Security Engineer

ProviderTrust Summary

ProviderTrust empowers a safer, smarter healthcare for patients, providers, and payers. Based in Nashville, Tennessee since our launch in 2010, we create powerful solutions to solve complex problems to make healthcare data meaningful and actionable. Our mission is to create a safer healthcare for everyone. 

We partner with HR, Compliance, and Provider Operations teams to monitor healthcare populations to identify license, credential, compliance, and payment eligibility issues before they impact patients. We monitor employees, vendors, provider networks, licenses, credentials and more for OIG and state Medicaid exclusions, sanctions or disciplinary actions, license expirations or suspensions and more, continuously verifying everything at the primary source.

Our solutions combine an intuitive user experience with advanced data matching algorithms and seamless integrations to continuously identify and verify compliance issues in the optimal workflow, such as an HRIS or claims processing system.

We are seeking a highly motivated and talented Security Engineer to evolve and refine the infrastructure solutions we have in place as well as tackle the ones we have yet to see. If open ports keep you up at night, this position may be for you!

Responsibilities:

• Evaluate and refine existing web server, cloud infrastructure, and application security/availability
• Serve as a subject matter expert for AWS, infrastructure, and systems security/availability
• Serve as point person for security questionnaires related to IT/infrastructure 
• Assist development team in the design and implementation of new infrastructure solutions with a focus on security, recoverability and scalability
• Evaluate and refine existing compliance (eg: SOC, HiTrust, HIPAA) controls
• Develop and enforce control mechanisms and evolve them regularly as business or regulatory needs evolve including meeting SOC2, HiTrust and HIPAA requirements, scheduling and managing audits, maintaining and updating company risk assessment and security policies
• Communicate requirements to all stakeholders including employee training and building a pro-active security culture and representing ProviderTrust’s security program and practices to clients and regulators
• Detect and prevent potential threats and manage the response including maintaining an incident response plan and scheduling and overseeing penetration testing
• Maintain and enhance role-based application access
• Ensure security controls are implemented for network architecture and development process as well as for local hardware, network and environment

Requirements:

• BS or MS degree in engineering, computer science, or related field
• 3 years direct experience with the technologies and duties of this position.
• Experience working in a SaaS and healthcare context
• Strong understanding of the software development lifecycle
• Professional experience with AWS
• Professional experience with git
• Professional experience with monitoring tools (eg: Splunk, Cloudwatch, Prometheus)
• A passion for learning and keeping up to date with the latest tools and technologies
• A strong work ethic and attention to detail
• Able to work on site at our Nashville location 
• Demonstrated ability to identify risks associated with business processes, operations, information security programs and technology projects
• The ability to be the enterprise security subject matter expert who can explain technical topics to those without a technical background
• Strong critical thinking and analytical skills
• Strong project management and team-building skills, including the ability to drive projects and initiatives across functions

Recommended Experience:

• Knowledgeable about Penetration Testing techniques
• Vulnerability management tools
• Workstation hardening best practices
• Strong understanding of Web Application vulnerabilities (OWASP) and attacks.
• Ability to translate traditional information security best practices and defense in depth approaches to virtualized/cloud based environments.
• Designing and maintaining secure Linux web servers
• Designing secure Docker containers according to best practices
• Container orchestration technologies like Kubernetes, ECS, etc.
• Automated configuration management tools (eg: Puppet, Ansible)
• Continuous integration and continuous deployment tools
• Understanding of relational database systems
• Java, Tomcat, or Apache Web Server
• Building or managing a microservice architecture a plus
• Healthcare security background preferred

Preferred certifications: 

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control
• Certified Ethical Hacker
• Offensive Security Certified Professional (OSCP)
• Global Information Assurance Certification
• AWS certifications

What It's Like to Work Here

At ProviderTrust, we recognize that experience can be built in a number of ways. If you have relevant skills that are not reflected in your resume or your experience doesn’t match our exact requirements, we welcome your candidacy and encourage you to share more. We will champion building a team that embodies empathy, equity, respect, and inclusivity while actively supporting our community, clients, partners, and friends. We value differences of opinions and embrace everyone’s unique perspective. We desire an environment that allows all team members to bring their full selves to work, unashamedly. We carefully consider every application and will either move forward with you, find another team that might be a better fit, keep in touch for future opportunities, or thank you for your time. ProviderTrust is an equal opportunity employer.

To be great at ProviderTrust, we find our team members have these things in common:

• Gain energy from working in a fast-paced, creative environment
• Decision making that employs a blend of data-driven insights and intuition
• Ability to multitask and handle multiple projects concurrently
• Resilience and positivity, able to address setbacks and bounce back quickly
• Resourcefulness, discovering creative ways to get things done
• Joy in making an immediate and positive impact
• Diverse interests that are welcomed and extend beyond our organization

Things That Make Us A Great Place To Work

• Competitive base salary and incentive package with 401k matching, meaningful equity, HSA employer contribution, and company-paid life and disability insurance
• Medical, dental, and vision benefits; PT pays 80% of your premiums. We also offer access to a range of free mental health and well-being resources.
• Unlimited PTO, 11 paid holidays, and a flexible work schedule 
• Internal professional growth, development, and mobility
• Daily all-company morning huddles to sync up across the business
• In-office experience: fully stocked kitchen, ergonomic desk setup, dog-friendly, and lots of celebrations!
• Remote experience: home office set-up with technology provided, remote-friendly meetings and celebrations, and interest-specific Slack channels for connecting across teams 
• Fitness stipend, wellness program, and cell phone reimbursement
• Voted one of the Best Places to Work by the Nashville Business Journal (2015 – 2019)
• Inc. 5000 list of the fastest-growing private firms in the U.S. (2016-2020)