Castlight Health, through its apree health division, aims to transform US healthcare by partnering with health plans and enterprise companies. As a Senior Security Engineer, you will design and maintain security architecture, ensuring the confidentiality and integrity of healthcare data while collaborating with various teams to meet best practices and regulatory requirements.
Responsibilities:
- Lead the design and implementation of secure architecture to support apree's evolving tech stack
- Build out and refine security automations related to vulnerability scanning, configuration management, IT integrations, detection engineering and automated incident response
- Provide Tier 4 (expert-level) support for complex cloud security incidents, escalations, and system issues
- Collaborate with engineering, IT, compliance, and business stakeholders to ensure security standards and policies are implemented consistently
- Stay current with emerging security threats, cloud technologies, and regulatory frameworks relevant to healthcare
Requirements:
- Bachelor's degree in Computer Science, Information Security, or related field (Master's preferred) or equivalent work experience
- 5+ years of experience in security engineering in a cloud environment, preferably with expertise in GCP
- Demonstrated experience rationalizing, implementing, operating and maintaining security controls in cloud-centric environments
- Fluency in Python, Terraform and git
- Demonstrated experience in serverless computing
- Deep understanding of cloud architecture, automation tooling, and detection tools (e.g., SIEM, EDR)
- Experience working in an environment that processes PHI and with applicable standards, such as: NIST CSF, ISO/IEC 27701, ISO 27001, HIPAA, HITRUST, SOC 2, FedRAMP
- Advanced problem-solving skills and ability to independently lead cross-functional technical projects