Sr Information Security Engineer

Job Title: Sr. Information Security Engineer

Location: Remote
Department: Information Technology and Product Development
Reports To: Sr. Director of Engineering

Job Summary:

The Senior Information Security Engineer is responsible for safeguarding SmartLight Analytics' data infrastructure, with a particular focus on protecting sensitive healthcare information. This role will lead security efforts across both our on-premises and Azure cloud environments, implementing comprehensive security controls to prevent data breaches and ransomware attacks. The ideal candidate brings extensive experience in cybersecurity with specific expertise in securing Microsoft infrastructure, healthcare data protection, and endpoint security. You will ensure compliance with HIPAA requirements while establishing robust security protocols that allow the organization to operate with confidence.

We are seeking a highly skilled security professional who can serve as our primary security expert, capable of identifying vulnerabilities, implementing appropriate controls, and responding to potential security incidents. In this role, you will work across teams to foster a security-conscious culture and ensure our infrastructure remains protected against evolving threats.

Applicants for employment in the US must have work authorization that does not now or in the future require sponsorship of a visa for employment authorization in the United States.

Key Responsibilities:

1. Design and implement security measures to protect systems, networks, and data across both on-premises and Azure cloud environments
2. Lead security assessments, penetration testing, and vulnerability management initiatives
3. Configure and maintain firewalls, routers, and other network security components
4. Develop and enforce endpoint security controls for Windows workstations to prevent ransomware and other threats
5. Establish security monitoring and incident response protocols
6. Ensure compliance with HIPAA security requirements for PHI protection
7. Create and maintain security documentation, policies, and procedures
8. Conduct security awareness training for staff
9. Monitor security systems for potential breaches and lead incident response when needed
10. Perform regular security audits and risk assessments
11. Maintain knowledge of emerging security threats and mitigation strategies
12. Collaborate with IT and development teams to integrate security best practices
13. Advise management on security enhancements and risk mitigation strategies

Qualifications:

1. Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or related field
2. 5+ years of experience in information security with focus on infrastructure protection
3. Strong knowledge of Microsoft infrastructure security (Active Directory, Windows Server, etc.)
4. Demonstrated experience securing Azure cloud environments
5. Expertise in endpoint security solutions and ransomware prevention
6. Experience with network security, firewalls, and penetration testing
7. Understanding of security frameworks and compliance requirements (NIST, ISO 27001)
8. Ability to develop and implement security policies and procedures
9. Strong incident response and problem-solving capabilities
10. Excellent communication skills to explain security concepts to non-technical stakeholders

Preferred Qualifications:

1. Relevant security certifications (CISSP, CISM, Azure Security Engineer, etc.)
2. Experience with healthcare data security and HIPAA compliance requirements
3. Knowledge of security information and event management (SIEM) systems
4. Experience implementing zero-trust security architectures
5. Background in security for healthcare or financial services industries
6. Experience with security automation and scripting
7. Knowledge of data loss prevention (DLP) solutions
8. Experience conducting security awareness training

Who is SmartLight Analytics

SmartLight Analytics was formed by a group of industry insiders who wanted to make a meaningful impact on the rising cost of healthcare. With this end in mind, SmartLight works for self-funded employers to reduce the wasteful spend in their healthcare plan through our proprietary data analysis. Our process works behind the scenes to save money without interrupting employee benefits or requiring employee behavior changes.