Security Compliance Analyst
R&D – Engineering Security /
How you will help
As a part of our SecOps team, you will be at the front line of our security compliance, monitoring, risk assessment, escalation and remediation processes. This is a multi-grade position. Your assigned job title will be commensurate with your level of knowledge and experience. You will work directly with the Vice President to manage FedRAMP and other compliance activities. You will own identification and tracking for actions required to mitigate and/or remediate security risks to protect company assets.
What you will do
• Identify and track FedRAMP-required recurring activities to ensure timely completion within required timeframes
• Coordinate and collaborate with Engineering peers to plan, schedule and execute compliance required actions are completed on time
• Assist with identifying and implementing needed and recommended policy and procedure changes
• Lead preparation, planning and completion of third party assessment organization (3PAO) assessment activities
• Identify required security patches and updates based upon subscribed feeds and vulnerability scanning results
• Complete security questionnaires and respond to customer inquiries regarding the product and organizational security
• Complete third party risk assessments and identify risks that need to be managed to uphold our security posture and standards
• Maintain and/or create incident response, contingency planning and related documentation to support disaster recovery for security incident and event response
• Occasionally assist with managing and triaging operational security issues and events
• Occasionally assist with secure development, infrastructure and endpoint engineering activities as needed
• You make security a priority in everything you do
• You have a basic familiarity with HIPAA Security Rule requirements and the NIST 800-53 cyber security framework
• You have at least (1) or more years of prior experience supporting a FedRAMP security program
• You are familiar with scalable and/or cluster compute architectures and have a basic understanding of AWS secure architecture practices
• You have some prior experience with security anomaly detection, logging, monitoring and vulnerability management tools and how to use them to protect, detect, respond and recover from security incidents
• You keep up to date on data science tools and distributed computing methodologies
Desired Skills and Experience
• You have some prior Linux system administration experience performing patching, configuration management, and vulnerability remediation
• You have some experience with Shell scripting, Python, Ruby, or similar languages
• You’ve administered and are familiar with Nmap, Nessus, OpenVPN, tcpdump, OpenSSL and other related security tools
• You have a good understanding of data network configuration and infrastructure concepts, including TCP/IP, DNS, routers, internet/intranet/extranet, firewalls, web servers and security hierarchy including the application of encryption key infrastructures and authentication processes
• You have one or more security certifications demonstrating your knowledge and commitment to the security field
Base salary for the role is commensurate with experience and can range between $65,000 - 190,000 + annual bonus opportunity.
While HealthVerity does support remote work with quarterly travel to our Philadelphia headquarters, our strong preference is to hire team members in the areas below as well as approved states in the Eastern Time Zone. Expansion beyond these markets will occur only when necessary.
• Boston, Massachusetts
• New York City, New York
• Philadelphia, Pennsylvania
• Baltimore, Maryland
• Washington D.C
• Charlotte, North Carolina
• Raleigh-Durham, North Carolina
• Atlanta, Georgia
Approved States in the Eastern Time Zone include: CT, DE, FL, GA, IN, MA, MD, MI NC, NJ, NY, OH, PA, RI, TN, and VA.
HealthVerity synchronizes transformational technologies with the nation’s largest healthcare and consumer data ecosystem to power previously unattainable outcomes and fundamentally advance the science. We offer a comprehensive, yet flexible approach, based on the foundational elements of Identity, Privacy, Governance and Exchange (IPGE), that synchronizes unparalleled Identity management with built-in Privacy compliance and Governance, providing the ability to discover and Exchange a near limitless combination of data at a record pace. Together with our partners in life sciences, government and insurance, we are Synchronizing the Science. To learn more about HealthVerity, visit healthverity.com.
Why you'll love working here
We are making a difference – Our technology is at the forefront of some of the biggest healthcare challenges in the world.
We are one team – Our people define our culture and always will. We take time out to celebrate each other at the end of every week through company-wide shout outs, and acknowledge the value that each of us adds towards our greater mission. Come share all you have to offer.
We are learners – Every team member is continually learning, no matter if we've been in a role for one year or much longer. We are committed to learning and implementing what is best for our clients, partners, and each other.
Benefits & Perks
• Compensation: competitive base salary & annual bonus opportunity (for non-commissioned roles)
• Benefits: comprehensive benefits with coverage on Day 1, medical, dental, vision, 401k, stock options
• Flexible location: our HQ is in Philadelphia. We offer both hybrid roles and those with quarterly travel.
• Generous PTO: Take time off as needed, targeted at 4 weeks per year, including vacation, personal and sick time, plus paid maternity and paternity leave.
• Comprehensive and individualized onboarding: mentorship program, departmental talks, and a library of resources are available beginning day 1 for each new team member to minimize the stress of starting a new job
• Professional development: biweekly 1:1s, hands-on leadership that is goal-and growth-oriented for each team member, and an annual budget to support professional development pursuits
HealthVerity is an equal opportunity employer devoted to inclusion in the workplace. We believe incorporating different ideas, perspectives and backgrounds make us stronger and encourages an environment where ageism, racism, sexism, ableism, homophobia, transphobia or any other form of discrimination are not tolerated. All qualified job applicants will be given consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability. At HealthVerity, we’re working towards an innovative and connected future for healthcare data and believe the future is better together. We can only do that if everyone has a seat at the table. Read our Equity Inclusion and Diversity Statement.
If you require a reasonable accommodation in completing this application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please direct your inquiries to firstname.lastname@example.org
Remote opportunities are not available in all areas and require team members to work from a fixed location due to tax and labor law implications - specific questions about remote positions can be discussed during the interview process with your recruiter.