Sr. Cybersecurity Engineer
US
Careers
Req #: 2428
Type: Regular Full-Time
|
|
|||||||||
|
||||||||||
Overview: At DrFirst, we play in the major leagues. Our 5-person security team covers what most organizations staff with ten or more - not by working longer, but by working smarter. We are looking for engineers committed to advancing our security program for the benefit of our team, our customers, and the patients we serve. We are looking for a different kind of security engineer - a true engineer, not an analyst. You learn continuously and deploy often. You implement as fast as you learn, outpace your peers, and use Claude the way a top-tier engineer builds software - to accelerate delivery by offloading the repetitive and mundane. You believe results speak louder than words, and you are confident enough to show incremental progress quickly and course correct rapidly. That momentum compels you to do more - and you believe, correctly, that delivering results earns respect and reward. If you have been looking for a team worthy of what you can do - keep reading. Responsibilities: This is a domain ownership role. You report directly to the VP Security and work alongside two Principal Security Engineers (PSE1: application security, DevSecOps, AWS network; PSE2: GCP network, unified logging, corporate services, customer-facing security, incident management, and audit delivery). You own your domains, contribute to shared goals, and operate as a peer. Domain Scope Cadence Corporate Security Operations Inbox, questionnaires, VRAs, KnowBe4 training and phishing campaigns, onboarding/offboarding compliance, remote worker compliance, endpoint and allowlist controls, policy maintenance, Okta and corporate tool implementation, website and public domain compliance monitoring, data governance implementation Steady state Production Alert Triage AWN, SentinelOne, Proofpoint, Splunk, AWS Security Hub, GCP Security Command Center, Tenable, Zscaler (ZIA/ZPA), endpoint software detection - triage, tuning, escalation to PSE1 (infrastructure) or PSE2 (customer incidents) Steady state Audit Evidence Collection SOC 2 / HITRUST evidence for all controls mapping to your owned domains. PSE2 project manages; you own your evidence slice independently - April through June and August through September Seasonal burst Strategic initiatives you step into from day one * Data governance - retention policy framework in progress; drive implementation by data stream and category, coordinate purge processes across email and corporate data stores * De-identification service - service is built; drive production data through it to reduce PII/PHI retention exposure across relevant systems * Corporate Claude environment - own the security architecture, guardrails, and governance for non-engineering staff using Claude for automation and data access via MCPs How We Work Our team's DNA is to use Claude to eliminate the manual, repetitive work that consumes capacity - so we can focus on what moves security forward. What that looks like in practice: a member of our security team automated vulnerability triage across 100 code repositories using Claude Code - a task that previously required manually reading through each finding to determine true vulnerability from false positive. The result was approximately 50% of their capacity freed to focus on critical work. On the compliance side, we overhauled our entire SOC control set - mapping to HITRUST i1, NIST 171, and HIPAA - and increased framework inheritance from 30% to 95%. What would have taken four weeks was completed in 72 hours. This is how we work. This is what we expect from you. You will be self-directed. With that autonomy comes the accountability to produce results early and often - closed items, not status updates. You set the goal, the strategy, and the plan, and you show momentum within days. You have a proven track record of getting other teams to prioritize your initiatives because your competency earns their respect. Security sets the strategy, Corporate Services implements, and you make that relationship work. Issues that could be closed within a few days do not get pushed two to three weeks out by default. Think You Can Do This? Here Is What Day 30 Looks Like. You are energized by opportunity and action. You hit the ground running. By the end of your first 30 days: ✓ Security inbox is owned and running clean - response times consistent, VRA backlog current, customer questionnaire library updated ✓ Alert triage cadence is established - first tuning improvements documented and implemented ✓ At least one Claude automation is live - not planned, not in progress - shipped, with measurable time savings ✓ At least one process improvement identified AND delivered - something nobody asked for ✓ Coming to scrums with closed items and next actions - not updates on what you are still figuring out ✓ Other teams already know your name because you reached out, made the case, and got something moving ✓ You have a clear point of view on at least one strategic initiative and have shared it with the VP Qualifications: Experience * Bachelor's Degree in Computer Science, Cybersecurity, Information Technology, or similar * 5+ years in cybersecurity engineering or a closely related role * Hands-on operational experience with SIEM platforms, endpoint security, and cloud security tooling * Demonstrated experience with AWS and GCP security monitoring - Security Hub, GCP Security Command Center, GuardDuty, or equivalent * Background in SOC 2, HITRUST, or NIST 800-53; HIPAA/PHI environment experience preferred * Experience completing customer security questionnaires and VRAs at a senior level * Scripting or automation experience - Python, PowerShell, or Bash - applied to real operational problems AI-Augmented Engineering - Non-Negotiable * Daily, practical use of Claude or an equivalent LLM - not experimental, not occasional * Specific examples of AI measurably accelerating your output - with before/after context you can speak to in detail * Ability to construct effective prompts, validate output critically, and catch errors - including knowing when Claude is wrong * At least one automation built with AI tooling that eliminated repeatable manual work Stack Experience - Preferred * AWN, SentinelOne, Proofpoint, KnowBe4, Jamf, KACE, Zscaler (ZIA/ZPA), Okta, Tenable, Splunk Core Attributes * Owns it: Takes the domain, assesses what needs to happen, and makes it happen - without waiting to be told * Thinks in days: Sets aggressive timelines, consults stakeholders before committing, and closes - does not default to pushing target dates out when a few focused sessions would get it done * Earns influence: Gets other teams to prioritize security work through competency and credibility, not escalation * Systems thinker: Automates before accepting manual as the default; scripting or programming background applied to security problems * Communicates through output: Shows up to scrums with closed items and next actions - credibility comes from work that speaks for itself
Share this job:
