[Remote] Security Engineer

Note: The job is a remote job and is open to candidates in USA. Birdi is a company focused on cybersecurity within the healthcare sector, and they are seeking a Security Engineer. This role involves designing and implementing a comprehensive cybersecurity program, focusing on software supply chain security, IAM, and compliance readiness for SOC 2 Type II and HIPAA.

Responsibilities

• Research, develop, and implement comprehensive cybersecurity policies and procedures from the ground up to achieve and maintain SOC 2 Type II certification, including defining controls, gathering evidence, and coordinating with external auditors
• Conduct regular risk assessments and vulnerability analyses to identify potential security threats and develop mitigation strategies aligned with HIPAA requirements and industry best practices
• Design, implement, and manage Identity and Access Management (IAM) strategies, including role-based access control (RBAC), least privilege principles, multi-factor authentication (MFA), and single sign-on (SSO) solutions
• Establish and enforce software supply chain security practices, including Software Bill of Materials (SBOM) management, dependency scanning, vulnerability assessment, container security, and secure CI/CD pipeline integration
• Develop and maintain permissions governance frameworks, conducting regular access reviews and ensuring appropriate authorization levels across all systems handling PHI and sensitive data
• Maintain incident response procedures, including breach notification processes compliant with HIPAA requirements, and lead security incident investigations and remediation efforts
• Design, implement, and manage a comprehensive Security Awareness Training program for all workforce members, covering HIPAA requirements, phishing awareness, social engineering defense, and secure data handling practices
• Track and document training completion for all employees, maintaining records for audit purposes and ensuring ongoing education as cyberthreats evolve
• Collaborate with Development and DevOps teams to integrate security practices into the software development lifecycle (SDLC), including secure coding standards, code review processes, and automated security testing
• Evaluate and manage third-party vendor security risks, conducting security assessments and ensuring business associates comply with HIPAA and organizational security requirements
• Participate in an on-call rotation schedule for critical security incidents and support incident management processes for security-related events

Skills

• Proven experience in Information Security, Cybersecurity Engineering, or a similar role with hands-on experience implementing security programs and compliance frameworks
• Strong knowledge of compliance frameworks including SOC 2, HIPAA Security Rule, NIST Cybersecurity Framework, and CIS Controls, with experience preparing for and supporting audits
• Deep expertise in Identity and Access Management (IAM), including experience with IAM platforms, RBAC implementation, MFA, SSO, and privileged access management
• Experience with software supply chain security tools and practices, including SBOM generation, dependency scanning (e.g., Dependabot, Snyk), and secure CI/CD pipeline configuration
• Proficiency with endpoint protection solutions including EDR platforms, firewalls, and network security tools
• Strong understanding of cloud security principles and experience securing AWS
• Excellent written and verbal communication skills, with the ability to translate complex security concepts for technical and non-technical audiences
• Strong analytical, problem-solving, and incident response skills with attention to detail
• Self-directed individual capable of working independently to build programs from the ground up with minimal supervision
• Bachelor's degree in information security, Computer Science, or related field; or equivalent combination of education and experience with at least 3-5 years of relevant cybersecurity experience
• Demonstrated experience implementing security compliance programs (SOC 2, HIPAA, ISO 27001, or similar)
• Experience conducting risk assessments and developing security policies and procedures
• Experience working within the Healthcare industry with direct knowledge of HIPAA compliance requirements and ePHI protection
• Industry certifications such as CISSP, CISM, Security+, CCSP, AWS Security Specialty, or HCISPP (Healthcare Information Security and Privacy Practitioner)
• Experience with zero trust architecture design and implementation
• Familiarity with healthcare data standards (HL7, FHIR) and healthcare IT systems including EHR platforms
• Experience with policy-as-code tools (e.g., OPA, Checkov) and infrastructure-as-code security scanning
• Scripting and automation skills in Python, PowerShell, or Bash for security automation
• Experience with container security, Kubernetes security, and DevSecOps practices
• Experience with Security Awareness Training platforms (e.g., KnowBe4, Proofpoint) and phishing simulation tools

Benefits

• Competitive health coverage (medical, dental, vision)
• Paid time off and holidays
• Retirement savings options
• Wellness and support programs
• Opportunities for career growth

Company Overview

Company H1B Sponsorship