Senior Security Engineer
Cypress, CA, USA | iRhythm Technologies
Functions:IT / Information Technology
Job Description:54 people have viewed this job
iRhythm is a leading digital healthcare company focused on the way cardiac arrhythmias are clinically diagnosed by combining our wearable bio sensing technology with powerful cloud-based data analytics and Artificial Intelligence capabilities. Our goal is to be the leading provider of ambulatory ECG monitoring for patients at risk for arrhythmias. iRhythm’s continuous ambulatory monitoring has already put over 4 million patients and their doctors on a shorter path to what they both need – answers.
About this role:
iRhythm is seeking a Senior Information Security Engineer to support the development, implementation, and ongoing testing of our information services security architecture. Under the direction of the Senior Director, Cyber Security this position will play a key role in continuing to develop our security operations as well as supporting ongoing security governance initiatives.This is a new role helping to build out our maturing information security function.
The Sr. Information Security Analyst will operate at multiple levels within the organization leading and participating in security operations, projects, risk assessments, incident response, and policy creation and maintenance.In addition, the Sr. Information Security Engineer will work across the organization acting as a trusted advisor on security related topics identifying and recommending solutions on security related items.We operate in a highly regulated environment (SOX, SOC 2, HIPAA, GDPR, CCPA, ISO, FDA, The Joint Commission) and the Sr. Security Engineer must have a working knowledge in these regulations.
• Actively identify, investigate, and respond to security threats and incidents related to systems and workflow to ensure internal security controls are appropriate and operating as intended within the organization
• Manage, operate, and maintain the SIEM (Splunk-based) along with the security monitoring tools used for intrusion analysis and incident response.
• Find/develop new threat intelligence, detection and hardening strategies.
• Analyze cyber threat data and correlate with existing understanding of cyber threats impacting iRhythm environment.
• Evaluate existing methods and recommend scalable solutions for Security and Incident Response
• Conduct Proof of Concepts for solutions and technologies required for Security Operations
• Manage the security vulnerabilities and risks across iRhythm including identifying, supporting application/system owners to manage risks and remediate vulnerabilities
• Develop strategies to identify, manage, and mitigate identified threats and vulnerabilities to attain desired risk profile and communicate strategies to key stakeholders
• Maintains and directs execution of the Enterprise Vulnerability Management Program including the delivery of enterprise-wide vulnerability assessments and targeted penetration testing
• Collaborate with various teams for security operations and incident response, as required
• Provide information protection expertise to IT operational teams to ensure systems are properly protected and monitored.
• Evangelize security / compliance initiatives and engage with operations and development teams to ensure adherence to security policy guidelines, compliance standards and drive changes needed to respond to emerging threats.
• Play an active role in the coordination and associated remediation activities for our annual SOC 2, HIPAA, NIST, GDPR, CCPA, penetration, and cybersecurity assessments
• Support the development and ongoing delivery of security awareness training
• Coordinate execution of annual incident response and disaster recovery table-top walkthroughs and update processes and associated documentation
• The successful candidate will work cross organizationally through influence and help shape operating processes with value-add recommendations and regulatory guidance
• Minimum 10 years of information security experience preferably in a healthcare related industry and public company environment; with at least five (5) years of experience with security operations and threat hunting preferred
• Experience managing and responding to security threats
• Experience investigating and acting on high impact threats.
• Understanding of industry standard threat modeling (kill chain, diamond model, ATT&CK)
• Experience coordinating and compiling threat intelligence from multiple sources (private sources, open sources, and closed sources) into actionable data and report to relevant stakeholders.
• Experience utilizing Security Information and Event Management tools to monitor data flow between networks
• Experience with operation of Identity Access Management (IAM), monitoring, and Data Loss Prevention (DLP) solutions such as Okta, Splunk, Mimecast, and FairWarning
• Working knowledge of HIPAA/HITECH, GDPR, ISO, NIST CSF, SOC 2, SOX and other compliance regulations
• Ability to think strategically about security risks and tie those to organizational priorities
• Capable of building a network of relationships across organizational functions and to liaise with senior management
• Excellent written and verbal communication skills; experience developing and delivering presentations and reports
• Relevant and current industry certification(s): CISSP, CISM, CISA
• Bachelor’s degree in Computer Science, Information Security, or related field required
Already a member? Sign In