Birdi · 6 hours ago
Security Engineer
United States
Full-time
Remote
Mid, Senior Level
3+ years expBirdi is a company focused on building a robust cybersecurity program, and they are seeking a Security Engineer to design and implement security measures. The role involves developing cybersecurity policies, managing IAM strategies, and ensuring compliance with SOC 2 Type II and HIPAA in a healthcare environment.
HealthcarePharmaceuticalLogisticsDeliveryHealth CareMedical
Responsibilities
Research, develop, and implement comprehensive cybersecurity policies and procedures from the ground up to achieve and maintain SOC 2 Type II certification, including defining controls, gathering evidence, and coordinating with external auditors
Conduct regular risk assessments and vulnerability analyses to identify potential security threats and develop mitigation strategies aligned with HIPAA requirements and industry best practices
Design, implement, and manage Identity and Access Management (IAM) strategies, including role-based access control (RBAC), least privilege principles, multi-factor authentication (MFA), and single sign-on (SSO) solutions
Establish and enforce software supply chain security practices, including Software Bill of Materials (SBOM) management, dependency scanning, vulnerability assessment, container security, and secure CI/CD pipeline integration
Develop and maintain permissions governance frameworks, conducting regular access reviews and ensuring appropriate authorization levels across all systems handling PHI and sensitive data
Maintain incident response procedures, including breach notification processes compliant with HIPAA requirements, and lead security incident investigations and remediation efforts
Design, implement, and manage a comprehensive Security Awareness Training program for all workforce members, covering HIPAA requirements, phishing awareness, social engineering defense, and secure data handling practices
Track and document training completion for all employees, maintaining records for audit purposes and ensuring ongoing education as cyberthreats evolve
Collaborate with Development and DevOps teams to integrate security practices into the software development lifecycle (SDLC), including secure coding standards, code review processes, and automated security testing
Evaluate and manage third-party vendor security risks, conducting security assessments and ensuring business associates comply with HIPAA and organizational security requirements
Participate in an on-call rotation schedule for critical security incidents and support incident management processes for security-related events
Qualification
Required
Proven experience in Information Security, Cybersecurity Engineering, or a similar role with hands-on experience implementing security programs and compliance frameworks
Strong knowledge of compliance frameworks including SOC 2, HIPAA Security Rule, NIST Cybersecurity Framework, and CIS Controls, with experience preparing for and supporting audits
Deep expertise in Identity and Access Management (IAM), including experience with IAM platforms, RBAC implementation, MFA, SSO, and privileged access management
Experience with software supply chain security tools and practices, including SBOM generation, dependency scanning (e.g., Dependabot, Snyk), and secure CI/CD pipeline configuration
Proficiency with endpoint protection solutions including EDR platforms, firewalls, and network security tools
Strong understanding of cloud security principles and experience securing AWS
Excellent written and verbal communication skills, with the ability to translate complex security concepts for technical and non-technical audiences
Strong analytical, problem-solving, and incident response skills with attention to detail
Self-directed individual capable of working independently to build programs from the ground up with minimal supervision
Bachelor's degree in information security, Computer Science, or related field; or equivalent combination of education and experience with at least 3-5 years of relevant cybersecurity experience
Demonstrated experience implementing security compliance programs (SOC 2, HIPAA, ISO 27001, or similar)
Experience conducting risk assessments and developing security policies and procedures
Preferred
Experience working within the Healthcare industry with direct knowledge of HIPAA compliance requirements and ePHI protection
Industry certifications such as CISSP, CISM, Security+, CCSP, AWS Security Specialty, or HCISPP (Healthcare Information Security and Privacy Practitioner)
Experience with zero trust architecture design and implementation
Familiarity with healthcare data standards (HL7, FHIR) and healthcare IT systems including EHR platforms
Experience with policy-as-code tools (e.g., OPA, Checkov) and infrastructure-as-code security scanning
Scripting and automation skills in Python, PowerShell, or Bash for security automation
Experience with container security, Kubernetes security, and DevSecOps practices
Experience with Security Awareness Training platforms (e.g., KnowBe4, Proofpoint) and phishing simulation tools
Company
Birdi
Birdi provides online pharmacy services.
201-500 employees
H1B Sponsorship
Birdi has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2023 (1)
Funding
Current Stage
Growth StageLeadership Team
Rich Grossman
Chief Executive Officer
Steven Hess
Chief Operating Officer
Recent News
Company data provided by crunchbase