Note: The job is a remote job and is open to candidates in USA. Birdi is transforming the pharmacy experience through innovation and collaboration, seeking a Security Engineer to enhance their cybersecurity program. This role involves managing software supply chain security, IAM, and compliance within a healthcare setting, while collaborating with various teams to improve security posture and compliance readiness.
Responsibilities
- Research, develop, implement, and maintain comprehensive cybersecurity policies, standards, procedures, and controls
- Lead cybersecurity efforts supporting SOC 2 Type II compliance and ongoing certification activities
- Coordinate security control documentation, evidence collection, audit preparation, and remediation activities
- Support HIPAA Security Rule compliance by implementing administrative, technical, and physical safeguards
- Conduct regular reviews of security controls and identify opportunities for continuous improvement
- Partner with internal stakeholders and external auditors to ensure compliance requirements are met
- Conduct security risk assessments, vulnerability reviews, and threat analyses to identify potential risks and vulnerabilities
- Develop and implement mitigation strategies aligned with regulatory requirements and industry best practices
- Monitor security alerts, events, and threats across enterprise environments
- Design and maintain security monitoring, threat detection, and alerting capabilities
- Lead incident response activities, including investigation, containment, remediation, recovery, and post-incident review
- Maintain breach response and notification processes in accordance with HIPAA and organizational requirements
- Participate in an on-call rotation supporting critical security incidents and operational security events
- Design, implement, and manage enterprise Identity and Access Management strategies
- Develop and maintain role-based access control (RBAC) models and least-privilege access frameworks
- Manage and support multi-factor authentication (MFA), single sign-on (SSO), privileged access management, and identity governance initiatives
- Conduct periodic access reviews and user entitlement audits to ensure appropriate authorization levels
- Develop permissions governance standards that support regulatory compliance and data protection requirements
- Monitor and improve identity security controls across business and technology platforms
- Establish and maintain software supply chain security programs and controls
- Implement Software Bill of Materials (SBOM) management practices and dependency monitoring processes
- Manage application dependency scanning, vulnerability assessments, and remediation activities
- Collaborate with Development and DevOps teams to integrate security throughout the Software Development Life Cycle (SDLC)
- Support secure coding standards, application security testing, code review processes, and CI/CD security controls
- Evaluate and implement tools that improve application security, container security, and software integrity
- Design and implement security controls supporting cloud-based environments, particularly AWS
- Assess cloud infrastructure configurations and implement security best practices
- Support endpoint protection technologies, network security controls, firewall management, and threat prevention solutions
- Monitor cloud and infrastructure environments for security risks and compliance concerns
- Partner with technical teams to strengthen overall infrastructure security and resilience
- Develop, implement, and maintain a company-wide Security Awareness Training Program
- Deliver cybersecurity education focused on phishing awareness, social engineering defense, HIPAA requirements, and secure handling of sensitive information
- Track employee training completion and maintain records for compliance and audit purposes
- Conduct ongoing awareness campaigns and educational initiatives to strengthen organizational security culture
- Ensure training content remains current with evolving cybersecurity threats and industry trends
- Evaluate third-party vendors, business associates, and service providers for cybersecurity and compliance risks
- Conduct security reviews and assessments of vendors handling sensitive information
- Ensure vendor security practices align with HIPAA requirements and organizational standards
- Support risk remediation efforts and ongoing vendor monitoring activities
- Assist with contract reviews and security-related due diligence activities
Skills
- Proven experience in Information Security, Cybersecurity Engineering, or related disciplines
- Strong knowledge of SOC 2, HIPAA Security Rule, NIST Cybersecurity Framework, CIS Controls, and related compliance standards
- Experience implementing and managing cybersecurity programs and governance frameworks
- Demonstrated experience preparing organizations for compliance reviews, audits, and assessments
- Deep expertise in Identity and Access Management technologies and practices
- Experience implementing role-based access controls (RBAC), MFA, SSO, and privileged access management solutions
- Strong understanding of authorization, authentication, access governance, and permissions management
- Experience conducting access reviews and access control audits
- Experience with software supply chain security concepts and technologies
- Knowledge of SBOM management, dependency scanning tools, vulnerability management platforms, and secure software development practices
- Experience supporting cloud security initiatives, particularly within AWS environments
- Familiarity with endpoint protection platforms, firewalls, and security monitoring tools
- Strong understanding of secure SDLC and DevSecOps practices
- Excellent verbal, written, and presentation communication skills
- Ability to translate complex technical security concepts into understandable business language
- Strong relationship-building skills with the ability to collaborate effectively across technical and business teams
- Ability to influence security best practices without direct authority
- Strong analytical, investigative, and troubleshooting abilities
- Ability to independently identify risks and implement effective solutions
- Excellent attention to detail and organizational skills
- Demonstrated ability to manage multiple priorities and deadlines
- Self-directed with the ability to work independently and take ownership of initiatives
- Bachelor's degree in Information Security, Computer Science, Information Technology, or a related field; equivalent combinations of education and experience may be considered
- Minimum three (3) to five (5) years of experience in cybersecurity, information security, or security engineering roles
- Demonstrated experience implementing security compliance programs including SOC 2, HIPAA, ISO 27001, or comparable frameworks
- Experience conducting risk assessments and developing cybersecurity policies and procedures
- Experience supporting security operations, incident response, and security governance initiatives
- Experience working within healthcare environments and supporting HIPAA compliance requirements
- Professional cybersecurity certifications such as: CISSP, CISM, Security+, CCSP, AWS Security Specialty, HCISPP
- Experience designing and implementing Zero Trust security architectures
- Familiarity with healthcare data standards, including HL7 and FHIR
- Experience working with Electronic Health Record (EHR) systems and healthcare technology platforms
- Knowledge of policy-as-code solutions such as Open Policy Agent (OPA) and Checkov
- Experience with infrastructure-as-code security scanning and cloud governance tools
- Scripting and automation experience using Python, PowerShell, Bash, or similar technologies
- Experience with container security, Kubernetes security, and DevSecOps methodologies
- Experience managing Security Awareness Training platforms such as KnowBe4, Proofpoint, or similar solutions
- Familiarity with phishing simulation programs and security culture initiatives
Benefits
- Competitive medical, dental, and vision coverage
- Paid time off and company holidays
- Retirement savings opportunities
- Employee wellness and support programs
- Professional development and career growth opportunities
- Employee-focused culture committed to work-life balance and success
Company Overview
Company H1B Sponsorship