The Security Engineer will play a critical role in advancing the organization’s overall security
maturity by continuously evaluating and improving the organization’s security framework,
ensuring alignment with industry’s best practices, and driving initiatives that reduce risk and
enhance the security posture across the organization. This role is critical in safeguarding the
organization’s data, applications, and systems by designing, implementing, and managing
advanced security solutions. The Security Engineer will focus on security posture, vulnerability
discovery and remediation, protections, CVE monitoring, vendor security, and will collaborate
with cross-functional teams to enhance security practices, as well as back up other security team
members. Daily familiarity with current threats, tools used in-house, risk remediation, and IRT is
essential.

▪ Design and Implementation: Implements robust security architectures and solutions to
protect against threats. This includes systems, network devices, intrusion
detection/prevention systems, VPNs, and other various security tools.
▪ Monitoring and Analysis: Continuously monitors for suspicious activities and potential
security breaches. Utilizes analytics tools to identify and mitigate threats in real time.
▪ Incident Response: Participates in incident response activities related to security
breaches. Conducts thorough investigations, root cause analysis, and develop mitigation
strategies to prevent future incidents.
▪ CVE Monitoring and Remediation: Monitors and manages CVEs (Common
Vulnerabilities and Exposures) relevant to the organization. Assists in remediation
strategies and ensure all vulnerabilities are addressed promptly.
▪ Vendor Risk Management: Provides vendor risk management for assigned vendors.
Conducts regular assessments, monitoring, and communication to ensure vendors adhere
to security standards and practices.
▪ Security Assessments: Performs regular vulnerability assessments and penetration testing
systems. Identifies and remediates vulnerabilities to enhance the overall security posture.
▪ Policy and Compliance: Assists with the development and enforcement of security
policies, procedures, and standards. Ensures compliance with industry regulations and
best practices, including but not limited to GDPR, HIPAA, and PCI-DSS.
▪ Collaboration: Works closely with internal teams, including IT, DevOps, and application
development, to integrate security best practices into the design and deployment of new
technologies and services.

▪ Documentation: Maintains comprehensive documentation of security configurations,
incidents, and remediation activities. Ensures all security assets are accurately inventoried
and tracked.
▪ Threat Intelligence: Stays updated with the latest threats in the marketplace and the tools
used within the organization. Performs threat intelligence initiatives to enhance the
security posture of the organization.
▪ Must carry a cell phone and be available for consult or assistance when needed 24 hours a
day/7 day a week to respond to security breaches and other related duties.
▪ Other duties as assigned.

All HealthPlan employees are expected to:

• Provide the highest possible level of service to clients;
• Promote teamwork and cooperative effort among employees;
• Maintain safe practices; and
• Abide by the HealthPlan’s policies and procedures, as they may from time to time be updated.

HIRING RANGE:

$118,518.94 - $154,074.63

IMPORTANT DISCLAIMER NOTICE

The job duties, elements, responsibilities, skills, functions, experience, educational factors and the requirements and conditions listed in this job description are representative only and not exhaustive or definitive of the tasks that an employee may be required to perform. The employer reserves the right to revise this job description at any time and to require employees to perform other tasks as circumstances or conditions of its business, competitive considerations, or work environment change.