Internal Application: Security Engineer - (Remote)

About Doctor On Demand

Doctor On Demand’s mission is to improve the world’s health through compassionate care and innovation.  We believe that health is personal, and means so much more than treating illness.  We're proud of the care we've provided over the years and the relationships we’ve developed with our patients, as evidenced by the 5-star reviews we continually receive. People use our service to gain access to some of the best physicians and licensed therapists in the country, all whenever and wherever is most convenient.  It’s as simple as opening the Doctor On Demand app on a smartphone or computer.

Through live video visits, our hand-picked, US-trained doctors take patient history, perform an exam, and recommend a treatment plan. Prescriptions, if needed, go directly to the pharmacy of choice. While insurance isn’t required, tens of millions of Americans enjoy covered medical and mental health visits through employer and health plan partnerships. To learn more about the hundreds of medical issues we treat, visit us at DoctorOnDemand.com.

Job Summary:

The Security Engineer is responsible for protecting Doctor On Demand patients and company assets by overseeing security and preventing/correcting vulnerabilities within our products, services, and cloud infrastructure to mitigate risk, balance scope, priority, and severity. Research, identify, recommend, and deploy tools that improve our overall security posture. Systems include, but are not limited to Google (G Workspace, GCP, Chrome OS), Apple/Jamf, AWS, Atlassian, Salesforce, Github, and Twilio. Leveraging these systems, APIs, and homegrown tools, develop technical security controls that ensure access, availability, and accountability that meet compliance requirements. Investigate, remediate, and document security concerns. Work closely with developers, site reliability engineers, product, clinical operations, and support to ensure security controls are implemented smoothly. Review and negotiate vendor/partner access scopes, technology stack, and security assessments, to ensure minimal risk to Doctor On Demand.

Duties/Responsibilities:

• Manage the application and infrastructure security of our HIPAA-compliant platform

• Set security initiative strategy based on risk reduction over cost

• Work on internal HIPAA/HITECH/HITRUST compliance teams

• Advise business leaders on security tooling and best practices

• Lead the education of engineering and IT teams on security best practices

• Track and audit software dependencies ensuring all patches are applied

• Work on improving our existing SDLC and breach detection and recovery process

• Offer a security perspective on technical architecture proposals

• Test and implement new security solutions

• Other duties as assigned. 

Required Skills/Abilities:

• Exceptional interpersonal and customer service skills

• Strong ability to develop and maintain cross-functional relationships

• Excellent time management skills with a proven ability to meet deadlines

• Superb analytical and problem-solving skills

• Knowledge of SDLC best practices

• Expertise in web application security (OWASP Top 10)

• Up-to-date knowledge of HIPAA/HITECH regulation

Education and Experience:

• CISSP, HCISPP, and/or CISA certification

• Experience in the Healthcare environment

• Minimum of 4 years of related experience in Security Engineer or similar position.

• Bachelor’s degree.

Nice to have :

• Solid infrastructure/SRE/engineering skills

• Manual Pen-testing skills