Senior Security Engineer

at Health Gorilla
๐Ÿ’ฐ $159k-$180k
๐Ÿ”’ Cybersecurity๐ŸŸฃ Senior

Job description

Want to revolutionize healthcare?

To create a healthcare system with effective health information exchange, healthcare organizations need more than a series of connections between each other. They need assurance that the data being exchanged is meaningful and to know it will be delivered when and where they need it.

Founded in 2014, Health Gorilla provides access to actionable patient data, supporting a diverse set of clinical use cases and improving outcomes across the country. We work with some of the leading companies in health IT, value-based care, and digital health, including Virta Health, The Garage, Medhost, and many others.ย Health Gorilla is one of the five original organizations approved as a Qualified Health Information Network (QHIN) and the only QHIN to also be designated as a Qualified Health Information Organization (QHIO).

As a Senior Security Engineer at Health Gorilla, you will help secure platforms that power nationwide health data exchange, protect patient privacy, and ensure compliance in a cloud-native, high-scale environment. Youโ€™ll implement information security strategies and procedures, executing solutions that align with our architectural designs, industry best practices, and regulatory requirements such as HIPAA and TEFCA. As risks evolve, you’ll play a key role in proactively recommending modifications and enhancements to strengthen our security posture and identify opportunities for continuous improvement.

What you will do at Health Gorilla:

  • Work with our engineering teams to define/refine information security systems management policies and settings.
  • Conduct vendor and 3rd party information security audits and help with security questionnaires.
  • Perform security analysis and risk assessments to identify threats and vulnerabilities, and work with engineering teams to document and remediate issues to safeguard information assets.
  • Create AWS Cloud Formation templates, Ansible scripts and automation with AWS Systems Manager.
  • Hands-on expertise with AWS-native security services including GuardDuty, Security Hub, Macie, Inspector, IAM, KMS, CloudTrail, and Config to design, monitor, and enforce security controls in a healthcare cloud environment.
  • Experience implementing identity and access management best practices in AWS (least privilege, service control policies, cross-account roles, and MFA enforcement) to ensure HIPAA compliance.
  • Proven ability to architect and operationalize security guardrails via AWS Config rules, SCPs, and automation (e.g., Lambda functions, EventBridge) for continuous compliance.
  • Demonstrated skill in monitoring and incident detection using GuardDuty findings, CloudWatch alerts, and CloudTrail logs, integrating with SIEM/SOAR platforms.
  • Proficiency in deploying, tuning, and managing CrowdStrike Falcon EDR for endpoint visibility, prevention, and real-time response across cloud and enterprise environments.
  • Experience with threat hunting and investigation using CrowdStrike telemetry, Falcon OverWatch, and custom queries to detect advanced threats.
  • Knowledge of malware analysis and incident response leveraging CrowdStrikeโ€™s real-time response capabilities, forensic data, and threat intelligence.
  • Partner with other Cybersecurity, Engineering, and Product teams to align detection strategies with organizational objectives.
  • Ensure all detection processes and tools adhere to regulatory requirements and industry standards (e.g., HIPAA, GDPR, PCI-DSS, NIST).
  • Central point of contact for 3rd party audits (SOC2, ISO, HIPAA, HITRUST), and other GRC functions

What you bring to the role:

  • Expert level experience with Linux operating system and AWS ecosystems.
  • Experience operating in highly regulated environments (e.g., HIPAA, HITRUST, SOC 2), with a strong understanding of compliance-driven security controls and documentation requirements.
  • 7+ years conducting security work in enterprise infrastructure or cloud environments (AWS experience a plus)
  • 3+ years working with any of the following: intrusion detection systems, remote access VPN technologies, vulnerability assessment tools, event and log analysis solutions and configuration and change management systems.
  • Possess knowledge of SIEM implementation and log ingestion, SOAR, Incident Response, and Threat Intelligence that will be data-driven with strong verbal, written communication, and leadership skills.
  • Strong experience with Information Security, Network Security, Security Monitoring, Incident Response, Auditing
  • RFP/RFI Response Knowledge (ability to work and support proposal efforts).
  • Certifications in information technology security such as AWS Security, AWS Associate Level certification, CISSP or CCSP.
  • Bachelor’s degree in Computer Science or equivalent work experience

What You Will Love About Us!

  • Health Gorilla takes a market-based approach to pay, and the base salary range for this role is $159,000 to $180,000, based on experience. Please note that ranges may be modified at any time, and there is no guarantee offers will be at the top of a posted range.
  • New hire stock option grant
  • 401(k) plan with discretionary annual matching
  • Medical, dental, and vision insurance
  • Short-, long-term disability, life insurance, and mental health & wellness support
  • Unlimited PTO plus 12 Holidays
  • Paid parental leave (up to 12 weeks)
  • Monthly stipend for phone and internet
  • Stipend for home office equipment (we provide the laptop)

Beware of job scams:

  • We will only contact you from our @healthgorilla. COM email address and communicate via phone or zoom
  • We will never ask you for money or to purchase items such as a laptop to work with us
  • If your resume has your home address listed, we recommend replacing with just a city, state

Our goal is to be a diverse workforce that is representative, at all job levels as we know the more inclusive we are, the better our product will be.

Health Gorilla is an equal opportunity employer. Applicants will not be discriminated against because of race, color, creed, sex, sexual orientation, gender identity or expression, age, religion, national origin, citizenship status, disability, ancestry, marital status, veteran status, medical condition, genetic information, or any protected category prohibited by local, state or federal laws.

Share this job:
Please let Health Gorilla know you found this job on Remote First Jobs ๐Ÿ™

Similar Remote Jobs

Latest Jobs at Health Gorilla

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service ๐Ÿ™

Apply