Senior Information Security Engineer

As the Security Program Development & Implementation specialist at Phox Health, your primary responsibility will be to plan, develop, and implement our security program in alignment with industry best practices and compliance requirements. You will be entrusted with managing and maintaining the Security Information and Event Management (SIEM) infrastructure to monitor and analyze security events effectively. Additionally, overseeing the implementation of Endpoint Detection and Response (EDR) solutions to detect, investigate, and respond to potential security threats will be a crucial part of your role. Your expertise will be vital in managing Virtual Private Network (VPN) solutions and designing Zero Trust Network (ZTN) architecture to ensure secure access to Phox Health's resources. Continuously monitoring and assessing the security posture of our cloud environments, particularly GCP and AWS, will also fall under your purview. Collaborating closely with application teams to conduct architecture reviews and integrating security best practices into the development lifecycle will be essential tasks. Ensuring all security measures comply with relevant laws, regulations, and standards will be a key responsibility. Conducting regular audits and assessments to maintain compliance, leading the incident response process, including detection, analysis, containment, eradication, and recovery from security incidents, and developing and delivering security training and awareness programs to educate employees on security best practices will also be part of your duties. To be successful in this role, you should hold a Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field, along with a minimum of 6 years of experience in information security engineering or a related role. Proven experience in managing security for cloud environments (GCP, AWS) and relevant certifications such as CISSP, CISM, CEH, AWS Certified Security Specialty, or GCP Professional Cloud Security will be advantageous. Your proficiency in SIEM and EDR tools, strong understanding of VPN and Zero Trust Network principles, expertise in cloud security (especially in GCP and AWS environments), and experience with security compliance frameworks (e.g., ISO 27001, NIST, GDPR, HIPAA) will be essential. Familiarity with scripting and automation, excellent analytical and problem-solving skills, strong communication and interpersonal abilities, collaborative teamwork, leadership in security initiatives, attention to detail, and a proactive approach to security management are qualities that will contribute to your success in this role.,