Cyber Security Engineer (Application Security)

About TherapyNotes

TherapyNotes is the go-to superhero for behavioral health Practice Management and EHR software! Our top-notch SaaS solution handles scheduling, billing, documenting, telehealth, and more so clinicians can focus on awesome patient care.

We're a dynamic team of pros who love to innovate and push the envelope, keeping our software cutting-edge. Join us, and let's revolutionize behavioral health software together while making a real difference!

Description

TherapyNotes is seeking an experienced and passionate Application-security focused Cyber Security Engineer to join our team of technology enthusiasts.  The right candidate possesses both deep and wide expertise in the security space will focus on threat intelligence development, risk/vulnerability management, and incident response.

Responsibilities

• Hands-on management of all security solutions across the organization: SIEM, DLP, E/XDR, vulnerability management, security awareness.
• Monitor security alerts, respond to incidents, and manage escalations.
• Participate in Incident Response on-call rotation.
• Conduct threat analysis, vulnerability assessments, and risk evaluations.
• Manage and secure identities in Microsoft Entra ID through Conditional Access and Entitlement Management.
• Develop and implement strategies for Data Loss Prevention and identify gaps in DLP coverage.
• Stay informed about the latest cyber threats, attack methodologies, and vulnerabilities to ensure TherapyNotes remains resilient against evolving risks.
• Conduct periodic system and network configuration reviews to ensure compliance with security standards.
• Identify and document cyber risks and manage mitigation, follow up on open security risks, and report issues to leadership.
• Align Zero Trust principles with organizational security goals to ensure secure access to corporate resources, both on-premises and in the cloud.
• Participate in audits and assessments, supporting governance, risk management, and compliance (GRC) efforts.

Application Security Responsibilities

• Collaborate with developmental teams to ensure security is continuously integrated into the Software Development Lifecycle (SDLC) and CI/CD pipeline.
• Enforce secure coding standards and best practices to minimize vulnerabilities and to protect the confidentiality, integrity, and availability of our customer's data.
• Perform in-depth security assessments, code reviews, and threat modeling on applications to identify potential vulnerabilities and risks.
• Ensure application security measures align with healthcare regulations and standards (e.g., HIPAA, HITRUST, and HITECH) and support regular audits.
• Collaborate with developers to remediate vulnerabilities, providing actionable guidance and ensuring effective patching or mitigation measures.
• Develop, deploy, and manage security tools and technologies (e.g., SAST, DAST, vulnerability management systems) to automate security testing and scanning processes.
• Support application security incident response activities, identifying the root cause of security incidents and contributing to resolution strategies.
• Contribute to security awareness programs for the development teams, focusing on secure coding practices and proactive security measures.

Requirements

• Bachelor's degree from an accredited postsecondary institution or program in information security, information technology, computer science, or related field preferred. 
• 5+ years of experience in application security or related role.
• Strong understanding of healthcare regulations (HIPAA, HITECH, HITRUST) and their impact on application security.
• Experience working in healthcare or other highly regulated industries is preferred.
• Experience with API security, especially for integrations with other healthcare systems.
• Familiarity with HL7, or other healthcare data standards is preferred.
• Familiarity with the unique threat landscape of the healthcare industry, including ransomware and PHI-targeted attacks.
• Demonstrated experience integrating security in CI/CD pipelines in a SaaS environment.
• Understanding of secure coding practices for applications that process sensitive data.
• Industry certifications such as CISSP, SSCP or Healthcare-specific security certifications (e.g., HCISPP) are ideal.
• Prior experience securing cloud environments (Azure, AWS).
• Proven ability to conduct security assessments, vulnerability, management, and incident response.
• Strong understanding of OS platforms (Windows, Linux) and endpoint security.
• Deep understanding and experience in managing and securing cloud infrastructure and cloud-based applications.
• Expert in the latest security principles, techniques, and standards.
• Proficiency in various security systems: intrusion detection systems, anti-virus software, identity management systems, log management, content filtering, etc.

Benefits

• Competitive salary - $90,000-$130,000
• Employer sponsored health, dental, vision, life, and disability insurance
• Retirement plan with company contribution
• Annual company profit sharing
• Personal development/training budget
• Open, collaborative work environment
• Extensive 2-week onboarding plan
• Comprehensive mentorship program

#LI-Remote
#LI-PL1

TherapyNotes, LLC is an Equal Employment Opportunity Employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status. All candidates whom have been given a conditional offer of employment with TherapyNotes, LLC must also undergo a criminal background check.

10/28/24