DrFirst, Inc.Remote
Cybersecurity Engineer
United States of America
Full Time
1 hour ago
$130,000 - $150,000 USD
H1B Sponsor Likely
Key skills
AWS SecurityGCP SecurityNIST 800-53Security Compliance FrameworksSecurity Monitoring ToolsSecurity Alert ManagementPython ScriptingPowerShell ScriptingCertified Security Audits SOC 2Certified Security Audits ISO 27001Certified Security Audits HITRUSTCloud Security ArchitectureAI Security FrameworksVendor Risk AssessmentSecurity Certifications CISSPSecurity Certifications CCSPSecurity Certifications AWS SecuritySecurity Certifications GCP SecurityProfessional JudgmentProject ManagementPythonPowerShellAIMLAWSGCPCritical ThinkingCollaboration
About this role
DrFirst, Inc. is a leading Healthcare IT company that empowers providers and patients through intelligent medication management. They are seeking a proactive Cybersecurity Engineer to strengthen their security posture across audit compliance, cloud infrastructure, and AI-driven security initiatives.
Responsibilities:
- Work with cross-org stakeholders to implement and monitor AI-specific controls based on NIST AI 600 and HITRUST AI Certification
- Lead evidence collection for certified audits using security read-only access to production systems
- Coordinate with departmental subject matter experts to ensure timely audit completion
- Apply technical expertise to streamline audit processes and maintain compliance
- Conduct internal audits of AWS and GCP configurations for security compliance
- Recommend cloud settings to optimize security and operational efficiency
- Fine-tune security alerts to minimize false positives and maximize actionable intelligence
- Complete customer security questionnaires promptly and accurately
- Maintain current knowledge of product security controls and changes
- Develop and maintain NIST 800-53 control frameworks for proactive customer sharing
- Execute Vendor Risk Assessments (VRAs) with focus on emerging trends and preferred vendor guidance
- Monitor AI-driven security developments and implementation best practices
- Understand evolving AI security governance frameworks and compliance requirements
- Implement AI security monitoring systems and respond to compliance alerts
Requirements:
- Deep technical expertise in cybersecurity engineering
- Project management skills
- Ability to collaborate effectively across teams
- Experience with certified security audits (SOC 2, ISO 27001, HITRUST)
- 5+ years in cybersecurity engineering or related field
- Deep expertise in AWS and GCP security configurations
- Strong understanding of NIST 800-53 and security compliance frameworks
- Experience with security monitoring tools and alert management
- Scripting abilities for automation (Python, PowerShell, or similar)
- Exceptional critical thinking and problem-solving skills
- Proven project management experience from concept to implementation
- Strong cross-functional collaboration and influence skills
- Detail-oriented with ability to manage competing priorities
- Professional judgment to focus on high-impact activities
- Conduct internal audits of AWS and GCP configurations for security compliance
- Recommend cloud settings to optimize security and operational efficiency
- Fine-tune security alerts to minimize false positives and maximize actionable intelligence
- Complete customer security questionnaires promptly and accurately
- Maintain current knowledge of product security controls and changes
- Develop and maintain NIST 800-53 control frameworks for proactive customer sharing
- Execute Vendor Risk Assessments (VRAs) with focus on emerging trends and preferred vendor guidance
- Monitor AI-driven security developments and implementation best practices
- Understand evolving AI security governance frameworks and compliance requirements
- Implement AI security monitoring systems and respond to compliance alerts
- Security certifications (CISSP, CCSP, AWS Security, GCP Security)
- Experience with AI/ML security frameworks
- Background in vendor risk assessment processes
- Previous experience in customer-facing security communications