Senior Security Engineer

As a Senior Security Engineer at Health Gorilla, you will help secure platforms that power nationwide health data exchange, protect patient privacy, and ensure compliance in a cloud-native, high-scale environment. You’ll implement information security strategies and procedures, executing solutions that align with our architectural designs, industry best practices, and regulatory requirements such as HIPAA and TEFCA. As risks evolve, you'll play a key role in proactively recommending modifications and enhancements to strengthen our security posture and identify opportunities for continuous improvement.

What you will do at Health Gorilla:

• Work with our engineering teams to define/refine information security systems management policies and settings.
• Conduct vendor and 3rd party information security audits and help with security questionnaires.
• Perform security analysis and risk assessments to identify threats and vulnerabilities, and work with engineering teams to document and remediate issues to safeguard information assets.
• Create AWS Cloud Formation templates, Ansible scripts and automation with AWS Systems Manager.
• Hands-on expertise with AWS-native security services including GuardDuty, Security Hub, Macie, Inspector, IAM, KMS, CloudTrail, and Config to design, monitor, and enforce security controls in a healthcare cloud environment.
• Experience implementing identity and access management best practices in AWS (least privilege, service control policies, cross-account roles, and MFA enforcement) to ensure HIPAA compliance.
• Proven ability to architect and operationalize security guardrails via AWS Config rules, SCPs, and automation (e.g., Lambda functions, EventBridge) for continuous compliance.
• Demonstrated skill in monitoring and incident detection using GuardDuty findings, CloudWatch alerts, and CloudTrail logs, integrating with SIEM/SOAR platforms.
• Proficiency in deploying, tuning, and managing CrowdStrike Falcon EDR for endpoint visibility, prevention, and real-time response across cloud and enterprise environments.
• Experience with threat hunting and investigation using CrowdStrike telemetry, Falcon OverWatch, and custom queries to detect advanced threats.
• Knowledge of malware analysis and incident response leveraging CrowdStrike’s real-time response capabilities, forensic data, and threat intelligence.
• Partner with other Cybersecurity, Engineering, and Product teams to align detection strategies with organizational objectives.
• Ensure all detection processes and tools adhere to regulatory requirements and industry standards (e.g., HIPAA, GDPR, PCI-DSS, NIST).
• Central point of contact for 3rd party audits (SOC2, ISO, HIPAA, HITRUST), and other GRC functions

What you bring to the role:

• Expert level experience with Linux operating system and AWS ecosystems.
• Experience operating in highly regulated environments (e.g., HIPAA, HITRUST, SOC 2), with a strong understanding of compliance-driven security controls and documentation requirements.
• 7+ years conducting security work in enterprise infrastructure or cloud environments (AWS experience a plus)
• 3+ years working with any of the following: intrusion detection systems, remote access VPN technologies, vulnerability assessment tools, event and log analysis solutions and configuration and change management systems.
• Possess knowledge of SIEM implementation and log ingestion, SOAR, Incident Response, and Threat Intelligence that will be data-driven with strong verbal, written communication, and leadership skills.
• Strong experience with Information Security, Network Security, Security Monitoring, Incident Response, Auditing
• RFP/RFI Response Knowledge (ability to work and support proposal efforts).
• Certifications in information technology security such as AWS Security, AWS Associate Level certification, CISSP or CCSP.
• Bachelor's degree in Computer Science or equivalent work experience

What You Will Love About Us!

• Health Gorilla takes a market-based approach to pay, and the base salary range for this role is $159,000 to $180,000, based on experience. Please note that ranges may be modified at any time, and there is no guarantee offers will be at the top of a posted range.
• New hire stock option grant
• 401(k) plan with discretionary annual matching
• Medical, dental, and vision insurance
• Short-, long-term disability, life insurance, and mental health & wellness support
• Unlimited PTO plus 12 Holidays
• Paid parental leave (up to 12 weeks)
• Monthly stipend for phone and internet
• Stipend for home office equipment (we provide the laptop)