Senior Security Engineer at Notable Systems Inc – Remote

Company Summary: We are a rapidly growing, fully remote Intelligent Document Processing company that drives unmatched efficiency in the medical equipment, healthcare, and financial services industries. Leveraging techniques like optical character recognition, machine learning, and large language models, our platform empowers our customers to transform complex, unstructured data into actionable insights, expediting their revenue cycle and lowering their costs. Ultimately, this helps patients get the care they need more quickly while reducing frustration with both their provider and their insurance company.

While we currently focus primarily on the DME (Durable Medical Equipment) industry, we are exploring and developing additional applications of our solutions to broader problems within healthcare, finance, and beyond.

Position Summary: We uphold rigorous security standards including SOC 2 Type 2, NIST CSF, and HIPAA compliance. We're looking for an experienced Senior Security Engineer to join our Engineering team to help scale our security practices.

Reporting to the Director of Site Reliability Engineering, the Senior Security Engineer will implement, manage, and enhance security controls across our infrastructure, with emphasis on cloud environments and compliance frameworks. The ideal candidate has strong experience in security engineering, compliance, and cloud security (particularly AWS), and will help uphold the highest standards of data protection for sensitive healthcare information.

Level (Senior or Principal) will be determined based on qualifications.

Job Duties:

• Lead the implementation and maintenance of security controls to ensure SOC 2 Type 2, NIST CSF, and HIPAA compliance

• Secure and harden cloud infrastructure, primarily in AWS environments

• Translate security policies into actionable, implemented controls

• Manage and optimize our security stack

• Perform Linux system hardening and security configuration

• Conduct regular security assessments, vulnerability management, and remediation

• Integrate security into CI/CD pipelines and development workflows (DevSecOps)

• Lead security incident response and investigations for endpoints and infrastructure

• Evaluate and manage third-party vendor security risks

• Implement and maintain security monitoring solutions and log analysis

• Conduct risk assessments and prioritize remediation activities

• Develop and maintain comprehensive security documentation for audits and compliance evidence

• Track and report on security metrics to demonstrate program effectiveness

• Collaborate with development and operations teams to integrate security best practices

• Implement encryption and data protection strategies for PHI/PII

• Plan and execute anti-phishing campaigns to evaluate security awareness and develop targeted training programs that reduce employee vulnerability to social engineering attacks

• Monitor employee security training completion and identify knowledge gaps for education initiatives

• Participate in a 24/7 on-call rotation for security incidents and emergencies

Required Qualifications:

• 5+ years of experience in security engineering or similar roles

• Demonstrated experience implementing and maintaining SOC 2 Type 2 and HIPAA controls

• Strong knowledge of AWS security services and best practices

• Experience configuring and managing firewalls and VPNs and implementing network security controls

• Understanding of security challenges in a fully remote work environment, including zero-trust security models

• Proficiency with Linux operating systems, including security hardening techniques

• Experience with identity and access management solutions (Okta)

• Familiarity with endpoint security tools and SIEM systems (Crowdstrike)

• Understanding of common security frameworks (SOC 2, NIST CSF, HIPAA Security Rule)

• Experience conducting vulnerability assessments and security code reviews

• Knowledge of encryption techniques and data loss prevention strategies

• Experience with security monitoring, SIEM tools, and log analysis

• Strong communication skills, including the ability to explain complex security concepts to technical and non-technical stakeholders, executive leadership, and sales teams

• Demonstrated ability to collaborate effectively across departments and influence security practices

• Must be authorized to work for any employer in the U.S. We are unable to sponsor or take over sponsorship of an employment visa at this time.

Preferred Qualifications:

• Experience in healthcare or other regulated industries

• Security certifications such as CISSP, CCSP, AWS Security Specialty, HCISPP, CISA, CISM, or CEH

• Programming experience in Golang or Python for security automation and tooling

• Experience with infrastructure as code (Terraform, CloudFormation, AWS CDK)

• Knowledge of container security

• Experience with penetration testing

• Experience developing security metrics and reporting dashboards

Benefits:

In addition to base salary, we offer comprehensive and competitive benefits, including:

• 10 company holidays per year

• 4 weeks of vacation per year

• 8 sick days per year

• Health/dental/vision insurance

• 401K with company match

• Paid parental leave

Work from Home Requirements

• Reliable Internet: Minimum download speed of 50 mbps and upload speed of 10 mbps. You can test your internet speed at this link: https://www.speedtest.net

• Smartphone: Must have a smartphone, as we use multi-factor authentication for logging in to our system, so you will need to download an app to your phone.

• Equipment: Company laptop and optional external monitor will be provided.

• Privacy: Must have a private place to work in order to protect the confidentiality of the patient data we access.