Information Security Engineer

 Cricket Health
 March 23, 2021
 Remote, USA
Cricket Health is looking to add an Information Security Engineer to our growing team to help protect our applications for improving the outcomes of patients with kidney disease. Your typical week would include deploying, managing, tuning and monitoring security tools, performing vulnerability assessments against the network and application architectures, working with various teams to remediate vulnerabilities, and communicating with all or most of the Cricket Health internal departments. We’re in this for the long-haul (it is healthcare, after all), so we also reflect back on how we can improve our processes and get better for the next time (and what we want to learn along the way).  Most importantly, you get to be part of building an information security program to protect our patients security and privacy, while helping them live their best lives.

Primary Responsibilities:

  • Email security (anti-phishing, anti-malware, DLP)
  • Data Loss Prevention (At rest, in transit and in use) 
  • Vulnerability scanning and automation (Network and Application Layer)
  • Web Application Firewall management and maintenance 
  • Intrusion Detection System management and maintenance 
  • File Integrity Monitoring and maintenance 
  • Configuration management/hardening
  • Security Incident and Event Management (SIEM)
  • Security Monitoring and Reporting 
  • HITRUST assessment support as needed 
  • Required Qualifications:

  • Knowledge of cybersecurity and information security controls, practices, procedures, and regulations
  • Knowledge of Incident response program practices and procedures
  • Working knowledge of  OWASP Top Ten
  • Working knowledge of CWE/SANS Top 25 Most Dangerous Software Errors
  • Experience with static code analysis and remediation 
  • Experience with code repositories 
  • Experience with dynamic web application vulnerability scanning
  • Experience with at least one scripting language (Python, JavaScript, Bash/Shell, ruby, perl)
  • Experience with APIs 
  • Knowledge of network operational support 
  • Experience with operating systems, internet technologies, databases and security infrastructure 
  • Ideal Qualifications:

  • Familiarity with the healthcare system and how health systems operate, especially in a value-based setting
  • Experience with the HITRUST Common Security Framework certification 
  • Familiarity working with PHI in a HITRUST and HIPAA environment
  • Familiarity with DevOps concepts and interest in infrastructure-as-code 
  • Experience identifying and validating vulnerabilities (network layer and application layer) and working with development and IT teams on remediation tasks  
  • Identifying, defining and solving problems.
  • Ability to resolve security issues in diverse and decentralized environment; to plan, develop, monitor, and maintain cybersecurity and information technology security processes and controls
  • Identify and resolve problems to maintain confidentiality and protect privacy
  • Learn new concepts and technical content and apply appropriately to work assignments
  • Work with others to achieve a common goal 
  • Adjust to changing workplace demands
  • Meet the needs and expectations of internal and external customers
  • Effectively demonstrate skill and ability to perform the specific job duties and tasks as defined by a job description 
  • Be dependable, meet deadlines and produce high-quality work
  • Benefits:

  • Competitive salary and vacation
  • Stock options + extended option exercise window
  • Generous health, dental, vision and parental leave policies
  • Contributions for 401k retirement savings plans
  • Commitment to building and maintaining an inclusive team
  • Cricket Health is a comprehensive kidney care provider with a personalized, evidence-based approach to managing chronic kidney disease (CKD) and end-stage kidney disease (ESKD). Cricket Health delivers world-class, technology-enabled multidisciplinary care both in-person and virtually to achieve the best outcomes possible for patients and the best value for partners, keeping patients healthy and out of the hospital, accelerating access to transplant, and increasing home dialysis adoption.  We are committed to aligning the success of our company with those of our partners and the patients whom we serve.  Learn more at www.crickethealth.com and follow us @crickethealth.