA
• Standardizing Azure Security best practices, processes, and procedures
• Working with team members to develop and document security standards and policies that align with HITRUST
• Finding gaps with the current cloud security posture and assisting with finding new security products, installation, configuration, and operation of new security products and procedures.
• Deploying, troubleshooting, maintaining, and administering security solutions (such as Endpoint Protection (Crowdstrike), SIEMs (Crowdstrike), Vulnerability Management solutions (Rapid7), email security gateways (Mimecast), event logging solutions)
• Extensive knowledge of DLP solutions and working with our system with implementing them
• Conducting vulnerability scans of environments and remediation of vulnerabilities
• Undertaking system and infrastructure hardening efforts per standardized benchmarks (E.g.: NIST standards, HITRUST, etc.).
• Installation and configuration of solutions that monitor for and notify when unusual behavior is detected.
• Monitoring infrastructure for security breaches or intrusions (via security tools and solutions).
• Monitoring for irregular system behavior.
• Ensuring that MedReview has detailed, timely, and accurate information regarding security concerns, security findings, and incidents.
• Investigations into how incidents and/or breaches occur as a member of the incident response team.
• Participation in security tabletop exercises.
• Helping maintain MedReview's information security strategy.
• Recommending modifications with regards to legal, technical, and regulatory areas.
Required Experience:
• 5-10 years' experience in Information Security and Engineering.
• Strong foundational knowledge across Microsoft Azure Cloud technology stack
• Experience with LaaS and PaaS solutions
• Strong IAM experience
• Strong Azure environment experience
• Strong O365 experience
• A strong background in both data / information security and system engineering.
• Possession of both deep and wide expertise in the cloud security space.
• Experience deploying, troubleshooting, integrating with, managing, and maintaining cloud security solutions (Email security gateways, network security tools, SIEMs, Antivirus/EPP technologies, etc.).
• Experience monitoring infrastructure and systems for security breaches or intrusions and working with SOC team to remediate
• Familiarity with regulatory requirements (HITRUST, HIPAA, SOC2, etc.).
• Experience with Third-Party cloud-based penetration testing
• Deep understanding of security practices of Windows server operating systems
• Experience in some specific industry verticals (Healthcare) is helpful.
• Excellent communication skills, both written and verbal.
• Documentation of security tools, deployment configuration, incident reports, etc.
• Communication with client teams on the above as well as clear explanation of concerns, findings, and incidents.
• Availability to work nights and weekends during (un)planned outages and other special circumstances, with 24/7 accountability.
• Availability to enter on call rotation.
• Ability to lift 50 lbs.
Benefits and perks include:
Salary 145k-160k