Cybersecurity Engineer
DAS Health
Full-time
Remote
United States
Recognized as one of the fastest growing companies in Tampa Bay and on the Inc. 5000 list of top privately held companies in the country for 10 years, DAS Health is seeking an experienced, remote Cybersecurity Engineer to join the team!
The Cybersecurity Engineer (FLSA exempt role)Β is an experienced team member who plays a pivotal role in safeguarding client and organizational data, ensuring compliance with all necessary compliance regulations, including protecting patient healthcare information (PHI). The Cybersecurity Engineer will be responsible for designing, implementing, and managing advanced security measures tailored to the unique needs of a healthcare environment. This role requires a deep understanding of healthcare IT systems, electronic health records (EHRs), regulatory requirements such as HIPAA and HITECH, and experience with SOC (System and Organization Controls) audits.
Responsibilities:
Security Architecture and Implementation:
- Design, implement, and maintain security architectures specific to healthcare systems, including electronic health record (EHR) systems, medical devices, and healthcare information exchanges (HIE).
- Develop and enforce security standards and best practices to protect patient data and ensure the integrity of healthcare and other applications.
- Configure and manage security tools such as firewalls, intrusion detection/prevention systems (IDS/IPS), and encryption solutions with a focus on protecting sensitive health information (PHI).
Threat and Vulnerability Management:
- Conduct regular security assessments, vulnerability scans, and penetration tests on healthcare IT systems, identifying and mitigating risks to patient data and clinical systems.
- Implement and manage a vulnerability management program, including patch management and system hardening, with a focus on healthcare-specific threats.Β
- Monitor and respond to security incidents involving healthcare systems, performing root cause analysis, and implementing corrective actions to prevent future breaches.
Incident Response:
- Develop, implement, and maintain incident response plans tailored to healthcare environments, ensuring rapid response to breaches involving PHI or other proprietary information.
- Help coordinate and support incident response efforts, including detection, containment, eradication, and recovery, with a focus on minimizing the impact on patient care.
- Perform forensic analysis to investigate breaches, ensuring compliance with healthcare regulations and reporting requirements (e.g., HIPAA breach notification).
Security Monitoring and Reporting:
- Monitor security systems, networks, and logs for unusual activity, focusing on protecting EHRs, medical devices, and other healthcare-specific systems.
- Develop and maintain security dashboards and reports for healthcare executives and compliance officers, ensuring transparency and accountability in security practices.
- Stay updated with the latest security trends, threats, and technology solutions relevant to the healthcare industry.
Compliance and Governance:
- Ensure compliance with healthcare-specific cybersecurity frameworks, regulations, and standards, including HIPAA, HITECH, HITRUST, and SOC 2 Type II requirements.
- Assist in developing and maintaining security policies, procedures, and guidelines that align with healthcare industry standards and SOC audit requirements.
- Participate in internal and external audits, including SOC 2 Type II audits, ensuring that all security measures are documented and compliant with healthcare regulations and audit standards.
Collaboration and Training:
- Work closely with organizational and client teams to integrate security into healthcare workflows and daily operations.
- Support cybersecurity training and awareness programs for staff, ensuring compliance with HIPAA and other regulations.
- Collaborate with third-party vendors and partners to ensure their security practices align with the organization's healthcare and SOC audit requirements.
Requirements:
DAS Health is a leading provider of Health IT and management solutions and a trusted consultant to many physician groups, hospitals and healthcare systems across North America. For the last two decades, DAS Health has been bridging the gap between regulatory compliance, business goals and personal service, empowering our clients to deliver more patient-centric care, protect their earnings and increase profitability.
- Bachelor's degree in Computer Science, Information Security, or a related field. A Master's degree or specialized certifications (e.g. CISSP, HCISPP, CEH) is preferred.
- 3-5 years of experience in cybersecurity engineering, preferably within a healthcare environment.
- Proven experience with the deployment and management of security technologies such as firewalls, IDS/IPS, SIEM, DLP, MFA, EDR, Email Security, and encryption, specifically in protecting healthcare data.
- Experience with cloud security in healthcare environments, particularly in platforms like AWS, Azure, or Google Cloud with healthcare-specific controls.
- Experience participating in and preparing for SOC 2 Type II audits, including the implementation and maintenance of controls required by the audit.
- Strong knowledge of healthcare-specific network protocols, system architecture, and security architecture.
- Proficiency in scripting languages (e.g., Python, PowerShell) and security tools (e.g., Wireshark, Metasploit) with a focus on healthcare applications.
- Experience with healthcare cybersecurity frameworks and compliance standards (e.g., HIPAA, HITECH, HITRUST, SOC 2).
- Excellent problem-solving and analytical skills, with the ability to address complex security challenges in a healthcare setting.
- Strong communication skills, both written and verbal, with the ability to explain technical concepts to non-technical healthcare staff.
- Ability to work independently and as part of a multidisciplinary team in a fast-paced healthcare environment.
- High level of integrity, professionalism, and attention to detail, especially when handling sensitive patient data.
What We Offer:
For full-time opportunities, we offer:
- Work Remotely (unless otherwise specified) with Work from Home Allowance
- Competitive pay with discretionary bonus opportunities
- Flexible Time Off
- Continued Education Reimbursements
- Company Paid Health Benefits for employees and family
- 401k with Employer Match
- Mental Health Services
- Parental Leave
DAS Health is a leading provider of Health IT and management solutions and a trusted consultant to many physician groups, hospitals and healthcare systems across North America. For the last two decades, DAS Health has been bridging the gap between regulatory compliance, business goals and personal service, empowering our clients to deliver more patient-centric care, protect their earnings and increase profitability.
As part of our commitment to the privacy of our job applicants, please review theΒ DAS Health Privacy Notice (https://dashealth.com/Employment-Privacy-Notice/)Β and kindly acknowledge on your application that you have read and understand the policy.Β By doing so, you demonstrate your commitment to our values and your understanding of how we manage and protect your personal information.