Accuity was founded in 2016 with the goal of reinventing the Clinical Documentation Process, through MD case review, and MD to MD education. Over the last 5 years, we have experienced rapid growth and now have roughly 350 employees. As a technology enabled mid revenue cycle company we focus on leveraging technology to improve our operational process flow, and develop best in class reporting & data analytics.
The Senior Security Engineer will lead the company in planning and implementing enterprise information security systems, policies, and processes across Cloud & Network Systems Operations (Azure), back office systems (Finance, HR, CRM, etc), desktop, vendors, and business processes. Experience with HITRUST, SOC, HIPAA, and healthcare PHI preferred.
The Senior Security Engineer will develop a thorough understanding of our systems and processes to anticipate potential threats, assess risks and vulnerabilities, make concrete recommendations, and project plans, and execute those plans to improve the security posture. Partnering with the engineering and data teams, you will specify the requirements for the SecOps systems and assess their effectiveness on an ongoing basis. You will develop countermeasures to protect the company’s systems and data. You will partner with our compliance team to support client InfoSec requirements and reporting.
The Senior Security Engineer will respond to violations of security protocols and standards. When incidents arise, you will assess causes, damages, and data recovery, preparing thorough reports for stakeholders. You will also implement appropriate changes, updates, and upgrades in response to vulnerabilities and incursions.
Primary Responsibilities
- Determines security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates
- Create and manage cyber security strategy, programs and execution including threat management services such as vulnerability assessments, threat intelligence, analysis and response, security event monitoring and incident management, digital forensics etc.
- Deliver subject matter expertise of Azure products and services with an emphasis in security, migration, management, and support of implementations
- Coordinate & conduct risk assessments, penetration tests and diagnose internet/extranet security, intrusion attempts, and cyber-crime response
- Participates in IT, information security risk and compliance assessments, audits, gap analyses, and remediation
- Actively contribute to HIPAA Risk Assessment, HITRUST Certification, and SOC I Type II certification
- Assists in the development of customized policies, procedures, controls, disaster recovery plans and technical documentation for applications, systems, and infrastructure
- Experience in managing policy exceptions, including working directly with the teams to document exceptions, identify compensating controls and remediation action plans
- Plans security systems by evaluating network and security technologies; developing requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related security and network devices; designs public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures as well as hardware and software; adhering to industry standards
- Implements security systems by specifying intrusion detection methodologies and equipment; directing equipment and software installation and calibration; preparing preventive and reactive measures; creating, transmitting, and maintaining keys; providing technical support; completing documentation
- Verifies security systems by developing and implementing test scripts
- Maintains security by monitoring and ensuring compliance to standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs
- Upgrades security systems by monitoring security environment; identifying security gaps; evaluating and implementing enhancements
- Prepares system security reports by collecting, analyzing, and summarizing data and trends
- Updates job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations
