Internal Application: Security Engineer - (Remote)
IT & Security | Minneapolis, MN | Full Time
About Doctor On Demand
Doctor On Demand’s mission is to improve the world’s health through compassionate care and innovation. We believe that health is personal, and means so much more than treating illness. We're proud of the care we've provided over the years and the relationships we’ve developed with our patients, as evidenced by the 5-star reviews we continually receive. People use our service to gain access to some of the best physicians and licensed therapists in the country, all whenever and wherever is most convenient. It’s as simple as opening the Doctor On Demand app on a smartphone or computer.
Through live video visits, our hand-picked, US-trained doctors take patient history, perform an exam, and recommend a treatment plan. Prescriptions, if needed, go directly to the pharmacy of choice. While insurance isn’t required, tens of millions of Americans enjoy covered medical and mental health visits through employer and health plan partnerships. To learn more about the hundreds of medical issues we treat, visit us at DoctorOnDemand.com.
The Security Engineer is responsible for protecting Doctor On Demand patients and company assets by overseeing security and preventing/correcting vulnerabilities within our products, services, and cloud infrastructure to mitigate risk, balance scope, priority, and severity. Research, identify, recommend, and deploy tools that improve our overall security posture. Systems include, but are not limited to Google (G Workspace, GCP, Chrome OS), Apple/Jamf, AWS, Atlassian, Salesforce, Github, and Twilio. Leveraging these systems, APIs, and homegrown tools, develop technical security controls that ensure access, availability, and accountability that meet compliance requirements. Investigate, remediate, and document security concerns. Work closely with developers, site reliability engineers, product, clinical operations, and support to ensure security controls are implemented smoothly. Review and negotiate vendor/partner access scopes, technology stack, and security assessments, to ensure minimal risk to Doctor On Demand.
Manage the application and infrastructure security of our HIPAA-compliant platform
Set security initiative strategy based on risk reduction over cost
Work on internal HIPAA/HITECH/HITRUST compliance teams
Advise business leaders on security tooling and best practices
Lead the education of engineering and IT teams on security best practices
Track and audit software dependencies ensuring all patches are applied
Work on improving our existing SDLC and breach detection and recovery process
Offer a security perspective on technical architecture proposals
Test and implement new security solutions
Other duties as assigned.
Exceptional interpersonal and customer service skills
Strong ability to develop and maintain cross-functional relationships
Excellent time management skills with a proven ability to meet deadlines
Superb analytical and problem-solving skills
Knowledge of SDLC best practices
Expertise in web application security (OWASP Top 10)
Up-to-date knowledge of HIPAA/HITECH regulation
Education and Experience:
CISSP, HCISPP, and/or CISA certification
Experience in the Healthcare environment
Minimum of 4 years of related experience in Security Engineer or similar position.
Nice to have :
Solid infrastructure/SRE/engineering skills
Manual Pen-testing skills