Key skills
JavaScriptPythonGolangPowerShellAWSAzureGCPVersion ControlServiceNowAgileLeadershipMentoringOWASPCloud Security
About this role
Inovalon is a technology company focused on transforming the healthcare ecosystem through data-driven solutions. They are seeking a Staff Security Engineer L6 to lead security operations, enhance detection and response capabilities, and ensure compliance with security standards across enterprise and cloud environments.
Responsibilities:
- Lead the strategic implementation of security standards in alignment with security policies
- Provide technical expertise and direction for the selection and implementation of a diverse suite of product security controls and countermeasures
- Provide technical leadership to recommend appropriate information security frameworks, requirements, direction, and system recommendations
- Stay abreast of security best practices and technologies, and foster the growth of team members by providing, training, guidance, and mentoring
- Design, develop, and maintain SOAR playbooks and automated response workflows to improve detection, triage, and containment across endpoint, network, identity, and cloud environments
- Integrate and optimize SIEM, EDR, vulnerability management, identity, and ticketing platforms (e.g., Rapid7, CrowdStrike, ServiceNow, Azure, email security) to enable end-to-end automated incident response
- Engineer and tune security detections, enrichment pipelines, and correlation logic to reduce false positives and improve MTTD/MTTR through automation and orchestration
- Develop and maintain automation scripts and APIs to support SOC operations, including automated containment (isolate host, disable account, block IP/domain), enrichment (threat intel, asset context), and reporting
- Build and maintain SOC automation use cases such as phishing response, suspicious login triage, malware containment, vulnerability prioritization, and insider-risk monitoring
- Collaborate with SOC analysts, threat hunters, and engineering teams to identify manual processes and convert them into automated workflows, increasing SOC efficiency and consistency
- Maintain and optimize SOAR platform health, integrations, and playbook performance, including version control, documentation, and continuous improvement lifecycle
- Create and deliver automation metrics and dashboards (automation coverage, time saved, incident response time reduction, false-positive reduction) for SOC leadership and executive reporting
- Work with leadership, customers, and stakeholders in both IT and Information Security to develop requirements based on a changing threat landscape and new digital capabilities
- Build security into product delivery pipeline (DevSecOps) using scripting
- Perform architecture reviews, identify security risks, recommend, and implement mitigations
- Research, recommend, and implement effective security controls for cloud-native services
- Discover and implement untapped functionality from security tools and services
- Work autonomously and proactively seek out opportunities to build security capabilities across our platforms
- Automate security throughout the development lifecycle (DevSecOps) by enabling security tools, technologies, and best practices for agile development
- Document security and compliance issues
- Present findings to clients, including technical teams and executive leadership, providing clear explanations of vulnerabilities, the potential impact on the business, and recommended mitigation strategies
- Adhere to all confidentiality, HIPAA, regulatory, and other such policies, procedures, and requirements as outlined within Employer’s Operating Policies and Procedures in all ways and at all times with respect to any aspect of the data handled or services rendered in the scope of work
- Maintain compliance with Inovalon’s policies, procedures and mission statement, and fulfill those responsibilities and/or duties that may be reasonably provided by Inovalon for the purpose of achieving operational and financial success
Requirements:
- A minimum of years of experience in software and security engineering
- 5+ years of experience in one of these programming languages such as JavaScript, Python, Golang and PowerShell etc
- 5+ years' experience in building security test automation utilities (security as a code) and environments
- 5+ years' experience with cloud native technologies (Azure, AWS, GCP) and secure configurations
- 3+ years' experience in security system administration (installation, configuration, upgrade, and support)
- 3+ years of experience in application security architecture and risk assessments
- Experience with OWASP TOP 10, NIST CSF, and MITRE ATT&K frameworks
- One or more of the certifications: CISSP, CEH, OSCP
- Required: Bachelor of Science in an engineering or technical discipline
- Expertise in Application Security Architecture and Design
- AWS Cloud certifications
- Bachelor of Science in a cybersecurity discipline or a masters in an engineering or technical discipline with cybersecurity coursework
- Cloud Security and Governance, Risk, and Compliance GRC, Thick Client Thin Client VAPT Knowledge/Hands on about DevSecOps/DevOps Knowledgeable about Data Protection