Key skills
Microsoft Azure security servicesPCI DSSHIPAASOC 2NISTCompTIA Security+PJPTPNPTCISSP AssociateMITRE ATT&CK frameworkThreat modelingPowerShellPythonKQLDevSecOpsCloud securitySecurity operationsIncident responseSecurity architectureVulnerability managementSIEMEDRIdentity securityAzureEntra IDRisk ManagementCommunicationCloud Security
About this role
HFD is on a mission to make healthcare more affordable by providing better payment solutions. They are seeking a Security Engineer to join their IT Security function, focusing on cloud security, compliance, incident response, and security architecture. The role involves applying risk management principles, conducting security assessments, and collaborating with teams to enhance the organization's security posture.
Responsibilities:
- Apply risk management principles to identify, assess, and reduce security risks across cloud, endpoint, identity, network, and application environments
- Maintain working knowledge of approved cybersecurity standards, frameworks, policies, procedures, and industry best practices
- Perform security control reviews, gap assessments, and remediation planning to strengthen the organization’s security posture
- Support vulnerability management activities, including vulnerability analysis, risk prioritization, remediation tracking, and validation of completed fixes
- Monitor alerts, logs, and threat indicators from SIEM, EDR, cloud, identity, and other security platforms to identify suspicious or anomalous activity
- Triage and investigate security events, support containment actions, document findings, and assist with incident response efforts
- Review system, application, cloud, and identity configurations to identify security risks, misconfigurations, and hardening opportunities
- Assist with compliance and audit readiness activities, including evidence collection, control validation, and documentation of security practices
- Support access reviews and identity security efforts, including privileged access validation, account hygiene, and review of high-risk permissions
- Assist with defining and documenting security requirements for new systems, integrations, applications, and business processes
- Help maintain and improve security policies, operational procedures, runbooks, and post-incident documentation
- Contribute to detection engineering efforts by helping refine alerts, reduce false positives, and improve visibility across security platforms
- Identify opportunities to improve automation, monitoring, response workflows, and overall security operations maturity
- Collaborate with IT, engineering, and business teams to communicate risks, recommend practical security improvements, and support remediation efforts
- Participate in lessons learned, incident reviews, and continuous improvement activities to reduce future security risk
- Proactive threat hunting across multiple landscapes
Requirements:
- 2–5 years of hands-on experience in an IT security, cloud security, or security operations role
- Practical experience with Microsoft Azure security services (Defender, Entra ID, Secure Score, Sentinel, or equivalent)
- Foundational knowledge of PCI DSS or similar compliance frameworks (HIPAA, SOC 2, NIST)
- Strong written communication skills — you will write runbooks, RCAs, and compliance documentation
- Ability to work independently and manage your own workload with minimal oversight
- Robust conceptual and practical understanding of IT infrastructure designs, technologies, products, and services
- Experience formulating and/or interpreting cyber threat analysis of adversary techniques, tactics, and procedures used to disrupt computer networks
- Ability to pay close attention to detail and be self-motivated
- Ability to multitask and excel in a fast-paced environment
- Beginner / Intermediate proficiency in Microsoft excel
- Security certification such as CompTIA Security+, AZ-500, SC-200, PJPT, PNPT, or CISSP Associate
- Experience in healthcare, fintech, or financial services environment
- Familiarity with MITRE ATT&CK framework and threat modeling
- Scripting or automation skills (PowerShell, Python, KQL/Kusto for Azure)
- Exposure to DevSecOps practices or pipeline security tooling
- Excellent written and verbal communication skills, analytical ability, judgment, and the ability to work effectively with the DevOps and Engineering Support Team